Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. Date published : 2017-01-13 https://dev.liferay.com/web/community-security-team/known-vulnerabilities https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/lps-64547-remote-code-execution-and-privilege-escalation-in-templates
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. Date published : 2017-01-13 http://www.securityfocus.com/archive/1/535804/100/0/threaded http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs....
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. Date published : 2017-01-13 http://www.securityfocus.com/bid/95158...
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. Date published : 2017-01-13 http://www.securityfocus.com/bid/95160 https://bugzilla.gnome.org/show_bug.cgi?id=775048
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. Date published :...
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an...
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. Date published : 2017-01-13 http://www.securityfocus.com/bid/95147 https://bugzilla.gnome.org/show_bug.cgi?id=774896
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. Date published : 2017-01-13 http://www.securityfocus.com/bid/95446...
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. Date published : 2017-01-13 http://www.securityfocus.com/bid/95148 https://bugzilla.gnome.org/show_bug.cgi?id=774859
ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. Date published : 2017-01-13 http://www.securityfocus.com/bid/94450 https://www.kb.cert.org/vuls/id/633847
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. Date published : 2017-01-13 http://www.securityfocus.com/bid/94444...
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. Date published : 2017-01-13 http://www.securityfocus.com/bid/94452 https://www.kb.cert.org/vuls/id/633847
The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors. Date published : 2017-01-13 http://www.securityfocus.com/bid/94099 https://dev.gajim.org/gajim/gajim-plugins/issues/145