Gentoo Linux Security Advisory 201311-22 - Multiple vulnerabilities have been found in Namazu, worst of which allows remote attackers to cause a Denial of Service condition. Versions less than 2.0.21 are affected.
cf1c03efd75bf2533cc1c1a5ef8b465bdf5305a5b8eb4bd14243711d106e2c38
Gentoo Linux Security Advisory 201311-21 - A heap-based buffer overflow in cpio might allow a remote rmt server to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.11 are affected.
ad033b6440ffd791abb4c68830d89b3569db4426500c37f2f7a3efe34d81876a
Gentoo Linux Security Advisory 201311-20 - A heap-based buffer overflow in Okular might allow a remote attacker to execute arbitrary code or cause a Denial of Service condition. Versions less than 4.4.5-r2 are affected.
90d2f60d08781dc417b053575206a5874d29481f531479378ff20936a57968c7
Gentoo Linux Security Advisory 201311-19 - Multiple vulnerabilities have been found in rssh, allowing local attackers to bypass access restrictions. Versions less than 2.3.4 are affected.
2cfca946aed87f93230a6b6e24c15593789e28cee281ff97f52258c3b9f27c16
Gentoo Linux Security Advisory 201311-18 - Multiple Denial of Service vulnerabilities have been found in Unbound. Versions less than 1.4.13_p2 are affected.
3dff5969d86693a7dab8a560bda4867b086561ac001da064348a4988c97d21b3
Debian Linux Security Advisory 2807-1 - Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.
ba5a92b5b80509e542694170e4e9e8527491de2d75490fd48b0d59c5569aee23
Gentoo Linux Security Advisory 201311-17 - Multiple vulnerabilities were found in Perl, the worst of which could allow a local attacker to cause a Denial of Service condition. Versions less than 5.12.3-r1 are affected.
17bc7911b1233ec593e55fce4bd6168ee82f0df54d00136756cc65e61e2a42aa
Debian Linux Security Advisory 2806-1 - It was discovered that nbd-server, the server for the Network Block Device protocol, did incorrect parsing of the access control lists, allowing access to any hosts with an IP address sharing a prefix with an allowed address.
398f2e5d0075f4755d9ccc3540ba884827feb9034ec784f85499eec4a5909ef4
Debian Linux Security Advisory 2805-1 - joernchen of Phenoelit discovered two command injection flaws in Sup, a console-based email client. An attacker might execute arbitrary command if the user opens a maliciously crafted email.
5739388c0a7982317759271534e33911f76ce90521112509c624b3d0475a21c3
AndroidOS version 4.3 suffers from a permission bypass vulnerability.
aaeba62be4fd6673451716fbb121574a7bc44ecd952c19edfd48488e84ae54b1
A user authentication bypass vulnerability has been discovered in Ruckus Access Point's administrative web interface. This vulnerability may allow a malicious user to gain unauthorized access to the administrative web interface.
3b39b726272397dfd90d0e4136f00557380edbd2ca30b9270c6be93d5bfbe996
LiveZilla versions prior to 5.1.1.0 suffer from a local password disclosure vulnerability.
006c7e335ba63cc2c9987933dc23afb5010f912c0b7463620fd4a36bfda4895e
Red Hat Security Advisory 2013-1771-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.3.0, and includes bug fixes and enhancements.
cfbd12293d4d44a00c7d447f34324ce7fcd2e870ad7a21d653d848e076f3d31a
Ubuntu Security Notice 2035-1 - Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitrary code. Vit Ondruch discovered that Ruby did not perform taint checking for certain functions. An attacker could possibly use this issue to bypass certain intended restrictions. Various other issues were also addressed.
a2094b5b2fa50416a4aec6e7c92d9a4bcf5df077b96d5767978f654d207b461a
HP Security Bulletin HPSBGN02942 - A potential security vulnerability has been identified with HP Service Manager and ServiceCenter. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
55d4d9370dc1db526bd967ce22f2484ddc55ca6d40c60eb662a4856a090ad9a2
Debian Linux Security Advisory 2804-1 - Multiple vulnerabilities have been discovered in Drupal, a fully-featured pseudo random number generation, code execution, incorrect security token validation and cross-site scripting.
bb248a33c9cbbcac5fd1f14ab647152f102191361c77dab0fc409a0d3ac360bc
Mandriva Linux Security Advisory 2013-287 - Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive. Drupal's form API has built-in cross-site request forgery validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations. Drupal core directly used the mt_rand() pseudorandom number generator for generating security related strings used in several core modules. It was found that brute force tools could determine the seeds making these strings predictable under certain circumstances. Various other issues have also been addressed. The updated packages has been upgraded to the 7.24 version which is unaffected by these security flaws.
958180778f88077c61e265f40660daa111c4ef11bf0e9751923461f1d0921d68
Red Hat Security Advisory 2013-1767-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.
0e29704338da181b2835ecfd56b040af223908a38ff777c5984aceda0f06296c
Debian Linux Security Advisory 2803-1 - Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon.
bb3b05ec11b37b0531a2aca1e1d48ff15bede13374e77f396d94caf2a28756ab
Mandriva Linux Security Advisory 2013-286 - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using JSON.parse. The updated packages have been patched to correct these issues.
cfc0fd3fa54abb9bde25559ea8dbc09a703b2fccbe2ead469de45ba5d983b687
Mandriva Linux Security Advisory 2013-285 - Cross-site request forgery vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. Cross-site request forgery vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. Multiple cross-site scripting vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the id or sortkey parameter. Multiple cross-site scripting vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. The updated packages have been upgraded to the 4.2.7 version which is not affected by these issues.
218ee3f02337407ea357a0fe94a4fa234c1430469d582fb26b223bd5e81d8b83
Open-Xchange frontend6 and backend components suffer from cross site scripting vulnerabilities.
2ba2cbc9a883832dff4e72cc423bdd151e4c15a2909a181acd3f69ebb3b75e51
Kernel MSM versions prior to 3.10 suffer from a memory leak in the Genlock driver.
bab34632681acb34290802692cd529eb033d5bfde86c6aaad103565ca18886e2
Ubuntu Security Notice 2034-1 - Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backend by default.
ef9b36d31a347025ca7888b49d3b6bf656af60651b29c0135174ed51b7115535
Debian Linux Security Advisory 2800-1 - Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code.
f80c6fc4a8ef5c52c6f5c13383f4c4b79773a88280a6478b8a2c3b12073ca5fc