CVE-2015-4641

Affected: Samsung Galaxy S4, S4 Mini, S5, S6 with SwiftKey language-pack update. Vulnerability: Directory traversal in the SwiftKey language-pack update implementation that uses the skslm.swiftkey.net domain. Cause: crafted ZIP entry containing a .. path can be exploited to write to arbitrary fil...

Debian DSA-3290-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption. - CVE-2015-1805 Red Hat discovered that the pipe iovec read and write implementations may iterate over the iovec twice but will modify...

[SECURITY] [DSA 3290-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3290-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 18, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3290-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3290-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 18, 2015 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3290-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption. CVE-2015-1805 Red Hat discovered that the pipe iovec read and write implementations may iterate over the iovec twice but will modify t...

DSA-3290-1 linux - security update

Bulletin has no description...

CVE-2015-4144

CVE-2015-4144 affects hostapd and wpa_supplicant EAP-pwd server/peer implementations (versions 1.0–2.4). The issue is missing validation that a message is long enough to contain the Total-Length field, enabling a remote attacker to trigger a denial of service (crash) via crafted messages. The lin...

CVE-2015-0775

The banner aka MOTD implementation in Cisco NX-OS 4.12E11f on Nexus 4000 devices, 5.21SV32.1 on Nexus 1000V devices, 6.02N22 on Nexus 5000 devices, 6.211 on MDS 9000 devices, 6.212 on Nexus 7000 devices, 7.03 on Nexus 9000 devices, and 7.20ZN99.67 on Nexus 3000 devices allows remote attackers to...

CVE-2015-0775

The CVE-2015-0775 issue affects Cisco NX-OS banner/MOTD handling across multiple platforms (Nexus 4000, Nexus 1000V, Nexus 5000, MDS 9000, Nexus 7000, Nexus 9000, Nexus 3000). The vulnerability allows remote unauthenticated attackers to cause a denial of service by triggering a login-process rese...

Code injection

The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service device reload by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505...

CVE-2014-7810

The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...

CVE-2014-7810

Summary: CVE-2014-7810 affects the EL implementation in Apache Tomcat. The vulnerability arises when the EL evaluator may evaluate against an interface that is accessible via an inaccessible class, allowing bypass of SecurityManager protections in a web application. Affected products/versions (pe...

CVE-2014-7810

The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...

CVE-2015-2278

CVE-2015-2278 and CVE-2015-2282 affect SAP products via the LZH/LZC decompression paths. The root causes are in the LZH BuildHufTree function (vpa108csulzh.cpp) and the LZC decompression logic (vpa106cslzc.cpp), where attacker-controlled indices can trigger out-of-bounds reads/writes. Affected so...

CVE-2015-4146

The EAP-pwd peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not clear the L Length and M More flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service crash via a crafted message...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

CVE-2014-9710

The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations 1 during an xattr-replacement time...

CVE-2015-3166

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, a...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2610-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2610-1 advisory. Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker...

chromium: multiple issues

CVE-2015-1251 arbitrary code execution Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem allows remote attackers to execute arbitrary code via a crafted document. - CVE-2015-1252 sandbox protection bypass It has been discovered that...