Ubuntu Security Notice 2849-1 – Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device’s state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. Various other issues were also addressed.
Monthly Archives: December 2015
Ubuntu Security Notice USN-2846-1
Ubuntu Security Notice 2846-1 – Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device’s state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. Various other issues were also addressed.
Ubuntu Security Notice USN-2847-1
Ubuntu Security Notice 2847-1 – Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device’s state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. Various other issues were also addressed.
Ubuntu Security Notice USN-2848-1
Ubuntu Security Notice 2848-1 – Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device’s state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. Various other issues were also addressed.
Exam Board 3.0.0 Blind SQL Injection
Exam Board version 3.0.0 suffers from a remote blind SQL injection vulnerability.
WordPress WooCommerce 2.4.12 PHP Code Injection
WordPress WooCommerce plugin version 2.4.12 suffers from a php code injection vulnerability.
Bugtraq: [SECURITY] [DSA 3428-1] tomcat8 security update
[SECURITY] [DSA 3428-1] tomcat8 security update
Bugtraq: KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address
KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address
Notepad ++ NPPFtp Plugin Buffer Overflow
Posted by Rio Sherri on Dec 19
# Title : Notepad ++ NPPFtp Plugin Buffer Overflow
# Date : 19/12/2015
# Author : R-73eN
# Tested on : NPPFtp 0.26.3 (Latest Version)
# Software : http://sourceforge.net/projects/nppftp/
# Vendor : https://notepad-plus-plus.org/
# ___ __ ____ _ _
# |_ _|_ __ / _| ___ / ___| ___ _ __ / | |
# | || ‘_ | |_ / _ | | _ / _ ‘_ / _ | |
# | || | | | _| (_) | |_| | __/ | | | /…
CVE-2015-6429
The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236.