Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the netlink socket and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules, and traffic control.
a7e7fd8b2dd7c66bebbff4b4bb9e9cd8f933e13316b497937005cdee766059f6
Red Hat Security Advisory 2015-0891-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. This issue was found by Paolo Bonzini of Red Hat.
276a854e02c6ec07038497b82f9bb9506cbbaac13a26ae82ea6343e4bcfca098
Wing FTP Server Admin version 4.4.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
baa33a8db697aa73d142896a3bba1e7eae95cd119c23f80057b7d2cef956a942
Red Hat Security Advisory 2015-0888-01 - Red Hat Enterprise Virtualization Manager 3.5.1 is now available. It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service. It was discovered that a directory shared between the ovirt-engine-dwhd service and a plug-in used during the service's startup had incorrect permissions. A local user could use this flaw to access files in this directory, which could potentially contain sensitive information.
ca7ceffd1d748a83925a9856f16bb79722cb033187b6a3fc14ffbd62fba7ea48
Ubuntu Security Notice 2581-1 - Tavis Ormandy discovered that NetworkManager incorrectly filtered paths when requested to read modem device contexts. A local attacker could possibly use this issue to bypass privileges and manipulate modem device configuration or read arbitrary files.
c5f32b53adf6c35ee6bc7624cce314688e2fd1a323fb96fceb4332b763658430
Using a crafted tar file bsdtar can perform an out-of-bounds memory read which will lead to a SEGFAULT. The issue exists when the executable skips data in the archive. The amount of data to skip is defined in byte offset [16-19]. If ASLR is disabled, the issue can lead to high CPU load, and potential CPU exhaustion in single-core hosts.
fd0fb753afd7d4f8141a07df1844dc319539bc557bf657925079de4444885e9a
Untangle NGFW versions 9 through 11 suffer from a cross site scripting vulnerability that can allow for remote code execution as root. They also suffer from an information disclosure vulnerability. This is a follow up discussing additional attack vectors not previously disclosed in the prior advisory.
e86c9969d013c35f87d327a8f236b5f675e69ae24e898f23a4e957c0d77bf3ad
PayPal's Marketing web service suffered from a remote code execution vulnerability due to running a JDWP server.
9853c32d02d8c001fa92b9d3e97eabbcee48dfa8b41649e9b38b8311a72758ca
SonicWall SonicOS versions 7.5.0.12 and 6.x suffer from a client-side cross site scripting vulnerability.
677993c8c06c4decc97efbcbd2bfa770f60f4cac9d6303c6d4ea13229d44530c
0d1n is a web security tool for fuzzing various HTTP payloads. It's written in C and uses libcurl.
49e38de1db9e9f03ddeec16c1bc11195386ae16797980880868f9d8880ab2dec
Core Security Technologies Advisory - The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable.
43fb2590b9fc435e2c9ebe21968f5729e87d0846d203db8e44a8e274d09e864c
Mandriva Linux Security Advisory 2015-212 - An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures.
5d632c802729d6afa088371dd777ff906d4a5f0bfbcccd4d11559d46754410c2
DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.
eec29a64f031854e639f5edda7e65d034b41f755867195fb575def106ccf5112
ProjectSend version r561 suffers from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities.
29d896ac590fb902688a8def54fd8f901bc1d97ee250f682f184d6620674de0e
WordPress Exquisite Ultimate Newspaper theme version 1.3.3 suffers from a cross site scripting vulnerability.
5638e9618253bdbda4e9cb5c3397585b53f03bbb25f90ea69aec66e823644843