Red Hat Security Advisory 2015-1513-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.
9696ddffb016995e664c0f085c91763803a03b91c9ed81fad41daf42f574fd3d
phpFileManager version 0.9.8 suffers from a cross site request forgery vulnerability that can result in a backdoor shell being uploaded.
eeaeb00276d182701e2a427994ceb254b863ad5e1c36145e4eb639af0c35775b
WordPress Chief Editor plugin version 3.6.1 suffers from a cross site scripting vulnerability.
fd5b4dfc2dd7bb42dd52dfd0db0015a9c3cc67dd2c3fdaf9d1aebb9971d6c0b4
WordPress 1-click Retweet / Share / Like plugin version 5.2 suffers from a cross site scripting vulnerability.
a722aab7d8e28d0e16358c73cc40efb34950834bb4fe10ea6ce148308f110263
WordPress Author Manager plugin version 1.0 suffers from a cross site scripting vulnerability.
4cf946de5482742a2db7f891a6a526d95005c2d48ab8c78510fb9319c737b631
WordPress Ads In Bottom Right plugin version 1.0 suffers from a cross site scripting vulnerability.
b09691c8087bfb29e90c996d241158fc983e4dcb030127d0ce63c6d13745a41f
WordPress Google Plus one Button by KMS plugin version 1.5.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
b22ca365d1e13f6763b293aa9355c3e79409d0f129033e0a6ae55c3a7767abd3
Ubuntu Security Notice 2691-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
233afb4582ee78a50a8facdf30a35b42c990f6ff998cb27bce0cb8f4bf394da2
Ubuntu Security Notice 2688-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
ce58db6ac1ce225659c4f2333916e039746c0fa760849b8e9016fdecb8a8fd66
Ubuntu Security Notice 2687-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
49ab85c196aa855b9ebaf838b0b9f7a16754a5118979c620b131d4167753d1d1
Ubuntu Security Notice 2689-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
8bc536d144528d06e731bc5365cad7af2d099cf3c5d399449213870149ab6b19
Red Hat Security Advisory 2015-1512-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
530e72ca2188050dcc033500673eaf1070ae047e520dfe654e66a7a68f67e08a
Ubuntu Security Notice 2690-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
aa51a0821d1a02548dc2de024d18926f5f95a5bc133a2d69ec6f69a16f43f629
Ubuntu Security Notice 2693-1 - Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. Pories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. A remote attacker could use this issue with a specially crafted query to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
411a9a7a936c5f60b5b0c9ee6179ab5f35060ebe8eb34ca0a134a30178867dec
Debian Linux Security Advisory 3319-1 - Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit.
124c5fcbeb1e34ffacc02e1644ac9241c1c0c30394399fdfcaee30e61f38d695
Ubuntu Security Notice 2692-1 - Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Kevin Wolf discovered that QEMU incorrectly handled processing ATAPI commands. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
3ce14f5f91a3957a62189bc98416489ca3815723c67a8c178b27bc6f07b581b9