Mandriva Linux Security Advisory 2013-240 - Multiple security vulnerabilities exist due to improper sanitation of user input in GLPI versions prior to 0.83.9, 0.83.91, and 0.84.2. This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2, to fix these issues.
4d3c00a2edfe641cebcea5516c934560c44649ada453ccf113b27403bf71b449Cisco Security Advisory - A vulnerability in the implementation of the Network Time Protocol (NTP) feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of multicast NTP packets that are sent to an affected device encapsulated in a Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message from a configured MSDP peer. An attacker could exploit this vulnerability by sending multicast NTP packets to an affected device. Repeated exploitation could result in a sustained DoS condition. Cisco has released free software updates that address this vulnerability. A workaround is available to mitigate this vulnerability.
26e0e238dca4511525895ffa0eddafc629172317cf7ef7d4ae4a46cc6908fdb4Cisco Security Advisory - A vulnerability in the Zone-Based Firewall (ZBFW) component of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload. The vulnerability is due to improper processing of specific HTTP packets when the device is configured for either Cisco IOS Content Filtering or HTTP application layer gateway (ALG) inspection. An attacker could exploit this vulnerability by sending specific HTTP packets through an affected device. An exploit could allow the attacker to cause an affected device to hang or reload. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
5fa03221d9816d3015832510c218ef91c3bf8eb4603c1f86cbb6a87f89853fe9HP Security Bulletin HPSBMU02872 SSRT101185 2 - Potential security vulnerabilities have been identified with HP Service Manager Web Tier running on Windows. Service Manager Web Tier is vulnerable to remote disclosure of information and cross site scripting (XSS). Revision 2 of this advisory.
3baca2d143d75375c164427e2ae231c537079c304306fb1ee5c483f220f8a2a4Cisco Security Advisory - The Cisco IOS Software implementation of the network address translation (NAT) feature contains three vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.
94953ab0dff6a2e901274ec8b4f46779d4645720bf2390bbffed0e8224d63fb2Cisco Security Advisory - A vulnerability in the implementation of the virtual fragmentation reassembly (VFR) feature for IP version 6 (IPv6) in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a race condition while accessing the reassembly queue for IPv6 fragments. An attacker could exploit this vulnerability by sending a crafted stream of valid IPv6 fragments. Repeated exploitation may result in a sustained DoS condition. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.
8f713408f5485ebe4bd2af72fa2c6d1a787b587c82d2bf30400c3e25715d78b1Zabbix version 2.0.5 suffers from an issue where it allows for the disclosure of a user's password.
cf632cf260f0dd10243a64e66e97a8eb0ca481c0cc6b35ff2633b0cd564cacf9Gentoo Linux Security Advisory 201309-16 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Versions less than 29.0.1457.57 are affected.
293018f8600eb4af907da24f3a7de835c23ff421a14f1d5725376bc9025713ceRed Hat Security Advisory 2013-1284-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master.
4bb7805d5def15a8dc28ddfaae2ef552d6d9441335f4d97325b7f1fdf1f7cc80Gentoo Linux Security Advisory 201309-15 - Multiple vulnerabilities have been found in ProFTPD, the worst of which leading to remote execution of arbitrary code. Versions less than 1.3.4d are affected.
791bb06b4102a706095adc46d590ae0b5ea0a225e56966180f59fa840c1de6d2Ubuntu Security Notice 1967-1 - It was discovered that Django incorrectly handled large passwords. A remote attacker could use this issue to consume resources, resulting in a denial of service. It was discovered that Django incorrectly handled ssi templates. An attacker could use this issue to read arbitrary files. It was discovered that the Django is_safe_url utility function did not restrict redirects to certain schemes. An attacker could possibly use this issue to perform a cross-site scripting attack. Various other issues were also addressed.
b392b918c4a2132a058b80068ecb5d6b09912f2551f9368b0623a0e6b05f9241Ubuntu Security Notice 1966-1 - Jeremy Allison discovered that Samba incorrectly handled certain extended attribute lists. A remote attacker could use this issue to cause Samba to hang, resulting in a denial of service.
ac2fb018077ff85b5f0ba303e50222cfa407826452614624bdce0b05b6b38069Red Hat Security Advisory 2013-1283-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master.
63ebc0aa0fac12c356a13589f9eb998f453cf710856dedc04932ebb1d46ecd16Red Hat Security Advisory 2013-1282-01 - RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition.
0c4ac21cdde7e806c617a55e30cacf46e89b8ea87b28d067577c29d5569e2e19Gentoo Linux Security Advisory 201309-14 - Multiple vulnerabilities have been reported in MoinMoin, the worst of which may allow execution of arbitrary code. Versions less than 1.9.6 are affected.
6a08d9bee44e6479fda1f205ce909241ff0aff3b3633609ae564bc28978818cfGentoo Linux Security Advisory 201309-13 - Multiple vulnerabilities have been found in GNU ZRTP, some of which may allow execution of arbitrary code. Versions less than 2.3.4 are affected.
af3db29ede5b0c9e93ddaaa1bc876bbedc0791bc71711edafa2fe40be107e27cDebian Linux Security Advisory 2763-1 - It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field.
49f7af93886cb2e4925c18af4a4080e0c1640e728c84299dcb893d6514dbfc87Gentoo Linux Security Advisory 201309-12 - Multiple vulnerabilities have been discovered in Apache HTTP Server, possibly allowing remote attackers to execute arbitrary code, cause a Denial of Service condition or perform man-in-the-middle attacks. Versions less than 2.2.25 are affected.
a834b8c97a0c98dcf9ffd2350ae88c9499323cf2cc10bcbb258da5bf98c05882Gentoo Linux Security Advisory 201309-11 - Multiple vulnerabilities have been found in Subversion, allowing attackers to cause a Denial of Service, escalate privileges, or obtain sensitive information. Versions less than 1.7.13 are affected.
bfe40a4d66f395924c269877ddf68f495d3d3de142a58bf24a97c981c9b7c9d4Ubuntu Security Notice 1965-1 - It was discovered that pyOpenSSL did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
9a62177c15f37e7c4836b84c5bef097ee6d8aade227639bbf1331a5b2718f5f8Ubuntu Security Notice 1964-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denial of service.
058283230c12a801b053bf0c867c65eea622018734173ac4d9c93508f3edf518Red Hat Security Advisory 2013-1260-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state.
b6911a2d88f3383a2433d1ba0bb3834896d31dcd24d650b65d2dbfba1df22b28Debian Linux Security Advisory 2762-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code.
1f2d0e9338e4bcc954cee7d4e39d03c6db8cc45f37ce200d040a7c5838fbfaf0Apache Struts versions prior to 2.3.15.2 suffer from broken access control and dynamic method invocation disabled by default. 2.3.15.2 was released to address these issues.
461684279fc06b8115c5779042c29e7a6062120994f9ce9087c874c5a29ac245HP Security Bulletin HPSBST02919 - A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite Software. The vulnerability could be remotely exploited resulting in Cross Site Scripting (XSS). Revision 1 of this advisory.
0953bb4514a93447feb5a3d792cb8d9b63be5210a9a46e08a6b5a82afa25019e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed