all things security
Showing 1 - 25 of 190 RSS Feed

Files

Ubuntu Security Notice USN-2096-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2096-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0038
MD5 | de71c756acf323ef79014f04e6a9918f
Debian Security Advisory 2849-1
Posted Jan 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2849-1 - Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user.

tags | advisory, web
systems | linux, debian
advisories | CVE-2014-0015
MD5 | 30995661227275cc7e173b0a93245365
Ubuntu Security Notice USN-2095-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2095-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0038
MD5 | bb8bd178738afb72dc5657048330c13c
Ubuntu Security Notice USN-2094-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2094-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0038
MD5 | 4f953fe0b29053dbb30be8649a200bc8
WordPress Contact Form 7 3.5.3 Shell Upload
Posted Jan 31, 2014
Authored by MustLive

WordPress Contact Form 7 versions 3.5.3 and below suffer from a remote shell upload vulnerability.

tags | advisory, remote, shell
MD5 | 31d061b82323d1b6d271c09a577543ae
Ubuntu Security Notice USN-2092-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2092-1 - Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2013-4344, CVE-2013-4375, CVE-2013-4377, CVE-2013-4344, CVE-2013-4375, CVE-2013-4377
MD5 | ec1c918c14603a1f253da7d644ed8fcf
Ubuntu Security Notice USN-2093-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2093-1 - Martin Kletzander discovered that libvirt incorrectly handled reading memory tunables from LXC guests. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. Dario Faggioli discovered that libvirt incorrectly handled the libxl driver. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2013-6436, CVE-2013-6457, CVE-2013-6458, CVE-2014-0028, CVE-2014-1447, CVE-2013-6436, CVE-2013-6457, CVE-2013-6458, CVE-2014-0028, CVE-2014-1447
MD5 | f51e0cfacbcfb0b443a67a0f0fc08ecb
Red Hat Security Advisory 2014-0124-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0124-01 - Apache Camel is a versatile open-source integration framework based on known Enterprise Integration Patterns. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header that would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4330
MD5 | 5744bd870f1f4cce365229826aefe6e9
Red Hat Security Advisory 2014-0113-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0113-01 - The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was discovered in the way the LDAP backend in keystone handled the removal of a role. A user could unintentionally be granted a role if the role being removed had not been previously granted to that user. Note that only OpenStack Identity setups using an LDAP backend were affected. All openstack-keystone users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-4477
MD5 | ff3d6a0a2ee9a70a7881cecc967601f5
Red Hat Security Advisory 2014-0112-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0112-01 - The openstack-nova packages provide OpenStack Compute, which provides services for provisioning, managing, and using virtual machine instances. It was discovered that enabling "qpid_protocol = ssl" in the nova.conf file did not result in nova using SSL to communicate to Qpid. If Qpid was not configured to enforce SSL this could lead to sensitive information being sent unencrypted over the communication channel. A flaw was found in the way OpenStack Compute controlled the size of disk images. An authenticated remote user could use malicious compressed qcow2 disk images to consume large amounts of disk space, potentially causing a denial of service on the OpenStack Compute nodes.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4463, CVE-2013-6491
MD5 | 8d1a24b1931678f63b8907beb8b4c103
Ubuntu Security Notice USN-2091-1
Posted Jan 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2091-1 - This update disables the OTR v1 protocol to prevent protocol downgrade attacks.

tags | advisory, protocol
systems | linux, ubuntu
MD5 | 0f588cc8cad6dfa7801fa65e8fd0f381
Slackware Security Advisory - bind Updates
Posted Jan 30, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0591
MD5 | 5102f54ff0f96bb3105c79b25dd2456b
Drupal Tribune 6.x / 7.x Cross Site Scripting
Posted Jan 30, 2014
Authored by Raynald Mirville | Site drupal.org

Drupal Tribune third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 8542620bc3f0d4de48eae956a560f936
Drupal Services 7.x Access Bypass
Posted Jan 30, 2014
Authored by wedge, prjcarr | Site drupal.org

Drupal Services third party module version 7.x suffers from multiple access bypass vulnerabilities.

tags | advisory, vulnerability
MD5 | e7d2d7fa767682cc351451ea94a02f41
Slackware Security Advisory - mozilla-nss Updates
Posted Jan 30, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-1740
MD5 | aeaeac280193f068475456ead968c65b
Gentoo Linux Security Advisory 201401-33
Posted Jan 30, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-33 - A vulnerability has been found in the Digest-Base Perl module, allowing remote attackers to execute arbitrary code. Versions less than 1.170.0 are affected.

tags | advisory, remote, arbitrary, perl
systems | linux, gentoo
advisories | CVE-2011-3597
MD5 | 85a4a70843c8294f0393cfd87a9bbca1
Gentoo Linux Security Advisory 201401-34
Posted Jan 30, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-34 - Multiple vulnerabilities have been found in BIND, possibly resulting in Denial of Service. Versions less than 9.9.4_p2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-5166, CVE-2012-5688, CVE-2012-5689, CVE-2013-2266, CVE-2013-3919, CVE-2013-4854, CVE-2014-0591
MD5 | 90bdcc100240be1f5b920b30dbe5c3ef
Red Hat Security Advisory 2014-0108-01
Posted Jan 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0108-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Xen hypervisor did not always lock 'page_alloc_lock' and 'grant_table.lock' in the same order. This could potentially lead to a deadlock. A malicious guest administrator could use this flaw to cause a denial of service on the host.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2013-4494
MD5 | cf383a0404e1950c6b41d40a9ea70192
Red Hat Security Advisory 2014-0103-01
Posted Jan 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0103-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2013-6458, CVE-2014-1447
MD5 | c4c9a22e6bfc0d4bba7e821c7b652afb
Red Hat Security Advisory 2014-0100-01
Posted Jan 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0100-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. A flaw was found in the way the perf_trace_event_perm() function in the Linux kernel checked permissions for the function tracer functionality. An unprivileged local user could use this flaw to enable function tracing and cause a denial of service on the system.

tags | advisory, denial of service, kernel, local, udp, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2929, CVE-2013-2930, CVE-2013-4270, CVE-2013-4470, CVE-2013-6378, CVE-2013-6383, CVE-2013-6431
MD5 | bb362a37b8ba46c925839fe6784e205e
Red Hat Security Advisory 2014-0097-01
Posted Jan 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0097-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the CORBA and JNDI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2013-5791, OSVDB-98467
MD5 | 9e2d6ec7a77acff1c1aca142e79d36c6
Ubuntu Security Notice USN-2090-1
Posted Jan 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2090-1 - Christoph Biedl discovered that Munin incorrectly handled certain multigraph data. A remote attacker could use this issue to cause Munin to consume resources, resulting in a denial of service. Christoph Biedl discovered that Munin incorrectly handled certain multigraph service names. A remote attacker could use this issue to cause Munin to stop data collection, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-6048, CVE-2013-6359, CVE-2013-6048, CVE-2013-6359
MD5 | 54d880e0dc479e652ff2c9b236fc29bd
Gentoo Linux Security Advisory 201401-32
Posted Jan 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-32 - Multiple vulnerabilities were found in Exim, the worst of which leading to remote execution of arbitrary code with root privileges. Versions less than 4.80.1 are affected.

tags | advisory, remote, arbitrary, root, vulnerability
systems | linux, gentoo
advisories | CVE-2010-2023, CVE-2010-2024, CVE-2010-4344, CVE-2010-4345, CVE-2011-0017, CVE-2011-1407, CVE-2011-1764, CVE-2012-5671
MD5 | 86774c961d131435e18c1dbf719ed5d0
Gentoo Linux Security Advisory 201401-31
Posted Jan 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-31 - A vulnerability in CEDET could result in privilege escalation. Versions less than 1.0.1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2012-0035
MD5 | 540b2dfc0769718a384cbf2451a90e9b
Gentoo Linux Security Advisory 201401-30
Posted Jan 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-30 - Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Versions less than or equal to 1.6.0.45 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0504, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0547, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723
MD5 | 48881d493fbb8febb2b7809ba22310b7
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
UK TV Drama About North Korea Hit By Hackers
Posted Oct 17, 2017

tags | headline, hacker, government, britain, cyberwar, korea
Russia Tweaks Telegram With Tiny Fine For Decryption Denial
Posted Oct 17, 2017

tags | headline, government, privacy, russia, cryptography
Never Mind The WPA2 Drama... Details Emerge Of TPM Key Fail
Posted Oct 17, 2017

tags | headline, wireless, flaw, cryptography
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close