flash-plugin: multiple code execution issues fixed in APSB15-16

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute...

[SECURITY] Fedora 21 Update: php-ZendFramework2-2.3.8-1.fc21

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

flash-plugin: multiple code execution issues fixed in APSB15-09

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute...

Webform Matrix Component - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-107

The Webform Matrix Component module is an extension of the Webform module that adds Matrix and Table components. The module doesn't sufficiently sanitize user supplied text, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must ha...

Siemens Patches Ghost Flaw Simatic Product

Siemens has released an update for some of its ICS products that are affected but the glibc Ghost vulnerability that was disclosed in January. The vulnerability affected both the Siemens Sinumerik and Simatic HMI Basic applications, which are used in a variety of industrial situations. “The...

[SECURITY] Fedora 21 Update: qt5-qtwebkit-5.4.1-4.fc21

Qt5 - QtWebKit components...

VMware Horizon View Multiple Vulnerabilities (VMSA-2015-0003) (VMSA-2015-0008) (POODLE)

The VMware Horizon View installed on the remote Windows host is version 5.x prior to 5.3.4 or version 6.x prior to 6.1. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0...

CVE-2015-0295

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service divide-by-zero and crash via a crafted BMP file...

[Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security AdvisoryONAPSIS-2015-001: Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attack...

DSA-3187-1 icu - security update

Bulletin has no description...

Seagate Confirms NAS Zero Day, Won't Patch Until May

Seagate, over the weekend, confirmed the zero-day vulnerability in its Seagate Business Storage 2-Bay NAS boxes disclosed March 1. But in the same breath, told customers exposed to the vulnerability that a patch is still two months away. “For those customers who choose to keep their networks open...

[USN-2522-1] ICU vulnerabilities

========================================================================== Ubuntu Security Notice USN-2522-1 March 05, 2015 icu vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

Seagate Business NAS Firmware Vulnerabilities Disclosed

Firmware running on certain Seagate network-attached storage devices that are popular with small businesses and home offices, are vulnerable to remote attacks. Researchers at Beyond Binary, a security consulting firm in Australia, on Sunday went public with their disclosure after a nearly...

Lynis 2.0.0 - Security Auditing Tool for Unix/Linux Systems

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system including Mac. Even the installation of the software itself is optional! How it works...

CVE-2014-6195

The 1 Java GUI and 2 Web GUI components in the IBM Tivoli Storage Manager TSM Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, a...

MGASA-2015-0048 Updated bugzilla packages fix CVE-2014-8630

Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes CVE-2014-8630...

ICU: regexp engine incorrect handling of a zero length quantifier

The Regular Expressions package in International Components for Unicode ICU 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via vectors related to a...

USN-2476-1 oxide-qt vulnerabilities

Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process...

chromium: multiple issues

CVE-2014-7923 memory corruption The Regular Expressions package in International Components for Unicode ICU 52, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via vectors related to a 1 zero-length quantifier or 2 look-behind...

CVE-2014-7940

The collator implementation in i18n/ucol.cpp in International Components for Unicode ICU 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have...