Updated groovy package fixes security vulnerability

When an application has Groovy on the classpath and that it uses standard Java serialization mechanim to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications whic...

Adobe Flash Player SWF File Handling Local Information Disclosure Vulnerability

Adobe Flash Player is a cross-platform, browser-based multimedia player product from the American company Adobe. Adobe Flash Player suffers from an information disclosure vulnerability in the handling of swf files, which can be exploited by remote attackers to construct malicious content and tric...

Vulnerabilities of the Gentoo Linux operating system, which allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the bash package up to version 4.2p37 of the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

PT-2014-6445 · Qemu +3 · Qemu +3

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: The issue is related to an off-by-one error in the pci read function within the ACPI PCI hotplug interface. This error can be triggered by a crafted PCI device, leading to memory corruption. A...

ansible -- code execution from compromised remote host data or untrusted local data

Ansible, Inc. reports: Arbitrary execution from data from compromised remote hosts or untrusted local data - resolved in Ansible 1.6.7...

CentOS Update for seamonkey CESA-2009:1096 centos3 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

firefox, xulrunner security update

CentOS Errata and Security Advisory CESA-2009:1095 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open sour...

mozilla -- code execution via Quicktime media-link files

The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browse...

Code execution via QuickTime Media-link files — Mozilla

On his blog Petko D. Petkov reported that QuickTime Media-Link files contain a qtnext attribute that could be used on Windows systems to launch the default browser with arbitrary command-line options. When the default browser is Firefox 2.0.0.6 or earlier use of the -chrome option allowed a remot...

Sun JMX RMI-IIOP本地非授权访问漏洞

Java Dynamic Management Kit （Java DMK）提供一组Java 类和工具，便于根据Java管理扩展（JMX）规范和SNMP标准开发安全的监控和管理解决方案。 如果拥有对某些本地数据访问权限的远程用户连接到了本地用户所创建的JMX RMI-IIOP服务器应用程序的话，JMX RMI-IIOP API中的安全漏洞就可能允许能够创建该应用程序的本地用户获取对这些数据的非授权访问。 这个漏洞仅影响包含有通过JMX RMI-IIOP API部署的应用程序的系统。满足了所有以下条件时JMX代理会出现这个漏洞： 1...

PT-2005-5529 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 version 8.1 Description: The issue allows local users to gain unauthorized access and sensitive information, such as cleartext passwords, due to default permissions of read and write for the Everyone group in shared memory sections an...

Debian DSA-230-1 : bugzilla - insecure permissions, spurious backup files

Two vulnerabilities have been discovered in Bugzilla, a web-based bug tracking system, by its authors. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities : CAN-2003-0012 BugTraq ID 6502 The provided data collection script intended to be run as a nightly cron...

Microsoft Windows XMLHTTP component allows remote access to local data sources

Overview The Microsoft XMLHTTP ActiveX control allows unauthorized reading of any known file on a system. A victim must be enticed to visit a malicious site in order to be attacked. Description Description from MS02-008:Microsoft XML Core Services MSXML includes the XMLHTTP ActiveX control, which...

PT-2005-5547 · Debian +4 · Kernel-Source-2.4.27 +15

Name of the Vulnerable Software and Affected Versions: Debian GNU/Linux kernel-image-2.4.27 versions 2.4.27 through 2.4.27-2 Debian GNU/Linux kernel-headers-2.4.27 versions 2.4.27 through 2.4.27-2 Debian GNU/Linux kernel-pcmcia-modules-2.4.27 versions 2.4.27 through 2.4.27-2 Debian GNU/Linux...