Feed aggregator

Bugtraq: Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 7:15am
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability
Categories:

Bugtraq: E-Journal CMS (ID) - Multiple Web Vulnerabilities

Security Focus Latest Security Advisories - December 19, 2014 - 7:15am
E-Journal CMS (ID) - Multiple Web Vulnerabilities
Categories:

[oCERT-2014-012] JasPer input sanitization errors

BugTraq Latest Security Advisories - December 19, 2014 - 7:10am

Posted by Andrea Barisani on Dec 19

#2014-012 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by a double-free vulnerability in function
jas_iccattrval_destroy() as well as a heap-based buffer overflow in function
jp2_decode().

A specially crafted jp2 file, can be used to trigger the vulnerabilities.

Affected version:

JasPer <= 1.900.1

Fixed version:

JasPer, N/A

Credit:...
Categories:

SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted

BugTraq Latest Security Advisories - December 19, 2014 - 7:00am

Posted by SEC Consult Vulnerability Lab on Dec 19

SEC Consult Vulnerability Lab Security Advisory < 20141218-1 >
=======================================================================
title: OS Command Execution
product: GParted - Gnome Partition Editor
vulnerable version: <=0.14.1
fixed version: >=0.15.0,
<=0.14.1 with fix for CVE-2014-7208 applied
CVE number: CVE-2014-7208
impact: medium...
Categories:

SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager

BugTraq Latest Security Advisories - December 19, 2014 - 6:51am

Posted by SEC Consult Vulnerability Lab on Dec 19

SEC Consult Vulnerability Lab Security Advisory < 20141218-2 >
=======================================================================
title: Multiple high risk vulnerabilities
product: NetIQ Access Manager
vulnerable version: 4.0 SP1
fixed version: 4.0 SP1 Hot Fix 3
CVE number: CVE-2014-5214, CVE-2014-5215, CVE-2014-5216,
CVE-2014-5217
impact: High...
Categories:

next-20141219: linux-next

Linux Kernel Updates - December 19, 2014 - 3:43am
Version:next-20141219 (linux-next) Released:2014-12-19

Vuln: Linux Kernel 'trace_syscalls.c' Multiple Local Denial of Service Vulnerabilities

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
Linux Kernel 'trace_syscalls.c' Multiple Local Denial of Service Vulnerabilities
Categories:

Vuln: GNU Automake Insecure Directory Permissions Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
GNU Automake Insecure Directory Permissions Vulnerability
Categories:

Vuln: Libpng Library Unknown Chunk Handler Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
Libpng Library Unknown Chunk Handler Vulnerability
Categories:

Vuln: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
Categories:

Vuln: OProfile Multiple Security Vulnerabilities

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
OProfile Multiple Security Vulnerabilities
Categories:

Vuln: JasPer 'jpc_dec.c' Multiple Remote Heap Buffer Overflow Vulnerabilities

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
JasPer 'jpc_dec.c' Multiple Remote Heap Buffer Overflow Vulnerabilities
Categories:

Vuln: GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability
Categories:

Vuln: GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability
Categories:

Vuln: IBM WebSphere Application Server CVE-2014-3021 Unspecified Information Disclosure Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
IBM WebSphere Application Server CVE-2014-3021 Unspecified Information Disclosure Vulnerability
Categories:

Vuln: QEMU Image Size Validation Integer Overflow Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
QEMU Image Size Validation Integer Overflow Vulnerability
Categories:

Vuln: QEMU L2 Table Size Validation Integer Overflow Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
QEMU L2 Table Size Validation Integer Overflow Vulnerability
Categories:

Vuln: Linux Kernel CVE-2014-9322 Local Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
Linux Kernel CVE-2014-9322 Local Privilege Escalation Vulnerability
Categories:

Vuln: Linux Kernel 'espfix64' Local Denial of Service Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
Linux Kernel 'espfix64' Local Denial of Service Vulnerability
Categories:

Vuln: Linux Kernel CVE-2014-3687 Denial of Service Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
Linux Kernel CVE-2014-3687 Denial of Service Vulnerability
Categories: