Gentoo Linux Security Advisory 201311-22 - Multiple vulnerabilities have been found in Namazu, worst of which allows remote attackers to cause a Denial of Service condition. Versions less than 2.0.21 are affected.
cf1c03efd75bf2533cc1c1a5ef8b465bdf5305a5b8eb4bd14243711d106e2c38Gentoo Linux Security Advisory 201311-21 - A heap-based buffer overflow in cpio might allow a remote rmt server to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.11 are affected.
ad033b6440ffd791abb4c68830d89b3569db4426500c37f2f7a3efe34d81876aGentoo Linux Security Advisory 201311-20 - A heap-based buffer overflow in Okular might allow a remote attacker to execute arbitrary code or cause a Denial of Service condition. Versions less than 4.4.5-r2 are affected.
90d2f60d08781dc417b053575206a5874d29481f531479378ff20936a57968c7Gentoo Linux Security Advisory 201311-19 - Multiple vulnerabilities have been found in rssh, allowing local attackers to bypass access restrictions. Versions less than 2.3.4 are affected.
2cfca946aed87f93230a6b6e24c15593789e28cee281ff97f52258c3b9f27c16Gentoo Linux Security Advisory 201311-18 - Multiple Denial of Service vulnerabilities have been found in Unbound. Versions less than 1.4.13_p2 are affected.
3dff5969d86693a7dab8a560bda4867b086561ac001da064348a4988c97d21b3Debian Linux Security Advisory 2807-1 - Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.
ba5a92b5b80509e542694170e4e9e8527491de2d75490fd48b0d59c5569aee23Gentoo Linux Security Advisory 201311-17 - Multiple vulnerabilities were found in Perl, the worst of which could allow a local attacker to cause a Denial of Service condition. Versions less than 5.12.3-r1 are affected.
17bc7911b1233ec593e55fce4bd6168ee82f0df54d00136756cc65e61e2a42aaDebian Linux Security Advisory 2806-1 - It was discovered that nbd-server, the server for the Network Block Device protocol, did incorrect parsing of the access control lists, allowing access to any hosts with an IP address sharing a prefix with an allowed address.
398f2e5d0075f4755d9ccc3540ba884827feb9034ec784f85499eec4a5909ef4Debian Linux Security Advisory 2805-1 - joernchen of Phenoelit discovered two command injection flaws in Sup, a console-based email client. An attacker might execute arbitrary command if the user opens a maliciously crafted email.
5739388c0a7982317759271534e33911f76ce90521112509c624b3d0475a21c3AndroidOS version 4.3 suffers from a permission bypass vulnerability.
aaeba62be4fd6673451716fbb121574a7bc44ecd952c19edfd48488e84ae54b1A user authentication bypass vulnerability has been discovered in Ruckus Access Point's administrative web interface. This vulnerability may allow a malicious user to gain unauthorized access to the administrative web interface.
3b39b726272397dfd90d0e4136f00557380edbd2ca30b9270c6be93d5bfbe996LiveZilla versions prior to 5.1.1.0 suffer from a local password disclosure vulnerability.
006c7e335ba63cc2c9987933dc23afb5010f912c0b7463620fd4a36bfda4895eRed Hat Security Advisory 2013-1771-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.3.0, and includes bug fixes and enhancements.
cfbd12293d4d44a00c7d447f34324ce7fcd2e870ad7a21d653d848e076f3d31aUbuntu Security Notice 2035-1 - Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitrary code. Vit Ondruch discovered that Ruby did not perform taint checking for certain functions. An attacker could possibly use this issue to bypass certain intended restrictions. Various other issues were also addressed.
a2094b5b2fa50416a4aec6e7c92d9a4bcf5df077b96d5767978f654d207b461aHP Security Bulletin HPSBGN02942 - A potential security vulnerability has been identified with HP Service Manager and ServiceCenter. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
55d4d9370dc1db526bd967ce22f2484ddc55ca6d40c60eb662a4856a090ad9a2Debian Linux Security Advisory 2804-1 - Multiple vulnerabilities have been discovered in Drupal, a fully-featured pseudo random number generation, code execution, incorrect security token validation and cross-site scripting.
bb248a33c9cbbcac5fd1f14ab647152f102191361c77dab0fc409a0d3ac360bcMandriva Linux Security Advisory 2013-287 - Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive. Drupal's form API has built-in cross-site request forgery validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations. Drupal core directly used the mt_rand() pseudorandom number generator for generating security related strings used in several core modules. It was found that brute force tools could determine the seeds making these strings predictable under certain circumstances. Various other issues have also been addressed. The updated packages has been upgraded to the 7.24 version which is unaffected by these security flaws.
958180778f88077c61e265f40660daa111c4ef11bf0e9751923461f1d0921d68Red Hat Security Advisory 2013-1767-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.
0e29704338da181b2835ecfd56b040af223908a38ff777c5984aceda0f06296cDebian Linux Security Advisory 2803-1 - Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon.
bb3b05ec11b37b0531a2aca1e1d48ff15bede13374e77f396d94caf2a28756abMandriva Linux Security Advisory 2013-286 - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using JSON.parse. The updated packages have been patched to correct these issues.
cfc0fd3fa54abb9bde25559ea8dbc09a703b2fccbe2ead469de45ba5d983b687Mandriva Linux Security Advisory 2013-285 - Cross-site request forgery vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. Cross-site request forgery vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. Multiple cross-site scripting vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the id or sortkey parameter. Multiple cross-site scripting vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. The updated packages have been upgraded to the 4.2.7 version which is not affected by these issues.
218ee3f02337407ea357a0fe94a4fa234c1430469d582fb26b223bd5e81d8b83Open-Xchange frontend6 and backend components suffer from cross site scripting vulnerabilities.
2ba2cbc9a883832dff4e72cc423bdd151e4c15a2909a181acd3f69ebb3b75e51Kernel MSM versions prior to 3.10 suffer from a memory leak in the Genlock driver.
bab34632681acb34290802692cd529eb033d5bfde86c6aaad103565ca18886e2Ubuntu Security Notice 2034-1 - Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backend by default.
ef9b36d31a347025ca7888b49d3b6bf656af60651b29c0135174ed51b7115535Debian Linux Security Advisory 2800-1 - Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code.
f80c6fc4a8ef5c52c6f5c13383f4c4b79773a88280a6478b8a2c3b12073ca5fc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed