Debian Linux Security Advisory 2646-1 - Typo3, a PHP-based content management system, was found vulnerable to several vulnerabilities.
25386ed07b570613bfe9ccecc762bde905a66c53d57b8f496c3f58d09ee79951
The EverFocus EPARA264-16X1 DVR allows unauthenticated remote users to retrieve arbitrary system files that are located outside of the web root through a directory traversal on port 80. Firmware version 1.0.2 is affected.
9498ec7c2d7d5276591c2ebc8509ab56201a5acf174aead7063bf8fe2488c95c
Debian Linux Security Advisory 2648-1 - A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager.
3fc375a47b826db087cce2564e87b9c320aab1c05447a531e7f739a3bf803897
Debian Linux Security Advisory 2647-1 - A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code.
d47fae449bdaf311c4618b1ae36fe78802d600ce4163213705762394cfc40e0f
Apple Security Advisory 2013-03-14-2 - Safari 6.0.3 is now available and addresses multiple security issues. These fixes address memory corruption issues and cross site scripting.
e8fb3bcee240bccc74fd00148304720bad83d31d8a9f970f1f2b7ebd82d86810
Apple Security Advisory 2013-03-14-1 - OS X Mountain Lion version 10.8.3 and Security Update 2013-001 addresses multiple vulnerabilities. These updates address a canonicalization issue with HFS and Apache, a buffer overflow in libtiff, an authentication bypass, and more.
1e8f51ffad32ee5ec0c6272e89d6a3912ef63b3f493ec6bce9c955e8f09dc3f6
Slackware Security Advisory - New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix a security issue.
80bbc6d84cb40341c297e1e014e7810347e1070ca8f87dcb025b3c74358b6a88
Slackware Security Advisory - New perl packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-1667.
61afc6e373cc8a2593e5f9cf519ab0b62c9ed5882774a848c94de205325acb57
Ubuntu Security Notice 1763-2 - USN-1763-1 fixed a vulnerability in NSS. This update provides the NSPR needed to use the new NSS. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. Various other issues were also addressed.
14c2109289cf639924ee155649aaf99f56995b1e908629a630645e7226d2101b
Ubuntu Security Notice 1763-1 - Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
0169b782ecce9f3cb1ee538627164630ed963e7b52a23bd3d0008dc583acfa40
Red Hat Security Advisory 2013-0649-01 - Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration platform. This release of Fuse ESB Enterprise 7.1.0 Patch 3 is an update to Fuse ESB Enterprise 7.1.0 and includes bug fixes.
25b335c51975b777b1647472a9f39f2461c65c9b63d4d975008ba45dbcefdb56
Red Hat Security Advisory 2013-0647-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter in JBoss Web. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances.
cae7f2723e72a831376fbdd1d9a7180b3d68ef9063766a4141634d2342c6f76a
Red Hat Security Advisory 2013-0648-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter in JBoss Web. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances.
622d29c2160f22699e5b7c9c65fa1deed1df2ed503b5aef7ffd26ac8ce417669
Red Hat Security Advisory 2013-0646-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request. A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username.
b3c19a4366ad523734159f85e06904742d756e830065660510bfdc31ede59ef8
Ubuntu Security Notice 1764-1 - Stuart McLaren discovered an issue with Glance v1 API requests. An authenticated attacker could exploit this to expose the Glance operator's Swift and/or S3 credentials via the response headers when requesting a cached image.
5f7ca5e0136683964cdafe38aa284436d2548ccb00bf399c52adc234b66f7bd6
Debian Linux Security Advisory 2645-1 - Ovidiu Mara reported in 2010 a vulnerability in the ping util, commonly used by system and network administrators. By carefully crafting ICMP responses, an attacker could make the ping command hangs.
96d11ca0576fd24c4594c5c93b18dfbf4cc7fc77a820ca4a6cbeb63598422ad8
Debian Linux Security Advisory 2640-1 - Multiple vulnerabilities were discovered in zoneminder, a Linux video camera security and surveillance solution.
63a48d2edf5d7184c7fca3ee980296292b6295f5be005effcffc3089306cf6f6
Debian Linux Security Advisory 2644-1 - Multiple vulnerabilities were discovered in the dissectors for the MS-MMS, RTPS, RTPS2, Mount, ACN, CIMD and DTLS protocols, which could result in denial of service or the execution of arbitrary code.
00c4adaa3f4baf786f0bc4f1ad295a4aede3be4886350e40e4a15c4df6e0743e
This advisory outlines 9 different vulnerabilities in Android. Some have been addressed while others have not.
f20ea77aed0ad871a849ae4a62616d2116c1535db652007f120f29161fba53aa
Mandriva Linux Security Advisory 2013-025 - The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted mxit/imagestrips pathname. Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service via a crafted packet. upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service by leveraging access to the local network. This update provides pidgin 2.10.7, which is not vulnerable to these issues.
1947a7196d370ec292c6d6196bc378f7ab94ffd059b4a95d0ad67f48a214a6e6
Ubuntu Security Notice 1762-1 - Ansgar Burchardt discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling InRelease file support completely. Various other issues were also addressed.
7ec4d9c9b620d30a5c750c688a228afc8aed1ace705b6394604cb8ec05f2f0fc
An integer overflow vulnerability exists in the .qvw file format parser in QlikView Desktop Client version 11.00 SR2. A parameter that is responsible for the section length is checked improperly, which causes a heap overflow if any value bigger than 0x80000000 is set. Successful exploitation of this vulnerability could result in an arbitrary code execution within the QlikView Desktop client.
f1abbcb05d9f6164954a8e6deae36e2eeaaf00dbcf2183495a8690b131f1d1e5
Ubuntu Security Notice 1761-1 - It was discovered that PHP incorrectly handled XML external entities in SOAP WSDL files. A remote attacker could use this flaw to read arbitrary files off the server.
a139f03fd0b8a9c748ca3fca8449ab784e6431886e31fd02762b622672ee72b4
Red Hat Security Advisory 2013-0645-01 - Apache CXF is an open source services framework. It was found that the Apache CXF UsernameTokenPolicyValidator and UsernameTokenInterceptor allowed a UsernameToken element with no password child element to bypass authentication. A remote attacker could use this flaw to circumvent access controls applied to web services by omitting the password in a UsernameToken. This flaw was exploitable on web services that rely on WS-SecurityPolicy plain text UsernameTokens to authenticate users. It was not exploitable when using hashed passwords or WS-Security without WS-SecurityPolicy.
a8cabf84038ae0764d72ecd6fea22297f2eefbe04f4249e586339230dee77f43
Red Hat Security Advisory 2013-0644-01 - Apache CXF is an open source services framework. It was found that the Apache CXF UsernameTokenPolicyValidator and UsernameTokenInterceptor allowed a UsernameToken element with no password child element to bypass authentication. A remote attacker could use this flaw to circumvent access controls applied to web services by omitting the password in a UsernameToken. This flaw was exploitable on web services that rely on WS-SecurityPolicy plain text UsernameTokens to authenticate users. It was not exploitable when using hashed passwords or WS-Security without WS-SecurityPolicy.
475507b92ce71db9cb57c1004a1e40e6e3069b3a0f28f93ae6c857128a6be8df