rsyslog ElasticSearch plugin suffers from a double free memory corruption. rsyslog versions 7.4.0 stable through 7.4.1 stable and 7.3.2 devel through 7.5.1 devel are affected.
c9b79425a99d604dd1c1d69b803474783b1a91144c92fa3d3e6e0ef941f7e904Mobile Atlas Creator version 1.9.12 suffers from a persistent command injection vulnerability.
f782e5902de4275bb7b5adaa183c0d4c747bce44cd3bab55fceeb1a40385b58aAVAST Antivirus version 8.0.1489 suffers from persistent code execution and local command path injection vulnerabilities.
8ecf8181f21169c642a4a0a31e6d0947fcf73c786bf9c817cc6ab29eb8b0971fPayPal QR Labs service web application suffers from an authentication bypass vulnerability.
6a9fdca282918dda1d753416f04613cacaac1cfaeb31ea7a0d4f63894717b193OpenVZ kernel version 2.6.32 suffers from multiple memory leaks.
8564ad61e7645a172b677d9f8cf2e6d215eaeb5a393a80fab15d31814d976364AVAST Universal Core Installer suffers from multiple local code injection vulnerabilities.
d157be7350a06d72912af114c10abafc2eabcb2a8255d4bc08053f47fe292f02AVAST Internet Security Suite version 8.0.1489 suffers from multiple persistent local code injection vulnerabilities.
587328ff9a6e43db57b3ccf6c05768dcd53ca7791ad5264bd6d8bcfe835aaaa9This bulletin summary lists 7 released Microsoft security bulletins for July, 2013.
e4506b01766750d19320b2a2a3b3d209ada180bb1c37f4e96961f17b01f7b0d6Ubuntu Security Notice 1900-1 - Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. An information leak was discovered in the Linux kernel's tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. A format string vulnerability was discovered in Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. Various other issues were also addressed.
b1bcfb63b4c3b8dd01cdcabf8077b93364a3e94d0951fb54fadb9f35a122db85Ubuntu Security Notice 1899-1 - Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. An information leak was discovered in the Linux kernel's tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. A format string vulnerability was discovered in Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. Various other issues were also addressed.
593e00f04b6483ec844d0d0014bec0a0aa260fbb699fc4a75dbcdbfcd38c245dUbuntu Security Notice 1898-1 - The TLS protocol 1.2 and earlier can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext content by observing length differences during a series of guesses in which a provided string potentially matches an unknown string in encrypted and compressed traffic. This is known as a CRIME attack in HTTP. Other protocols layered on top of TLS may also make these attacks practical. This update disables compression for all programs using SSL and TLS provided by the OpenSSL library. To re-enable compression for programs that need compression to communicate with legacy services, define the variable OPENSSL_DEFAULT_ZLIB in the program's environment. Various other issues were also addressed.
8f41933da3ccfc96d26d440c47a8d58948a5fb5d36e17ad70d3cf7dc3959fdbeMultiple Microsoft Windows 98/ME/2000/XP/2003 HTML Help file loading hijack vulnerabilities exist. Proof of concept included.
84465488b511cd9a9bc47e5238c9e17dffafd6132f7761481d27a835c68d1123Mobile Application Hacking Diary whitepaper part one.
e4c6024f8478fdc045b8579a4c2724e32ec5a10026f2eff6c54bd0d3f6b96044
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed