This archive contains 190 exploits that were added to Packet Storm in November, 2015.
Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
integer overflows, buffer overflows and other implementation errors may
lead to the execution of arbitrary code or denial of service.
A memory-corrupting integer overflow in the handling of the ECH (erase
characters) control sequence was discovered in PuTTY’s terminal
emulator. A remote attacker can take advantage of this flaw to mount a
denial of service or potentially to execute arbitrary code.
It was discovered that GnuTLS, a library implementing the TLS and SSL
protocols, incorrectly validates the first byte of padding in CBC modes.
A remote attacker can possibly take advantage of this flaw to perform a
padding oracle attack.
Brocade Fabric OS version 6.3.1b suffers from multiple weak system configuration issues that can result in system compromise. You actually have to go out of your way to break basic Linux security this badly.
Ubuntu Security Notice 2821-1 – It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack.
LibRaw versions 0.17 and below suffer from multiple memory errors that can result in code execution or other problems.
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 — Advanced Information Security Corporation
Proftpd 1.3.5a LATEST (0-day) Follow-up report (Part 2), Patch released!! 29/11/2015 — Advanced Information Security Corporation
LSE Leading Security Experts GmbH – LSE-2015-10-14 – HumHub SQL-Injection