An error when handling the Size member of a GIF DataSubBlock data structure can be exploited to cause memory corruption via a specially crafted GIF file in Foxit products.
Monthly Archives: March 2015
Android Media Integer Overflow
An integer overflow in the BnAudioPolicyService::onTransact function in frameworks can be exploited to achieve media_server permission. All versions below Lollipop 5.1 are affected.
Google Android Integer Oveflow / Heap Corruption
Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of file descriptors or integer values. All versions below Lollipop 5.1 are affected.
ElasticSearch Unauthenticated Remote Code Execution
Remote unauthenticated code execution exploit for ElasticSearch.
Microsoft Windows MS15-020 Memory Corruption
Microsoft Windows suffers from a text services related memory corruption vulnerability as outlined in MS-15-020.
CVE-2015-2241
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property. (CVSS:4.3) (Last Update:2015-03-12)
DSA-3184 gnupg – security update
Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard:
DSA-3185 libgcrypt11 – security update
Multiple vulnerabilities were discovered in libgcrypt:
DSA-3183 movabletype-opensource – security update
Multiple vulnerabilities have been discovered in Movable Type, a
blogging system. The Common Vulnerabilities and Exposures project
identifies the following problems:
Linux.Zariche File Prepender Virus
Source code for Linux.Zariche, a proof of concept elf (x86_64) file prepender, written in Vala.