Several vulnerabilities were discovered in qemu, a fast processor
emulator.
Monthly Archives: November 2014
Vuln: Smarty CVE-2014-8350 Remote Arbitrary Code Execution Vulnerability
Smarty CVE-2014-8350 Remote Arbitrary Code Execution Vulnerability
Vuln: FedUp CVE-2013-6494 Insecure Temporary File Creation Vulnerability
FedUp CVE-2013-6494 Insecure Temporary File Creation Vulnerability
Vuln: OpenSSL CVE-2014-0076 Information Disclosure Weakness
OpenSSL CVE-2014-0076 Information Disclosure Weakness
Vuln: PHP 'date_from_ISO8601()' Function Buffer Overflow Vulnerability
PHP ‘date_from_ISO8601()’ Function Buffer Overflow Vulnerability
DSA-3065 libxml-security-java – security update
James Forshaw discovered that, in Apache Santuario XML Security for
Java, CanonicalizationMethod parameters were incorrectly validated:
by specifying an arbitrary weak canonicalization algorithm, an
attacker could spoof XML signatures.
CVE-2014-8622
Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.
ROP Gadget Tool 5.3
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
Ubuntu Security Notice USN-2398-1
Ubuntu Security Notice 2398-1 – It was discovered that LibreOffice incorrectly handled the Impress remote control port. An attacker could possibly use this issue to cause Impress to crash, resulting in a denial of service, or possibly execute arbitrary code.
Gentoo Linux Security Advisory 201411-01
Gentoo Linux Security Advisory 201411-1 – Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted execution of arbitrary code. Versions less than 2.1.2 are affected.