Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2015-5554, CVE-2015-5555, and CVE-2015-5558.
Monthly Archives: August 2015
CVE-2015-5563
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5564, and CVE-2015-5565.
CVE-2015-5564
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, and CVE-2015-5565.
CVE-2015-5565
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, and CVE-2015-5564.
Apple Releases Security Updates for OS X Server, iOS, Safari, and Yosemite
Original release date: August 13, 2015
Apple has released security updates for OS X Server, iOS, Safari, and Yosemite to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Available updates include:
- iOS 8.4.1 for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
- Safari 8.0.8 for OS X Yosemite v10.10.4
- Safari 7.1.8 for OS X Mavericks v10.9.5
- Safari 6.2.8 for OS X Mountain Lion v10.8.5
- OS X Server v4.1.5 for OS X Yosemite v10.10.5 or later
- OS X Yosemite v10.10.5 and Security Update 2015-006 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4.
US-CERT encourages users and administrators to review Apple security updates for OS X Server, iOS, Safari, Yosemite, and Security Update 2015-006 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
CESA-2015:1623 Important CentOS 6 kernel SecurityUpdate
CentOS Errata and Security Advisory 2015:1623 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1623.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 255a337cbf42c19545379811d17b6eb51149a8fdbc5a17034f0113d6746927ea kernel-2.6.32-573.3.1.el6.i686.rpm d1145b823e644fc293e5651444e90b40572c7b18f97e3d2d06c89b0b71f7664e kernel-abi-whitelists-2.6.32-573.3.1.el6.noarch.rpm 8d5a57e6eb50ebb621eb4cb5651e434e7842c2a2de654e08c1de081f65de832e kernel-debug-2.6.32-573.3.1.el6.i686.rpm d65d9617865b5f8cd74b45c00b9523d85788d6457ab8fe218d411a147ee64812 kernel-debug-devel-2.6.32-573.3.1.el6.i686.rpm 091300bbcab0ac995e957ce4b39505207e1bd9e6311a394b81ed762a0f2a49c3 kernel-devel-2.6.32-573.3.1.el6.i686.rpm 75b66f3931de73f9d79664eaecf1ff0385d2396ea87191313b1a48ae7adb1109 kernel-doc-2.6.32-573.3.1.el6.noarch.rpm 4837848450059bfa3ce0fb1ad2297721b31b0d2fcc79c843eec15d92fa2c0696 kernel-firmware-2.6.32-573.3.1.el6.noarch.rpm 910b455b2916fc76980e545fd1cba29b282f7aba16dc6f8589d8acbd328b5661 kernel-headers-2.6.32-573.3.1.el6.i686.rpm d7ee0833f6578fd6a900700f2b84f7fc39cc39fbae9624a179074954641884d2 perf-2.6.32-573.3.1.el6.i686.rpm e7566d4fa5cd4d76ca3a8c11a84dd2339f73196b08075e3dbfcb52d842f7db77 python-perf-2.6.32-573.3.1.el6.i686.rpm x86_64: cc856b26c82937a01f79eee9aef582e540e23fbf21193cfa7f1e2565e21c59f5 kernel-2.6.32-573.3.1.el6.x86_64.rpm d1145b823e644fc293e5651444e90b40572c7b18f97e3d2d06c89b0b71f7664e kernel-abi-whitelists-2.6.32-573.3.1.el6.noarch.rpm de22da4825278d89fee5d4f30b5f0ab4d249906b264c7e1214e96ffd1136cd67 kernel-debug-2.6.32-573.3.1.el6.x86_64.rpm d65d9617865b5f8cd74b45c00b9523d85788d6457ab8fe218d411a147ee64812 kernel-debug-devel-2.6.32-573.3.1.el6.i686.rpm 16bdae32d7e7923e57e40e7a58463ca42d7896aef2ddce8507f9fc67b4f7d334 kernel-debug-devel-2.6.32-573.3.1.el6.x86_64.rpm df84903395045dde3d2f9f93747e1a1f35e69bf8a7ca0a159433eaf9e253a718 kernel-devel-2.6.32-573.3.1.el6.x86_64.rpm 75b66f3931de73f9d79664eaecf1ff0385d2396ea87191313b1a48ae7adb1109 kernel-doc-2.6.32-573.3.1.el6.noarch.rpm 4837848450059bfa3ce0fb1ad2297721b31b0d2fcc79c843eec15d92fa2c0696 kernel-firmware-2.6.32-573.3.1.el6.noarch.rpm 84b9082e89964fc4650d7a0df05a58132ea464c8b0bbfab95defabf040650437 kernel-headers-2.6.32-573.3.1.el6.x86_64.rpm 49d53814b0ea4fc7d6f413141dca67747b8ef3e0f17ef809e6f20b2d0e2f3bb1 perf-2.6.32-573.3.1.el6.x86_64.rpm 4c339aae0955aae515488e6b01bdbb4717b464d230b2811c14a216b5125aef9e python-perf-2.6.32-573.3.1.el6.x86_64.rpm Source: d01abca667b8e189a4cfed8f0fa397c8e99add7d57c491e2b9c0e70d8656a09c kernel-2.6.32-573.3.1.el6.src.rpm
OpenSSH 6.9p1 Authentication Bypass / Use-After-Free
OpenSSH versions 6.9p1 and below suffer from PAM related authentication bypass and use-after-free vulnerabilities.
Nuance PowerPDF Advanced 1.0 / 1.1 Information Disclosure
Nuance PowerPDF Advanced versions 1.0 and 1.1 suffer from an information disclosure vulnerability.
Enorth Webpublisher CMS SQL Injection
Enorth Webpublisher CMS suffers from a remote SQL injection vulnerability.
[CVE-2015-5617]Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp cbNewsid
Posted by xin . wang on Aug 13
Title:
====
[CVE-2015-5617]Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp cbNewsid
Vendor:
======
http://products.enorth.com.cn/bfnrglxt/index.shtml
Enorth Webpublisher CMS so far of the scale of tens of thousands of web sites, with the government, enterprises,
scientific research and education and media industries fields such as nearly thousands of business users.
Versions Affected:
==============
All versions
Author:…