Medium: libX11, libXcursor, libXfixes, libXi, libXrandr, libXrender, libXres, libXt, libXv, libXvMC, libXxf86dga, libXxf86vm, libdmx, xorg-x11-proto-devel

Issue Overview: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws t...

Project Zero Patch Tuesday roundup, November 2014

Posted by Chris Evans, Registrar of Bugs It’s been about a week since Patch Tuesday, and the Project Zero reports mentioned in the various advisories are now public. We won’t always be writing a Patch Tuesday roundup, but we often will when we believe there is a sufficiently varied and interestin...

Adobe Flash Player Multiple Vulnerabilities (APSB14-24) - Linux

Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...

Adobe Flash Player Multiple Vulnerabilities (APSB14-24) - Windows

Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...

Adobe AIR Multiple Vulnerabilities (APSB14-24) - Mac OS X

Adobe AIR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer"; ifdescription...

[SECURITY] [DSA 3050-3] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3050-3 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 12, 2014 http://www.debian.org/security/faq -...

Chinese Telecom Routes Russian Domestic Internet Traffic through China

Russian Internet traffic, including the domestic one, has continuously been re-routed outside the country due to routing errors by China Telecom, which could result in compromising the security of Russian communications. Internet monitoring service Dyn reported Thursday in a blog post that the...

TigerVNC: User-assisted execution of arbitrary code

Background TigerVNC is a high-performance VNC server/client. Description Two boundary errors in TigerVNC could lead to a heap-based buffer overflow. Impact A remote attacker could entice a user to connect to a malicious VNC server using TigerVNC, possibly resulting in execution of arbitrary code...

Linksys SMART Wi-Fi Firmware Patches Released

Two versions of popular consumer and small office Linksys routers remain vulnerable to a pair of vulnerabilities recently patched in other models of the Belkin-owned networking gear. Linksys EA2700 and EA3500 routers running Linksys SMART Wi-Fi firmware have yet to be patched against...

Debian DSA-3061-1 : icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update...

CVE-2014-7987

Cross-site scripting XSS vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php...

Linksys SMART WiFi firmware contains multiple vulnerabilities

Overview Linksys EA series routers running the Linksys SMART WiFi firmware contain multiple vulnerabilities. Description CWE-320: Key Management Errors - CVE-2014-8243An remote, unauthenticated attacker can read the router's .htpassword file by requesting https:///.htpasswd. The .htpasswd file...

DSA-3061-1 icedove - security update

Bulletin has no description...

Debian Security Advisory DSA 3061-1 (icedove - security update)

Multiple security issues have been found in Icedove, Debian OpenVAS Vulnerability Test $Id: deb3061.nasl 6759 2017-07-19 09:56:33Z teissa $ Auto-generated from advisory DSA 3061-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2014 Greenbone Networks GmbH...

Debian: Security Advisory (DSA-3061-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

April 911 Outage Impacted 3.5 Percent of U.S. Population

In the early hours of April 10, a series of errors led to a massive, multi-state outage in the emergency call management centers ECMCs that handle 911 calls in seven geographically dispersed states. The incident originated at an obscure but critical call routing hub in Englewood, Colo., and ended...

Oracle MySQL Server <= 5.5.38 / 5.6 <= 5.6.19 Security Update (cpuoct2014) - Windows

Oracle MySQL Server is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 (Oct 2014) - Windows

Oracle Java SE JRE is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3050-1 : iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, the bypass of the same-origi...

[SECURITY] [DSA 3050-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3050-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 15, 2014 http://www.debian.org/security/faq -...