Ubuntu Security Notice 1910-1 - Maxim Shudrak discovered that Bind incorrectly handled certain malformed rdata. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.
0897033390d296a9ef63ec8183d77ea83c2dfac3bcece6cc232c0f4c8928b234Mandriva Linux Security Advisory 2013-202 - The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. The updated packages for Enterprise Server 5 have been patched to correct this issue. The updated packages for Business Server 1 have been upgraded to the 9.9.3-P2 version which is not vulnerable to this issue.
81f641183de26262e71f4b53dd49a153a27531ad1f983c82c624502231052b82Debian Linux Security Advisory 2729-1 - OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect.
404afb222135a19aaf78a3b157d3a4a64ca33cccc96fb95da671c31764342699Debian Linux Security Advisory 2728-1 - Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query.
a0841bbff63be72c66d72727b311877a598ecc9a936404ef7f60bdc5961b4a5fCA Technologies Support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists that can allow a remote attacker to conduct cross-site scripting attacks. CA Technologies published patches to address the vulnerability. The vulnerability occurs due to insufficient verification of URL query string parameters. An attacker, who can have an unsuspecting user follow a carefully constructed URL, may perform various cross-site scripting attacks.
d63a76083ac68c48ee8a7b1f88abdecf4446e7f484d0f8db4a371147e75caf8cMandriva Linux Security Advisory 2013-201 - A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. The updated packages have been patched to correct this issue.
0349cb2a5969f7ce15be8221655c9c0d29087e930e70abd1986377041596b59fMandriva Linux Security Advisory 2013-200 - The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005. lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion attack. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. The updated packages have been patched to correct these issues.
736656b494186a6b0fd429a99fa38e28936ba86fe90a953f36f4d67cff987694Apache OpenOffice suffers from a vulnerability that is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. Versions affected include Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.
b07c9e7c2f54011267e57cd0ce5a5198611a832d36e144dd8d1921b7f7ca3078Debian Linux Security Advisory 2727-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
d4f5c2f1b04861b6443eec45834b6e3d0c817455527f364f468feff87986028cDebian Linux Security Advisory 2726-1 - A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow.
72f234e7c07428d2e63e1a252b99f6eb0b9282b4ae5ce2396ffd5d580e411c58Mandriva Linux Security Advisory 2013-199 - Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid service. The updated packages have been patched to correct this issue.
4815216226b61310dce0c6530a147917f7ebac473d8ffe02ed70a0815d63d93fUbuntu Security Notice 1909-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.70 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.04 have been updated to MySQL 5.5.32. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
872c16b08d04ddfc191144c894d91138478e931567d53ba3589f43b24ed515f7HP Security Bulletin HPSBGN02905 - Potential security vulnerabilities have been identified with HP LoadRunner. The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). Revision 1 of this advisory.
43da885fdebda26382764369711cbf24e26c0adae71be911ebfc154158b77f6fHP Security Bulletin HPSBGN02906 - A potential security vulnerability has been identified with HP Application Lifecycle Management Quality Center (ALM). The vulnerability could be remotely exploited resulting in Cross Site Scripting (XSS). Revision 1 of this advisory.
3bb4602f64a408d4b34c04935b5443f73fb49fdc31020d8fcb2287535b6237eeHP Security Bulletin HPSBMU02894 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. These vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS) or unauthorized access or execution of arbitrary code. Revision 1 of this advisory.
eacd5c85848fe70e3b06674a93d19b20ce220a3b1047e565ac14544a22f6e877Cisco Security Advisory - The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system.
8667d0b02c37ab85ed00ba5415096d156c627c81a71f23f4f17c7bbd0f63005bAutoCAD DWG-AC1021 suffers from an arbitrary pointer dereference vulnerability that can be exploited to compromise a system.
219a7db1a561eff423e65169d002771554f84e51f9e61f3996c00b73c866de51Mandriva Linux Security Advisory 2013-198 - A denial of service flaw was found in the way libxml2, a library providing support to read, modify and write XML and HTML files, performed string substitutions when entity values for external entity references replacement was requested / enabled during the XML file parsing. A remote attacker could provide a specially-crafted XML file containing an external entity expansion, when processed would lead to excessive CPU consumption (denial of service.This a different flaw from CVE-2013-0338. parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. The updated packages have been patched to correct these issues.
0adde045bd99e01ceb9cddd85290c183f51ea250b87fc07a959a2b1d427e791dDrupal Scald versions 6.x and 7.x suffer from a cross site scripting vulnerability.
31efa592720a283b50038fb9abf65bab1ccd1c7bab69eb9033f029d565ae589eWhatsApp fails to secure communications when spawning functionality for Google Wallet and Paypal. Versions 2.9.6447 through 2.10.751 are affected.
260e26aeec72763f25b273ccb4f424dd4aeffd1b74f89099d65012fdf72375d4Cyberoam is warning the general public that Orbit Downloader is causing massive SYN flooding.
90e5f178d86720bbe16c5ed5b968847e9f32057836a9e8e77e7dd1b41134ee7dMandriva Linux Security Advisory 2013-197 - MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. The updated packages have been upgraded to the 5.1.70 version which is not vulnerable to these issues.
229df34dd4237d981a5e24fcb11c9a090cdde5addd7ca7da33dcb3e9b36947e2Red Hat Security Advisory 2013-1103-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Red Hat OpenStack makes use of Puppet, which is written in Ruby. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct a man-in-the-middle attack against the Puppet master and its clients. Note that to exploit this issue, an attacker would need to get a carefully-crafted certificate signed by an authority that the Puppet master and clients trust.
3af6f62904e5e2f9c0544724370c57e046a437d3917b85caaca4e7f10e3a6731Ubuntu Security Notice 1908-1 - A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
c6e86f1288af7e22a761f9d766592dbed8c45c4f2f70fe5359000d1b2b6fc3f9Surge FTP server versions 23c8 and below suffer from a buffer overflow vulnerability.
8371e4e6a2219b80f0cdd60273de6526a797aaa7f16bbda2d393ad1b7b415834
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed