The Lotus Notes mail client accepts applet tags inside HTML emails, making it possible to load Java applets from a remote location. Combined with known Java sandbox escape vulnerabilities, it can be used to fully compromise the user reading the email.
72507df8ce813a6baed8ae1404ff3467f4a3d09f17024073ea1c0b531c0f08c6
HP Security Bulletin HPSBMU02872 SSRT101185 - Potential security vulnerabilities have been identified with HP Service Manager Web Tier running on Windows. Service Manager Web Tier is vulnerable to remote disclosure of information and cross site scripting (XSS). Revision 1 of this advisory.
cd6d67bc13e7d8b16182f157bf80b7b5c828bddb5dc432ce8035df4768b5b42a
WowzaMediaServer allows for direct getting and setting of properties which in turn can enable an attacker the ability to mount further attacks.
02061d65ffca3d12c102fcd83b76a8c46f938d8fefea6e170cb8ce387b7c0c9d
CA Technologies support is alerting customers to a potential risk with CA ControlMinder. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued remediation to address the vulnerability. The vulnerability occurs due to the default JBoss Application Server configuration not correctly enforcing authentication. A remote attacker can bypass authentication, which may result in arbitrary code execution and server compromise. This vulnerability only affects the server components.
64660f12f6dffd5ead18f692e26e016ebc3bd54a5bb79b9a73ea69407b74de6f
HP Security Bulletin HPSBMU02874 SSRT101184 - Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Java Runtime Environment (JRE) has been updated to correct these issues. Revision 1 of this advisory.
6b8f577467e6e64a94ac9f1285bd24a8e75470238726cda299c3e72a719a8194
HP Security Bulletin HPSBMU02873 SSRT101182 - Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Apache Tomcat environment has been updated to correct these issues. Revision 1 of this advisory.
3a9a3d4a425cbd20923f80d24ed414a8a63ec3c97cce49d888efcf082ada17c7
FreeBSD Security Advisory - When processing READDIR requests, the NFS server does not check that it is in fact operating on a directory node. An attacker can use a specially modified NFS client to submit a READDIR request on a file, causing the underlying filesystem to interpret that file as a directory.
bdaaa4f57ae7233f6c31b6eae202bb3c0468403f3d7945ce9f1166ffc3299396
Mandriva Linux Security Advisory 2013-159 - ClamAV 0.97.8 addresses several reported potential security bugs.
68cc0cc22a4ed195526f56899d1de26e093221267702011cafeb39641c3d6282
Debian Linux Security Advisory 2665-1 - Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution.
65b00d442f413e485656ff7783722662383ea7e9970c5242dd8e466594e29bcd
Mandriva Linux Security Advisory 2013-158 - The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. The updated packages have been patched to correct this issue.
39cd223b2070c1e9da32d7df478ea030fc5680a222d44d15d868e6a8e52a7efa
Mandriva Linux Security Advisory 2013-157 - The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center in MIT Kerberos 5 before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. The updated packages have been patched to correct these issues.
199f5a10f9c3952ec28914507f3f5a6dc8411e3c44dfd7e08218fe1c6eb08789
HP Security Bulletin HPSBPI02869 SSRT100936 - A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files. Revision 1 of this advisory.
c331c35e287cf34d731bc25cdf4dc4815ac9ee61b92981d4b4a6d1686c4d86ae
HP Security Bulletin HPSBPI02868 SSRT101017 - A potential security vulnerability has been identified with HP Managed Printing Administration (MPA). The vulnerability could be exploited remotely resulting in cross site scripting (XSS). Revision 1 of this advisory.
ea246147bc2212a438f5e993c0712afde5bd4063ef936ec1ee283575e5c97b1d
Mandriva Linux Security Advisory 2013-154 - An information disclosure flaw was found in the way the mount command reported errors. A local attacker could use this flaw to determine the existence of files and directories they do not have access to. Additionally for Mandriva Enterprise Server 5 a patch was added to support a new --no-canonicalize switch for mount to support the fix for in fuse. The updated packages have been patched to correct these issues.
007b8d9e4059b6f9c2f23c2c4c28be3ff4be16e6a9dabd3d0800fb8a9d748303
Mandriva Linux Security Advisory 2013-156 - ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity vulnerability. The updated packages have been patched to correct this issue.
686354a3dac07edc7796a50d9ab3acf3cac39229d4912db2ea0ab6d44023c774
Mandriva Linux Security Advisory 2013-155 - FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. The updated packages have been patched to correct this issue.
4a573d4ac94a8fef29b69d8e2b6b66a8923d2d41fc74bc07033273f227d9c195
Mandriva Linux Security Advisory 2013-153 - Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild, but the details of how to exploit it have been disclosed on the full disclosure mailing list. Subversion's mod_dav_svn Apache HTTPD server module will crash when a log REPORT request receives a limit that is out of the allowed range. This can lead to a DoS. There are no known instances of this problem being used as a DoS in the wild. The updated packages have been upgraded to the 1.7.9 version which is not affected by these issues.
ac52fca2c6e52678143574a204e2908949235f35cf7c438923678f0725019825
Mandriva Linux Security Advisory 2013-152 - Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild, but the details of how to exploit it have been disclosed on the full disclosure mailing list. The updated packages have been upgraded to the 1.6.21 version which is not affected by these issues.
930a2bdd3266063666866847cb602e153af6288c4df4eadd20f0f8eba4ad4b09
Mandriva Linux Security Advisory 2013-151 - libcurl is vulnerable to a cookie leak vulnerability when doing requests across domains with matching tails. This vulnerability can be used to hijack sessions in targetted attacks since registering domains using a known domain's name as an ending is trivial.
5c69303402e466b01eae0fbd8cd93ede86dc773f79280ad90e909cf75515c6af
HP Security Bulletin HPSBMU02830 SSRT100889 2 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be locally exploited to allow an increase of privilege. Revision 2 of this advisory.
d31c0fd64bd23aa84b53b48a34166955482010fec5b0872d0ef36e0201d02251
Borland Silk Central version 12.1 TeeChart Pro active-x control suffers from an AddSeries remote code execution vulnerability.
3487efa60e709db37782fa39c6eb16e87b57eb70ce5b1c0251f9a7ceec7a159a
Borland Caliber version 11.0 Quiksoft EasyMail SMTP object suffers from buffer overflow vulnerabilities.
aae8950056570990cc0938976eec20957c20f9394f5b40c527b4b831ee1b5e5f
Red Hat Security Advisory 2013-0772-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.1.69.
08472f25b4f2dc67bbb764e93477a4cda76c3b9d31c9b109bcd314044bb853f6
Ubuntu Security Notice 1808-1 - Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. Various other issues were also addressed.
552454cec345ffb0bddff287d7b438a2d118cde30da3628cf3b2484c337e4199
Ubuntu Security Notice 1807-2 - USN-1807-1 fixed vulnerabilities in MySQL. This update provides MySQL 5.5.31 for Ubuntu 13.04. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
7e3499a9a7b48101429ba01acfe8c537c8b5615f56dbe899bf947e05445e7ac8