Debian Linux Security Advisory 3431-1 - Pierre Kim discovered two vulnerabilities in the restful API of Ganeti, a virtual server cluster management tool. SSL parameter negotiation could result in denial of service and the DRBD secret could leak.
a01b455cafe98df2e893e64cd046ef310b011a73d6fce093f20678aa83e07f64Debian Linux Security Advisory 3432-1 - Multiple security issues have been found in Icedove, Debian's version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.
dda49b3c487c46b711e82f6ab1d92470cbd2f8e8b66e8ed535daa65cfc26cf63Complete comprehensive archive of all 2,311 exploits added to Packet Storm in 2015.
fc8074951b1bd82e3b4f5abc4576d42f54bbd7ab04172e004d1f267cc75e36a4This archive contains 283 exploits that were added to Packet Storm in December, 2015.
4022bfde30f47a194103882680d0d06509b5da5b3c569ae7f6eacc159f148245Chamilo LCMS Connect version 4.1 suffers from a persistent cross site scripting vulnerability. Originally added in March of 2015 but has since been updated with new information.
b5e01df77db1dc82d6cd9768886ae5f007c2a46c66507269d6cdc9902e711752Depending on the ISerializer set in the Wicket application, it's possible that a Wicket's object deserialized from an untrusted source and utilized by the application to causes the code to enter in an infinite loop. Specifically, Wicket's DiskFileItem class, serialized by Kryo, allows an attacker to hack its serialized form to put a client on an infinite loop if the client attempts to write on the DeferredFileOutputStream attribute. Versions 6.x prior to 6.25.0 and 1.5.x prior to 1.5.17 are affected.
eaa2e71f2907fbd43ee0128d07f137d756dd3e8c6e960de22f4853b9d6e6ff89
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed