openSUSE Security Update : kernel (openSUSE-SU-2013:1005-1)

The openSUSE 12.1 kernel was updated to fix a critical security issue and also some reiserfs bugs. CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi...

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5826)

Mozilla Thunderbird was updated to 3.1.19 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code CVE-2011-3026, %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

openSUSE Security Update : kernel (openSUSE-SU-2013:1042-1)

The openSUSE 12.2 kernel was updated to fix security issue and other bugs. Security issues fixed: CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi...

CVE-2014-1334

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1...

CVE-2013-4544

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to 1 RX or 2 TX queue numbers or 3 interrupt indices. NOTE: some of these details are obtained from third party information...

CVE-2014-1311

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1...

SuSE 11.3 Security Update : mutt (SAT Patch Number 9023)

The mailreader mutt was updated to fix a security issue in displaying mail headers, where a crafted e-mail could cause a heap overflow, which in turn might be used by attackers to crash mutt or potentially even execute code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...

CVE-2013-6955 Synology DSM remote code execution

Products Affected By CVE-2013-6955 Diskstation Manager 4.0 4.2 4.3 4.3-3810 Vendor: Synology Status: Patched webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary...

Fonality trixbox - 'mac' Remote Code Injection

App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think they have better product than the Award...

Ubuntu: Security Advisory (USN-2132-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS / 12.10 / 13.10 : imagemagick vulnerabilities (USN-2132-1)

Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain restart markers in JPEG images. If a user or automated system using ImageMagick were tricked into opening a specially crafted JPEG image, an attacker could exploit this to cause memor...

EUVD-2013-4824

Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service device crash and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request...

postgresql: stack-based buffer overflow in datetime input/output

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via vectors related to an incorrect...

CVE-2014-0039

Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory...

Code injection

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value...

CVE-2014-0496

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors...

CVE-2013-6172

steps/utils/savepref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code...

UBUNTU-CVE-2013-1008

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in...

Ubuntu Update for icedtea-web USN-1804-2

Check for the Version of icedtea-web OpenVAS Vulnerability Test $Id: gbubuntuUSN18042.nasl 8672 2018-02-05 16:39:18Z teissa $ Ubuntu Update for icedtea-web USN-1804-2 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : icedtea-web vulnerabilities (USN-1804-1)

Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. CVE-2013-1926 It was discovered that IcedTea-Web did not properly...