[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 3014 Download | Alert*

Guillem Jover discovered that the changelog retrieval functionality in apt-get used temporary files in an insecure way, allowing a local user to cause arbitrary files to be overwritten. This vulnerability is neutralized by the fs.protected_symlinks setting in the Linux kernel, which is enabled by default in Debian 7 Wheezy and up.

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware: * Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code. * A NULL pointer dereference in SLIRP may result in denial of service * An information leak was discovered in the VGA emulation

Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, the bypass of the same-origin policy or a loss of privacy. This update updates Iceweasel to the ESR31 series of Firefox. The new re ...

Multiple security issues have been found in binutils, a toolbox for binary file manipulation. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, path traversal attack or denial of service.

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.41

Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.

Tuomas Räsänen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service. Tuomas Räsänen also discovered that the modern-style negotiation was carried out in the main server process before forking the actual cl ...

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your installation. This is the corrected version of the patch that needed to be reverted in DSA 3328-2. C ...

Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials. It"s possible to recognize such attacks by looking at the server logs. Th ...

Multiple vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution. Upstream support for the 4.1 release series has ended and since no information is available which would allow backports of isolated security fixes, security support for virtualbox in wheezy/oldstable needed to be ended as well. If you use virtualbox with externally procured VMs we advise you to update to ...

Pages:      Start    274    275    276    277    278    279    280    281    282    283    284    285    286    287    ..   301

© 2013 SecPod Technologies