Naked Security

Security Bulletins

2013-10-18 - [slackware-security] hplip (SSA:2013-291-01)

10/19/2013

2013-10-18 - [slackware-security] libtiff (SSA:2013-290-01)

10/18/2013

2013-10-14 - [slackware-security] xorg-server (SSA:2013-287-05)

10/15/2013

2013-10-14 - [slackware-security] libgpg-error (SSA:2013-287-04)

10/15/2013

2013-10-14 - [slackware-security] gnutls (SSA:2013-287-03)

10/15/2013

Latest Malware Updates

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

09/20/2017

CVE-2017-14607

In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

09/20/2017

CVE-2017-14596

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

09/20/2017

CVE-2017-14595

In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

09/20/2017

CVE-2017-14339

The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.

09/20/2017

CVE-2017-12611

In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

09/20/2017

CVE-2016-8738

In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

09/20/2017

CVE-2016-6795

In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.

09/20/2017

CVE-2015-8224

Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths.

09/20/2017

CVE-2015-7347

Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.

09/20/2017

CVE-2015-6673

Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.

09/20/2017

CVE-2015-5608

Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.

09/20/2017

CVE-2015-5607

Cross-site request forgery in the REST API in IPython 2 and 3.

09/20/2017

CVE-2015-5395

Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

09/20/2017

CVE-2015-5248

Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform.

09/20/2017

CVE-2015-5179

FreeIPA might display user data improperly via vectors involving non-printable characters.

09/20/2017

CVE-2015-4707

Cross-site scripting (XSS) vulnerability in IPython before 3.2.

09/20/2017

CVE-2015-4075

The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.

09/20/2017

CVE-2015-4074

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.

09/20/2017

CVE-2015-4073

Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.

09/20/2017

Security Advisories Database