Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2288-1)

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Salva Peiro discovered an information leak in the Linux kernel's media- device...

Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2286-1)

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Michael S. Tsirkin discovered an information leak in the Linux kernel's...

Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2285-1)

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Michael S. Tsirkin discovered an information leak in the Linux kernel's...

Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2281-1)

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 An flaw was discovered in the Linux kernel's audit subsystem when auditing...

Ubuntu 10.04 LTS : linux vulnerabilities (USN-2282-1)

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 An flaw was discovered in the Linux kernel's audit subsystem when auditing...

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20140716)

It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216, CVE-2014-4219 A format string flaw was discovered in the Hotspo...

Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20140716)

It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216, CVE-2014-4219 A format string flaw was discovered in the Hotspo...

McAfee Email Gateway OpenSSL Multiple Vulnerabilities (SB10075)

The remote host is running a version of McAfee Email Gateway MEG that is affected by the multiple vulnerabilities related to the included OpenSSL library : - An error exists in the function 'ssl3readbytes' that can allow data to be injected into other sessions or allow denial of service attacks...

java security update

CentOS Errata and Security Advisory CESA-2014:0890 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring...

java security update

CentOS Errata and Security Advisory CESA-2014:0889 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scorin...

Critical: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Mac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities

The remote host has a version of Cisco AnyConnect prior to 3.15170. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the...

Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities

The remote host has a version of Cisco AnyConnect prior to 3.15170. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the...

Possible New Version of GameOver Zeus Malware Emerges

It’s only been a little more than a month since the FBI and Europol took down the GameOver Zeus botnet, taking control of its command-and-control infrastructure and effectively cutting off the malware’s head. But researchers say that there are some indications that a new strain of the malware may...

Discuz x！一个鸡肋SQL漏洞

简要描述： 在一定的情况下可以破坏SQL逻辑。 详细说明： 这个有点不靠，不靠谱的前提： 1，http://drops.wooyun.org/papers/1404 2，arp 3，有其他方法获取siteuniqueid，按照安装的算法来暴力破解或其他 在dx/api/google/google.php内ongtt函数内有一段代码： $posts = getgpc'post' ? explode',', getgpc'post' : array; if$posts $posts0 = intval$posts0; $posts1 = intval$posts1; $posts =...

CVE-2014-4607

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run...

CVE-2014-4611

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption o...

CVE-2014-4611

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption o...

Integer overflow

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption o...