all things security
Showing 1 - 25 of 198 RSS Feed

Files

Gentoo Linux Security Advisory 201311-22
Posted Nov 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-22 - Multiple vulnerabilities have been found in Namazu, worst of which allows remote attackers to cause a Denial of Service condition. Versions less than 2.0.21 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2009-5028, CVE-2011-4345, CVE-2011-4711
MD5 | 648dcae16fd8f9273906deb2185e141c
Gentoo Linux Security Advisory 201311-21
Posted Nov 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-21 - A heap-based buffer overflow in cpio might allow a remote rmt server to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.11 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2010-0624
MD5 | 869c21a39db4e3d1e3c51c55daa109c7
Gentoo Linux Security Advisory 201311-20
Posted Nov 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-20 - A heap-based buffer overflow in Okular might allow a remote attacker to execute arbitrary code or cause a Denial of Service condition. Versions less than 4.4.5-r2 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2010-2575
MD5 | 059903ebcaef098886848e515db2ea86
Gentoo Linux Security Advisory 201311-19
Posted Nov 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-19 - Multiple vulnerabilities have been found in rssh, allowing local attackers to bypass access restrictions. Versions less than 2.3.4 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2252, CVE-2012-3478
MD5 | ad764bbe40fd652356870c46f85b836b
Gentoo Linux Security Advisory 201311-18
Posted Nov 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-18 - Multiple Denial of Service vulnerabilities have been found in Unbound. Versions less than 1.4.13_p2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2011-4528, CVE-2011-4869
MD5 | ab45abdcb8f90422de1493c2ab8f0e82
Debian Security Advisory 2807-1
Posted Nov 30, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2807-1 - Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.

tags | advisory, web, overflow
systems | linux, debian
advisories | CVE-2013-6050
MD5 | 323da8db4d2079ada3311f350826f2bb
Gentoo Linux Security Advisory 201311-17
Posted Nov 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-17 - Multiple vulnerabilities were found in Perl, the worst of which could allow a local attacker to cause a Denial of Service condition. Versions less than 5.12.3-r1 are affected.

tags | advisory, denial of service, local, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5302, CVE-2008-5303, CVE-2010-1158, CVE-2011-0761, CVE-2011-1487
MD5 | f6e51b3fc762277e2834ea5fa6741e05
Debian Security Advisory 2806-1
Posted Nov 30, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2806-1 - It was discovered that nbd-server, the server for the Network Block Device protocol, did incorrect parsing of the access control lists, allowing access to any hosts with an IP address sharing a prefix with an allowed address.

tags | advisory, protocol
systems | linux, debian
MD5 | f330cb2fab83e8ede6927385b1875812
Debian Security Advisory 2805-1
Posted Nov 30, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2805-1 - joernchen of Phenoelit discovered two command injection flaws in Sup, a console-based email client. An attacker might execute arbitrary command if the user opens a maliciously crafted email.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2013-4478, CVE-2013-4479
MD5 | 6790522a4d7327eeab3794a161f017e3
AndroidOS 4.3 Permission Bypass
Posted Nov 29, 2013
Authored by Curesec Research Team

AndroidOS version 4.3 suffers from a permission bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2013-6271
MD5 | 8d5de2873551aae621cd9345ad0c74ec
Ruckus Access Point Authentication Bypass
Posted Nov 29, 2013
Authored by Ruckus Product Security Team

A user authentication bypass vulnerability has been discovered in Ruckus Access Point's administrative web interface. This vulnerability may allow a malicious user to gain unauthorized access to the administrative web interface.

tags | advisory, web, bypass
MD5 | fe8c19610f6b87b155854e6dca5fcb54
LiveZilla Password Disclosure
Posted Nov 29, 2013
Authored by Curesec Research Team

LiveZilla versions prior to 5.1.1.0 suffer from a local password disclosure vulnerability.

tags | advisory, local
advisories | CVE-2013-6223
MD5 | 333a14613778633cb10f4f4083e15be5
Red Hat Security Advisory 2013-1771-01
Posted Nov 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1771-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.3.0, and includes bug fixes and enhancements.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-4112
MD5 | 3f052eec92a2a487f986d1014eb1717a
Ubuntu Security Notice USN-2035-1
Posted Nov 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2035-1 - Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitrary code. Vit Ondruch discovered that Ruby did not perform taint checking for certain functions. An attacker could possibly use this issue to bypass certain intended restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2013-4164, CVE-2013-2065, CVE-2013-2065, CVE-2013-4164
MD5 | a993e5bd40e2e44c864bb09b2e97bc80
HP Security Bulletin HPSBGN02942
Posted Nov 27, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02942 - A potential security vulnerability has been identified with HP Service Manager and ServiceCenter. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.

tags | advisory, remote, code execution
advisories | CVE-2013-4844
MD5 | 894d612501fdd9393aa0880fa3ee071c
Debian Security Advisory 2804-1
Posted Nov 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2804-1 - Multiple vulnerabilities have been discovered in Drupal, a fully-featured pseudo random number generation, code execution, incorrect security token validation and cross-site scripting.

tags | advisory, vulnerability, code execution, xss
systems | linux, debian
advisories | CVE-2013-6385, CVE-2013-6386, CVE-2013-6387, CVE-2013-6388, CVE-2013-6389
MD5 | 0f89d5075b4f21108407d648d1b11702
Mandriva Linux Security Advisory 2013-287
Posted Nov 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-287 - Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive. Drupal's form API has built-in cross-site request forgery validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations. Drupal core directly used the mt_rand() pseudorandom number generator for generating security related strings used in several core modules. It was found that brute force tools could determine the seeds making these strings predictable under certain circumstances. Various other issues have also been addressed. The updated packages has been upgraded to the 7.24 version which is unaffected by these security flaws.

tags | advisory, csrf
systems | linux, mandriva
advisories | CVE-2013-0316, CVE-2013-6385, CVE-2013-6386, CVE-2013-6387, CVE-2013-6388, CVE-2013-6389
MD5 | 6b765b3883a657882c48081af446ce92
Red Hat Security Advisory 2013-1767-01
Posted Nov 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1767-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164
MD5 | ebb935702ad996202cc29ef2059d9141
Debian Security Advisory 2803-1
Posted Nov 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2803-1 - Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-2236, CVE-2013-6051
MD5 | fc080bf1a21a3d4d1f98fa51712ccd94
Mandriva Linux Security Advisory 2013-286
Posted Nov 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-286 - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using JSON.parse. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, arbitrary, ruby
systems | linux, mandriva
advisories | CVE-2013-4164
MD5 | dd23f5509f4b44a6c7744d9d307bf3d4
Mandriva Linux Security Advisory 2013-285
Posted Nov 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-285 - Cross-site request forgery vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. Cross-site request forgery vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. Multiple cross-site scripting vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the id or sortkey parameter. Multiple cross-site scripting vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. The updated packages have been upgraded to the 4.2.7 version which is not affected by these issues.

tags | advisory, remote, web, arbitrary, cgi, vulnerability, xss, csrf
systems | linux, mandriva
advisories | CVE-2013-1733, CVE-2013-1734, CVE-2013-1742, CVE-2013-1743
MD5 | f13e8ba9f8db87507ac43dc7f30e8c56
Open-Xchange frontend6 6.22.4 / backend 7.4.0 Cross Site Scripting
Posted Nov 26, 2013
Authored by Martin Braun

Open-Xchange frontend6 and backend components suffer from cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2013-6242
MD5 | ae8ff53f53bf14ebc076c02d2b2aea9d
Kernel MSM Memory Leak
Posted Nov 26, 2013
Authored by Jonathan Salwan

Kernel MSM versions prior to 3.10 suffer from a memory leak in the Genlock driver.

tags | advisory, kernel, memory leak
advisories | CVE-2013-6392
MD5 | f0ca87eeaf291d57a46180d486cf2c03
Ubuntu Security Notice USN-2034-1
Posted Nov 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2034-1 - Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backend by default.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-4477
MD5 | 1775bff83a39043eed1b2e81a1083971
Debian Security Advisory 2800-1
Posted Nov 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2800-1 - Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2013-5605
MD5 | f24058e1eeb58e93130d7f9a009405ec
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
UK TV Drama About North Korea Hit By Hackers
Posted Oct 17, 2017

tags | headline, hacker, government, britain, cyberwar, korea
Russia Tweaks Telegram With Tiny Fine For Decryption Denial
Posted Oct 17, 2017

tags | headline, government, privacy, russia, cryptography
Never Mind The WPA2 Drama... Details Emerge Of TPM Key Fail
Posted Oct 17, 2017

tags | headline, wireless, flaw, cryptography
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close