Team SHATTER Security Advisory - Some parameters of /em/console/database/dbclone/dBClone in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
5897aa6dffb670f996eeb60355e6b635c67ef10810f2429ce976f48422097393
Onapsis Security Advisory - The SDM suffers from a design vulnerability in the way it handles failed user authentication attempts, generating a denial of service condition if some conditions are met. This can be abused by a malicious attacker to disrupt this service.
b9fa27961da95e0e64a0970f55bd1166292455bd7ad40a519c24ce582e12a1ec
Team SHATTER Security Advisory - An attacker hosting a malicious web site can execute SQL statements in the backend database when an administrator with an open session in Oracle Enterprise Manager web application visits the malicious web site. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
49571641e710a1ec758dcec0e1e03620a16c0aef2ccc5eac49327bf8c09b5f3c
Team SHATTER Security Advisory - The 'pagename' parameter of web page /em/console/ecm/policy/policyViewSettings in Oracle Enterprise Manager is vulnerable to HTTP response splitting attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
16aeb9e7d9c1810b12977db09de9e12bb6519a3538e04f77b3203555af5bc05e
Onapsis Security Advisory - The SAP Portal "Federation" configuration pages do not properly handle authentication, exposing the entire Portal infrastructure.
ec578a095f1a6d51c543b8f60172c4da01037681852bb0569b01951f9eb78573
Team SHATTER Security Advisory - GeoRaster is a feature of Oracle Spatial that lets you store, index, query, analyze, and deliver GeoRaster data. One of the GeoRaster APIs is prone to stack-based overflow.
3a93180b3014610b665d5b8cce7d1ac694474a16caebae59d56cfa7c1dcef3af
Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control XML Database Resources page is vulnerable to a cross site scripting vulnerability. An attacker may inject malicious code into the web application and trick a legitimate user into executing it by various methods. Affected versions include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
d99af9ee753df748afa8622681887b09396561432184ac0aa41308d6c823185a
Ubuntu Security Notice 1743-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
705dae3f9be8344b571b6b9a8c3284099be0058b09273df2dfcbac465c97e537
Ubuntu Security Notice 1742-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
263f44f049c6dc57c6f2d29fd51ab6e9a6a23acbd53a47534ad2b6abddb3ce41
Ubuntu Security Notice 1741-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
eb2c5bd4dfc428ab867253b2af2dcc1b2cdd1973887db258045f6a16c3a74b25
Ubuntu Security Notice 1740-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
e1fdabab72af4143124c0ab88ecbab3fccaa33dddd0986932cf63009220ed845
Ubuntu Security Notice 1739-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
58b0c3ab55d814a0de2780b66cfcb90279094bfa49ea7e219cbc6f285d43ef49
Ubuntu Security Notice 1738-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
473f39dbfe2b310d358455320893c8f03c0a0e0f16502df8f41ca7601bbddbe8
Ubuntu Security Notice 1737-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
d4706f73edfaf7396bc83d22e3a782836f94b2cdf76572a50614650e19abd845
Ubuntu Security Notice 1745-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
9d4310af2ab2d674ea50ec8b0a5935369bae9e6f1691b71538f3f19cf84afb53
Ubuntu Security Notice 1744-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
93d1156c3ee62445d44798d63acaf85ec5c33b8f8d64eeca80c0636e8ada95dc
Ubuntu Security Notice 1736-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
c377309fa89eacd116ebdc9e511fcb0898f5c0337e541264181832f66e9e1c9c
Ubuntu Security Notice 1735-1 - Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 12.10. Various other issues were also addressed.
2261cb93a882de20b7e4c81f5368c093e6bdc017b92efb2dc8c82925d609cdd8
Team SHATTER Security Advisory - There is a flaw in the way that Authentication Session Keys are generated and protected by Oracle Database Server during the authentication process. It is possible to use this flaw to perform unlimited password guesses (cracking) of any user password in a similar way as if the password hash would be available. Oracle Database version 11gR1 and 11gR2 are affected.
6de8cff55b66f1dae7efecbf927e6903f0d40a21e1f69993bb4e363b2732b39d
Team SHATTER Security Advisory - Renaming a table having flashback archive using specially crafted table name triggers internal SQL injection. This allows users to execute code with elevated privileges. Oracle Database Enterprise Edition version 11.1 and 11.2 are affected.
fe12a85f642cabb0360ed843da29b8d6e66283d99716b980d61f47a9ad23614c
HP Security Bulletin HPSBMU02836 SSRT101056 - Potential security vulnerabilities have been identified with HP ArcSight Connector Appliance and HP ArcSight Logger. These vulnerabilities could be exploited remotely to allow disclosure of information, command injection and cross-site scripting (XSS). Revision 1 of this advisory.
14f9abc7c565329aeda8e943a1d8fa34bb61bd4bb69850d90b97b588c089d5d0
Red Hat Security Advisory 2013-0552-01 - In accordance with the Red Hat Enterprise Virtualization Errata Support Policy, the support for Red Hat Enterprise Virtualization 2 will end on 1st March, 2013. Customers are recommended to upgrade their existing Red Hat Enterprise Virtualization 2.x installations to version 3.0. The upgrade from RHEV Manager version 2.2 running on Microsoft Windows to Red Hat Enterprise Virtualization Manager 3.0 running on Red Hat Enterprise Linux is fully supported and requires no downtime, during the upgrade all virtual machines will continue to run without loss of service.
c50b91c502da9056e729946a5d451a8df385851f224db15587a947e0fe9c225c
Red Hat Security Advisory 2013-0544-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. It was discovered that Katello did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to download consumer certificates or change settings of other users' systems if they knew the target system's UUID. A vulnerability in rubygem-ldap_fluff allowed a remote attacker to bypass authentication and log into Subscription Asset Manager when a Microsoft Active Directory server was used as the back-end authentication server.
40ed8cc02a824cba926dc987492cb7cfa65beb82b844986c7ceface61e3927c2
Red Hat Security Advisory 2013-0548-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. It provides self-service computing resources to users in a managed, governed, and secure way. Three flaws were found in rubygem-rack. A remote attacker could use these flaws to perform a denial of service attack against applications using rubygem-rack. It was found that documentation created by rubygem-rdoc was vulnerable to a cross-site scripting attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's session. As rubygem-rdoc is used for creating documentation for Ruby source files, it is not a common scenario to make such documentation accessible over the network.
7eeecf4bd61add69a8fdb62e0fc678b6962eaa82560b226a399c33ad350a2198
Red Hat Security Advisory 2013-0549-01 - The redhat-ds-base packages provide Red Hat Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon handled access control instructions using certificate groups. If an LDAP user that had a certificate group defined attempted to bind to the directory server, it would cause ns-slapd to enter an infinite loop and consume an excessive amount of CPU time.
dcc5bc41f9e0012dc142cd0fe93552492f5d9cd278e58d24ffb573240480fcfc