all things security
Showing 1 - 25 of 188 RSS Feed

Files

Sketchup MAC Pict Material Palette Stack Corruption
Posted May 31, 2013
Authored by Felipe Andres Manzano

SketchUp is a 3D modeling program marketed by Google (2011) and designed for architectural, civil, and mechanical engineers as well as filmmakers, game developers, and related professions. SketchUp fails to validate the input when parsing an embedded MACPict texture. Arbitrary code execution is proved possible after a malicious texture or thumbnail or background image triggers a stack overflow. The issue can also be triggered when Windows Explorer reads the embedded thumbnail in a .skp file.

tags | advisory, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2013-3662
MD5 | 4529b3562b9e57de4d21a56d04fb3d52
Red Hat Security Advisory 2013-0882-01
Posted May 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0882-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-4461, CVE-2012-4542, CVE-2013-0311, CVE-2013-1767
MD5 | dd52be4ffddbd3c0b45e1ac59bcaf2ce
Ubuntu Security Notice USN-1844-1
Posted May 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1844-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-2850
MD5 | 5bd6e531cc80e9eb04851217d4fadd4c
Ubuntu Security Notice USN-1845-1
Posted May 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1845-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-2850
MD5 | f877336af00edf8a4d68170808e1e150
Ubuntu Security Notice USN-1846-1
Posted May 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1846-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-2850
MD5 | 79dbdc004d2a0db02bc848c7742f0aae
Ubuntu Security Notice USN-1847-1
Posted May 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1847-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-2850
MD5 | 5686fe386bb78be9030c1e77a80ab5b4
Debian Security Advisory 2697-1
Posted May 31, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2697-1 - It was discovered that a malicious client could crash a GNUTLS server and vice versa, by sending TLS records encrypted with a block cipher which contain invalid padding.

tags | advisory
systems | linux, debian
advisories | CVE-2013-2116
MD5 | 90a25589094225fb8a205580c7a87ce7
Mandriva Linux Security Advisory 2013-171
Posted May 31, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-171 - A flaw was found in the way GnuTLS decrypted TLS record packets when using CBC encryption. The number of pad bytes read form the packet was not checked against the cipher text size, resulting in an out of bounds read. This could cause a TLS client or server using GnuTLS to crash. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-2116
MD5 | 898f7432e5f6166facaaa7f8b40479d8
Red Hat Security Advisory 2013-0883-01
Posted May 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0883-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-2116
MD5 | 8ec6a11e1710594ef8c56eb7494bcc4e
Red Hat Security Advisory 2013-0884-01
Posted May 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0884-01 - These packages provide a transport-independent RPC implementation. A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically allocated. This could cause an application using libtirpc, such as rpcbind, to crash.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-1950
MD5 | c0fe93c1f5d939b676ad910d49e24e8c
Debian Security Advisory 2696-1
Posted May 31, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2696-1 - A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.

tags | advisory
systems | linux, debian
advisories | CVE-2013-3551
MD5 | f260fcef7a4638a093670a3ba3a13f40
Debian Security Advisory 2695-1
Posted May 31, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2695-1 - Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected.

tags | advisory, web, vulnerability, xss
systems | linux, debian
advisories | CVE-2013-2837, CVE-2013-2838, CVE-2013-2839, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2845, CVE-2013-2846, CVE-2013-2847, CVE-2013-2848, CVE-2013-2849
MD5 | dea4a90fb368f2ddf69b540b0c94ac45
Ubuntu Security Notice USN-1838-1
Posted May 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1838-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094, CVE-2013-1929, CVE-2013-1929, CVE-2013-2094
MD5 | adad1674205ea47ddd3aa593e0b50878
HP Security Bulletin HPSBPI02869 SSRT100936 2
Posted May 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02869 SSRT100936 2 - A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2012-5221
MD5 | 09e505c6f38c76b6abc5ebd1e0890c26
Drupal Node Access User Reference 6.x / 7.x Access Bypass
Posted May 30, 2013
Authored by Jamie Wiseman | Site drupal.org

Drupal Node Access User Reference third party modules versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 618adebc62c83879438923175160e9c4
Drupal Edit Limit 7.x Access Bypass
Posted May 30, 2013
Authored by Morten Fangel | Site drupal.org

Drupal Edit Limit third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 555be099693b6d43763b05f3e6a54b86
Drupal Webform 6.x Cross Site Scripting
Posted May 30, 2013
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Webform third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 466e3e894fcc96d5f3c6e5f31e45e3e5
ZoneDirector User Authentication Bypass
Posted May 29, 2013
Authored by Ruckus Product Security Team

A user authentication bypass vulnerability has been discovered in ZoneDirector controllers during standard internal bug reporting procedures. This vulnerability may allow a malicious user to gain unauthorized access to the ZoneDirector administrative web interface.

tags | advisory, web, bypass
MD5 | aa5af0dae5ce625a8492959c673a9f6f
Debian Security Advisory 2695-1
Posted May 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2695-1 - Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected.

tags | advisory, web, vulnerability, xss
systems | linux, debian
advisories | CVE-2013-2837, CVE-2013-2838, CVE-2013-2839, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2845, CVE-2013-2846, CVE-2013-2847, CVE-2013-2848, CVE-2013-2849
MD5 | db1c0c1b5ebeb06bccd1197a692cd934
Ubuntu Security Notice USN-1843-1
Posted May 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1843-1 - It was discovered that GnuTLS incorrectly handled certain padding bytes. A remote attacker could use this flaw to cause an application using GnuTLS to crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-2116
MD5 | 79d106eca2d2fa6d8a9e9dcca34bcbfc
Ruckus SSH Server Tunneling Issue
Posted May 29, 2013
Authored by Ruckus Product Security Team

A user authentication bypass vulnerability has been discovered during standard internal bug reporting procedures in some of the Ruckus devices. This vulnerability may permit an unauthenticated malicious user with network access to port 22 to tunnel random TCP traffic to other hosts on the network via Ruckus devices.

tags | advisory, tcp, bypass
MD5 | 7560f33022076cc0eab0522a28250076
RSA Authentication Manager 8.0 Injection / Disclosure
Posted May 29, 2013
Site emc.com

RSA Authentication Manager version 8.0 suffers from information disclosure and PostgreSQL argument injection vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2013-0947, CVE-2013-1899
MD5 | 807309ecf23a1fa80858b34a505c1224
Mandriva Linux Security Advisory 2013-169
Posted May 29, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-169 - A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process. Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0219, CVE-2013-3571
MD5 | 01e1a1f573d3a997e9efbc13d70ac0b2
Debian Security Advisory 2696-1
Posted May 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2696-1 - A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.

tags | advisory
systems | linux, debian
advisories | CVE-2013-3551
MD5 | d6ab424be74aedab96d579891f0a2b89
Ubuntu Security Notice USN-1842-1
Posted May 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1842-1 - It was discovered that KIO would sometimes display web authentication credentials under certain error conditions. If a user were tricked into opening a specially crafted web page, an attacker could potentially exploit this to expose confidential information.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2013-2074
MD5 | e541709b211b5e70066e512ef43e5397
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
UK TV Drama About North Korea Hit By Hackers
Posted Oct 17, 2017

tags | headline, hacker, government, britain, cyberwar, korea
Russia Tweaks Telegram With Tiny Fine For Decryption Denial
Posted Oct 17, 2017

tags | headline, government, privacy, russia, cryptography
Never Mind The WPA2 Drama... Details Emerge Of TPM Key Fail
Posted Oct 17, 2017

tags | headline, wireless, flaw, cryptography
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close