Debian Linux Security Advisory 2747-1 - Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems.
5cff70381259ac904ac31e8d328da100be3280ec8d318231c9f20a320d7da4ad
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a memory corruption error in the IE broker process when copying certain data, which could be exploited by remote attackers to bypass IE Protected Mode sandbox and execute arbitrary code with Medium integrity permissions.
3d6e15caa33453b5524370e307651de35239a58b0caa6422c0ed2d1d0c5641f4
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "SlayoutRun::GetCharacters()" function when replacing a text adjacent to an element, which could be exploited by remote attackers to compromise a vulnerable system.
683c33dd6eb12cee75b2e4d6ed700f0698a0917bade475617e2d9fec55f60a67
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a design error in the "ntdll.LdrHotPatchRoutine" function which can be abused to load an arbitrary library e.g. from a remote network share, leading to arbitrary code execution and ASLR bypass.
80c160d6c598062067a6a89779a585babc9a0065f719657a207d41d32477c58a
Gentoo Linux Security Advisory 201308-5 - The references section of the original advisory contained wrong CVE references.
ebd71cf22019908747f1ea5cdd3a86acfb248e6a38bfa41979b555e7a1acbe4c
Slackware Security Advisory - New php packages are available for Slackware 14.0, and -current to fix a security issue.
ecb1893087d0d66f7dad6cf8deaa65276787950af36d4ce86965243130244165
Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, and -current to fix a security issue.
d8b63bcd49f44bb59448c810296db5ea1c1da32b571e78c2773ee2634be2daf9
Mandriva Linux Security Advisory 2013-223 - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present. A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.
fe608e9d309776c3c74a970f61a6a3304dc0d8dc4cc95d54316d0c533e08f277
VMware Security Advisory 2013-0011 - VMware has updated VMware ESXi and ESX to address a vulnerability in an unhandled exception in the NFC protocol handler.
0789baa7bebd1d751cfec338c14d6c275606f4495052e7dfa5e95751824ad5e3
Gentoo Linux Security Advisory 201308-6-2 - The references section of the original advisory contained wrong CVE references.
f55dddfb5e32f8447e8f4c85d600ec6b3af91b45f0d4851a964df1ee21ef722b
Red Hat Security Advisory 2013-1185-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss Fuse 6.0.0 patch 2 is an update to Red Hat JBoss Fuse 6.0.0 and includes bug fixes.
0939186bded3bc21379c4815dec6ff27fa7ec3cd68880f3f51e0f782423a24ac
CyberArk Vault versions prior to 7.20.37 suffer from multiple user enumeration vulnerabilities.
2c9165f3e7ef400778699bc7ee1575c639a581bd0fa9c04fa40e4fac52460c6c
Debian Linux Security Advisory 2746-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code or cross-site scripting.
066d7c113b0c85a7655f00b154282b537f716ce919215cbc842ab76b2915d745
Gentoo Linux Security Advisory 201308-6 - Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.1.70 are affected.
a5ac28b86f0822c45d84e94416073eff2e1458438f359271b10e054b23cae04e
Debian Linux Security Advisory 2745-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
3eec460e99a9f554b7bc89f94799ac98b40ec17e5325c416c1ece8a5c548e48f
Gentoo Linux Security Advisory 201308-5 - Multiple vulnerabilities have been found in Wireshark, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.10.1 are affected.
afc074569b171377b721881b1008798f9d7adea3d3545cc57e14f5899a9a8a18
Red Hat Security Advisory 2013-1182-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle the receipt of certain MOD operations with a bogus Distinguished Name. A remote, unauthenticated attacker could use this flaw to cause the 389 Directory Server to crash. All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically.
ad79a80c525e40f5a8b8e35492bf65f8f8480d0c5b00f47e089143dfe954475d
Core Security Technologies Advisory - EPS Viewer is prone to a security vulnerability when processing EPS files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing EPS Viewer users to open a specially crafted EPS file (client-side vulnerability).
1e976c709e9923b7de99cb14fb2f670c20a612913a3af82da2b7ddc3bc925d6a
Drupal Node View Permissions third party module version 7.x suffers from an access bypass vulnerability.
7ca5999ea6318f70dcc57e0ccabbb7102184fb0146a57fbc7a302308d2e184f0
Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.
b1ea1870b8ffa92fa2b9399875bedbe661440f8f5a1a71aa38f9d130235ae5ae
Core Security Technologies Advisory - Aloaha PDF Suite is prone to a security vulnerability when processing PDF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing Aloaha users to open a specially crafted PDF file.
21cd4dd29b0d5d565a77dc20c6f24d3e2536eafdb028b9c755120d0d051d37dd
HP Security Bulletin HPSBHF02888 3 - Potential security vulnerabilities have been identified with HP Network Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code. Revision 3 of this advisory.
8239e84bfea2e012f2e9ee091ba0f400119fe80706c62cfd2e732a4608f577ae
Drupal Flag third party module version 7.x suffers from a cross site scripting vulnerability.
f1f231f32167e84be3f73dd02169b893610f503b40cd32c0074fdabdc225ed9c
Cisco Security Advisory - A vulnerability in the EAP-FAST authentication module of Cisco Secure Access Control Server (ACS) versions 4.0 through 4.2.1.15 could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Secure ACS server. This vulnerability is only present when Cisco Secure ACS is configured as a RADIUS server. The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server. There are no workarounds for this vulnerability. Cisco has released free software updates that address this vulnerability.
24f4eb4918b68ce6f025d4f11b936967593ada6bace57a42d482fdba12d618c3
Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present.
7b5b33cd2756da3ffe8c64031b7e60cd9b0cbd4644f5ab8e89498500f2a141bc