(0Day) Borland AccuRev SaveContentServiceImpl Servlet Path Traversal Remote File Read And Deletion Vulnerabilities

This vulnerability allows remote attackers to read or delete arbitrary files on vulnerable installations of Borland AccuRev. Authentication is not required to exploit this vulnerability. The specific flaws exist within implementation of the SaveContent functionality in the AccuRevTomcat service...

Design/Logic Flaw

The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service application crash via a crafted packet, related to the 1 dissectorgetstringhandle and 2...

CVE-2015-6243

The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service application crash via a crafted packet, related to the 1 dissectorgetstringhandle and 2...

CVE-2015-6241

The prototreeaddbytesitem function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service application crash vi...

CVE-2015-6241

The prototreeaddbytesitem function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service application crash vi...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

glibc security update

2.5-123.0.1.el511.3 - Switch to use malloc when the input line is too long Orabug 19951108 Jason Luan - Use a /sys/devices/system/cpu/online for SCNPROCESSORSONLN implementation Orabug 17642251 Joe Jin 2.5-123.3 - Fix invalid-free when using getaddrinfo and AIIDN CVE-2013-7424, 2.5-123.1 - Fix...

Security update for the Linux Kernel (important)

The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-3290: A flaw was found in the way the Linux kernels nested NMI handler and espfix64 functionalities interacted during NMI processing. A local, unprivileged user could use...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification — Mozilla

Mozilla security engineer Christoph Kerschbaumer reported a discrepancy in Mozilla's implementation of Content Security Policy and the CSP specification. The specification states that blob:, data:, and filesystem: URLs should be excluded in case of a wildcard when matching source expressions but...

KLA10643 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, conduct CSS attack, gain privileges or execute arbitrary code. Below is a complete list of vulnerabilities 1. Several...

Thunderstrike 2 Mac OS X Firmware Worm

A new attack against Intel firmware running in Apple computers is expected to be unveiled at this week’s Black Hat conference. The research is an extension of the Thunderstrike Mac OS X firmware bootkit disclosed this spring that enables the undetectable installation of malicious firmware that...

DSA-3324-1 icedove - security update

Bulletin has no description...

CVE-2015-4288

The LDAP implementation on the Cisco Web Security Appliance WSA 8.5.0-000, Email Security Appliance ESA 8.5.7-042, and Content Security Management Appliance SMA 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain...

Design/Logic Flaw

The LDAP implementation on the Cisco Web Security Appliance WSA 8.5.0-000, Email Security Appliance ESA 8.5.7-042, and Content Security Management Appliance SMA 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain...

Android Stagefright Flaws Put 950 Million Devices at Risk

Vulnerabilities discovered in the Stagefright media playback engine that is native to Android devices could be the mobile world’s equivalent to Heartbleed. Almost all Android devices contain the security and implementation issues in question; unpatched devices are at risk to straightforward attac...

[SECURITY] [DSA 3315-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3315-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 23, 2015 https://www.debian.org/security/faq -...

Design/Logic Flaw

The Local Packet Transport Services LPTS implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service resource...

[SECURITY] [DSA 3313-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3313-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2015 https://www.debian.org/security/faq -...