Red Hat Security Advisory 2015-1020-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
b7d2def09d6a78b4b5773552927e06c22239193f9ed1990fc14f946a4e0ffbeb
Red Hat Security Advisory 2015-1021-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
10ca220cdd88181ecb769acfd07f597ebc5e8fec1ad61aa1d821d8957b3807aa
HP Security Bulletin HPSBUX03333 SSRT102029 1 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.
d5271c40b418bea801c994c27d89bc2fae9ac0aa743450c1e0ec36ed88a20b50
HP Security Bulletin HPSBUX03334 SSRT102000 1 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
eb46fc96819b54c25b2a92e13c8d15dbf525d9e7dd4c0a8ec10967d4cdf2a74a
Debian Linux Security Advisory 3265-1 - Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie.
cbf8949170958062f759dd3c0cd87f491f53a82a613a92ce18da29ba930ac6fe
Debian Linux Security Advisory 3263-1 - Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code.
ac6dcf2b8a50d76523a286978d647d532f4c498be4105ebfdf07388d03782759
Debian Linux Security Advisory 3264-1 - Multiple security issues have been found in Icedove, Debian's version of buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service.
1a6f9841957ac17613535fd8516b7c9643eed0d4da7d865d3eadb70a9e675a3d
HP Security Bulletin HPSBGN03286 1 - A potential security vulnerability has been identified with HP LoadRunner. The vulnerability could be exploited remotely to allow a buffer overflow. Revision 1 of this advisory.
77e1f0017599d488ff29131b60913d103e2951095b7a7763d0e85a09c3bd04a5
HiDisk version 2.4 suffers from cross site scripting vulnerabilities.
64d72136f12d344f723dc4b373e08c6d1dbf2f416063afa99305e3907efcb50b
Apple Security Advisory 2015-05-19-1 - Watch OS 1.0.1 is now available and addresses certificate issues, arbitrary code execution, XML external entity, and various other vulnerabilities.
f17aeaf116598c6c534faf7325f8d39d4a47f7b764dc38ac0fa599637f23b263
26 bytes small Linux/x86 execve "/bin/sh" shellcode.
55b3e8c490b7e00c5773c1954fca27eecc61f1db2813dc8878005631e4a57d53
Comodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall, and Comodo Internet Security, runs a passwordless, background VNC server and listens for incoming connections. This can allow for at least local privilege escalation on several platforms. It also may be remotely exploitable via CSRF-like attacks utilizing a modified web-based VNC client (eg. a Java VNC client).
9f9180461e9cd73423e245a053523757ad172b33d270f5c669f95253b81dd237
ZOC SSH Client version 7.03.0 suffers from a buffer overflow vulnerability.
e42dd15e4a510917e7e3c36fb2b609903cd637f9a9ab4132272feb7ccf07962a
Ubuntu Security Notice 2616-1 - Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. Various other issues were also addressed.
6d5e854fce22dc7828dfb7fdb530544b850ada7e6eb90e28677f9de08e01f7b9
Ubuntu Security Notice 2611-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system).
b4c3e998a7d49a92e110bfc778dcffdf6db3890e165a13a0f8516fe439bbd4d6
Ubuntu Security Notice 2612-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Various other issues were also addressed.
34f987f7f6f67822ddd0219c9c83f04635ee710cc9f38ec4ba1174eb68d51de2
Ubuntu Security Notice 2615-1 - Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. Various other issues were also addressed.
25638b80ace2c9f2bdf94815e626ecd8374cf275dfb2ac0988ee18aff2f04ed3
Ubuntu Security Notice 2613-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). Various other issues were also addressed.
b64bb60c18c519b0ed27d58ee2e71d6a5fbd6269a6aab22e4be17fc12e4cf9e1
Ubuntu Security Notice 2614-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). Various other issues were also addressed.
e0987162501d8a55fc1a3e8a6bf474732d7e1427471124e0dc77fe43dbc3b88a
Simple Invoice version 2011.1 suffers from a cross site request forgery vulnerability.
7f7ed221cb72a656ccbb183689f5445ad84650f1578c24e9e6ad537e5385d8c1
Eisbar SCADA suffers from a malicious script insertion vulnerability.
3f1cea9f753def53e8d70f200ac4d5ac34877802ee86b77b0d601b26e3a86fb9
Simple Invoice version 2011 suffers from a persistent cross site scripting vulnerability.
b7e6887a45c5931cb176e53c1412937e536b0e740967f6ff17918aae0d32a09a
DirectAdmin version 1.48 suffers from a cross site request forgery vulnerability.
a1a2a03a5ad46ca01cce7a7e5028a747d883d3be9fb3ab98b9963f200b51925a