Oracle Releases April 2015 Security Advisory

Oracle has released security fixes to address 98 vulnerabilities as part of its quarterly Critical Patch Update. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle April 2015...

Apple Releases Security Updates for OS X, iOS, Safari, and Apple TV

Apple has released security updates for OS X, iOS, Safari, and Apple TV to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system. Available updates include: OS X Yosemite v10.10.3 and Security Update...

CVE-2015-0838

Dulwich (Python Git library) is affected by a buffer overflow in the C implementation of apply_delta in _pack.c, impacting versions before 0.9.9 and enabling remote code execution via a crafted pack file. Mitigation: upgrade to Dulwich 0.9.9+ (e.g., 0.10.0 per Mageia advisory) or apply provided s...

PT-2015-4907 · Dulwich · Dulwich

Name of the Vulnerable Software and Affected Versions: Dulwich versions prior to 0.9.9 Description: The issue is related to a buffer overflow in the C implementation of the apply delta function in pack.c. This allows remote attackers to execute arbitrary code via a crafted pack file...

Asus RT-G32 Router Cross-Site Scripting Vulnerability

ASUS RT-G32 is a wireless router product from ASUS. A cross-site scripting vulnerability exists in the Asus RT-G32 router. The vulnerability exists because the startapply.htm script fails to adequately filter 'nextpage', 'groupid', 'actionscript ' and 'flag' parameters. A remote attacker could us...

Apple Releases Security Updates for Safari

Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or prevent users from discerning a phishing attack on an affected system. Updates include: Safari 8.0.4 for OS X Yosemite...

JVN#30135729: SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution

Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution. Impact Arbitrary code may be executed on the server. Solution Update the Software Update to the latest version according to the information provided by th...

Squid input validation vulnerability

Overview Squid contains a vulnerability where inputs are not properly validated. Squid is a caching proxy server. Squid contains a vulnerability where server responses that contain invalid values in the Content-Length of the HTTP header are sent to the client. Kazuho Oku reported this vulnerabili...

Microsoft Releases February 2015 Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for February 2015. Some of these vulnerabilities could allow remote code execution, security feature bypass, elevation of privilege, or disclosure of information. US-CERT...

Arbitrary files may be overwritten in multiple VMware products

Overview Multiple products provided by VMware Inc. contain a vulnerability where arbitrary files on the host OS may be overwritten. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user...

Apple Releases Security Updates for OS X, Safari, iOS and Apple TV

Apple has released security updates for OS X, Safari, iOS and Apple TV to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system. Updates available include: OS X v10.10.2 and Security Update 2015-001 for OS X Mountain Lion v10.8.5, OS X...

Ubuntu Releases Security Updates

Ubuntu has released security updates to address multiple vulnerabilities affecting Ubuntu 10.04 LTS, 12.04 LTS, 14.04 LTS, and 14.10. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code. Users and administrators are encouraged to revi...

Apple Releases Security Updates for OS X

Apple has released security updates for OS X Mountain Lion, Mavericks, and Yosemite to address multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and...

VMware Releases Updates for vCAC

VMware has released security updates to address a critical vulnerability in vCloud Automation Center vCAC, which could allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2014-0013 and apply the...

LG Electronics mobile access routers lack access restrictions

Overview LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacke...

OS command injection vulnerability in multiple FUJITSU Android devices

Overview Multiple FUJITSU Android devices contain an OS command injection vulnerability. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker with local access may obtain...

Apple Releases Security Updates for iOS, OS X Yosemite, and Apple TV

Apple released security updates for iOS devices, OS X Yosemite and Apple TV to address multiple vulnerabilities, one of which could allow remote attackers to execute arbitrary commands. Updates available include: iOS 8.1.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 a...

Oracle Patches Bash Vulnerabilities

Oracle has released security updates to address bash vulnerabilities found across multiple products. US-CERT recommends users and administrators review the Oracle Security Article for additional details, and apply updates as necessary. This product is provided subject to this Notification and thi...

Google Releases Security Update for Chrome

Google has released Chrome 37.0.2062.120 for Windows, Mac and Linux. This update addresses multiple vulnerabilities one of which could potentially allow an attacker to cause a denial of service. US-CERT encourages users and administrators to review the Google Chrome release blog and apply the...

Microsoft Releases September 2014 Security Bulletin

Microsoft released updates to address vulnerabilities in Windows, .NET Framework, Internet Explorer and Lync Server as part of the Microsoft Security Bulletin Summary for September 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, or denial of service...