Gentoo Linux Security Advisory 201402-28 - Multiple vulnerabilities have been found in Chrony, possibly allowing remote attackers to cause a Denial of Service condition. Versions less than or equal to 1.29 are affected.
5d98920322f2cd6acd286a09a0da73788b7db26c736c9c6a740130fbf7439d11Slackware Security Advisory - New subversion packages are available for Slackware 14.0, 14.1, and -current to fix denial-of-service issues.
76da3c1a614f58e823da66af1606ec1b461fc3a9dc9f72254429e3ca36b1946cGentoo Linux Security Advisory 201402-29 - Multiple integer overflow vulnerabilities have been found in ArgyllCMS which could allow attackers to execute arbitrary code. Versions less than 1.4.0-r1 are affected.
37a8916db618424d7c7343c9421fc0602f1ab10167ee28779fca4bc44477e95fRed Hat Security Advisory 2014-0226-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Life Cycle Support for Red Hat Enterprise Linux 4 will be retired on February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 4 ELS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. The retirement process for Red Hat Enterprise Linux 4 ELS will complete on February 28, 2015. On that date, the Red Hat Enterprise Linux 4 ELS channels will be moved to the "Retired" channels area on the Customer Portal, and customers will be unsubscribed from the Red Hat Enterprise Linux 4 Extended Life Cycle Support channels.
29602ec14404d2f26557c80ec595b91f961c437b2d13656ed8299541b94bb481Ubuntu Security Notice 2124-1 - A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
a4cd62f58ae7a9de6a18fa4955689ed1b2fc4683d65de5ec792cc3ad927c1f0dRed Hat Security Advisory 2014-0224-01 - The Red Hat Support plug-in for Red Hat Enterprise Virtualization is a new feature which offers seamless integrated access to Red Hat Access services from the Red Hat Enterprise Virtualization Administration Portal. The plug-in provides automated functionality that enables quicker help, answers, and proactive services. It offers easy and instant access to Red Hat exclusive knowledge, resources, engagement, and diagnostic features. Detailed information about this plug-in can be found in the Red Hat Customer Portal at https://access.redhat.com/site/articles/425603 The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.
f8556682c66be6a9118eadc60de95e718fab72514a5be24053f9dd706410253dRed Hat Security Advisory 2014-0223-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code.
75cdc7caf157b13a85454f0d9bfaca0783cd730c536f634625254045fb9a741eRed Hat Security Advisory 2014-0222-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code.
fdc3e7dab83c94896553be4b8e66657321b93fd53e9799046b33f5e2aeb3cc59Red Hat Security Advisory 2014-0221-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
c6ab31b1c26fbb1903badb011f677993cc7b516eaff5de8ef1716a378c7de837Red Hat Security Advisory 2014-0225-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.3 will be retired as of March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.3 AMC after March 31, 2014. In addition, technical support through Red Hat's Global Support Services for this product will no longer be provided after this date. Note: This notification applies only to those customers with subscriptions for Advanced Mission Critical Support channels for Red Hat Enterprise Linux 5.3.
f3d59579992f9f4eb4f2baa8ba1c236494792029f90b8610c2c6266007c9d2bbSAS for Windows versions 9.2, 9.3, and 9.4 suffer from a local buffer overflow vulnerability.
24769861835016b127bed896f8ade5c050efa0a1c159a8540888d617d43db899Cisco Security Advisory - A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper validation of URL requests. An attacker could exploit this vulnerability by requesting an unauthorized command via a specific URL. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges. Cisco has released free software updates that address this vulnerability. A software patch that addresses this vulnerability in all affected versions is also available. Workarounds that mitigate this vulnerability are not available.
2085552f3da2a1de4ba3036cf8124df7234b01446b9bb08ae5f19907c7e9ae85HP Security Bulletin HPSBST02955 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 1 of this advisory.
7a0da1c21ab0ea1ff0e437cda710d643179e7469a520d96d54e7b1e4ad034845Drupal Mime Mail third party module version 6.x and 7.x suffer from an access bypass vulnerability.
bcf2575491826b0710730dc39d915d6af8fe276f8edf30d29d0e119fe33af483HP Security Bulletin HPSBPI02869 SSRT100936 3 - A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files. Revision 3 of this advisory.
4c59ce6eebc678501a609d6ecc4489c93d0aac9371b86e05604dad9152f1ca81Drupal Content Locking third party module versions 6.x and 7.x suffer from a cross site request forgery vulnerability.
16cd79d67b6d805f59cc01b989a8be123d70328cbc9af0cc97a00012b4b6168dApple Security Advisory 2014-02-25-3 - QuickTime 7.7.5 is now available and addresses multiple security issues related to denial of service and arbitrary code execution.
d19d51684f4d799bc85e0de254dedd61e3c5f79f8604e717e35213ae98ea6da9Apple Security Advisory 2014-02-25-2 - Safari 6.1.2 and Safari 7.0.2 is now available and addresses an issue where visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
5f115e3656944c57ae6ad7a470d49b01ef3a6dc1308fcc4e1edf5fa848043874Apple Security Advisory 2014-02-25-1 - OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues including the recent SSL vulnerability.
1d8f727073c1ea1d6289c8c7fa93c5237ad978b58d6ca700d78a6f12ea0f3b83HP Security Bulletin HPSBMU02966 - A potential security vulnerability has been identified with HP Operations Orchestration. The vulnerability could be exploited to gain unauthorized access to information. Revision 1 of this advisory.
32d365b078cb65bcb4beceeac0ade27c68c83a77127c990b36aeb5f30104c0baUbuntu Security Notice 2122-1 - It was discovered that FreeRADIUS incorrectly handled unix authentication. A remote user could successfully authenticate with an expired password. Pierre Carrier discovered that FreeRADIUS incorrectly handled rlm_pap hash processing. An authenticated user could use this issue to cause FreeRADIUS to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Various other issues were also addressed.
0a995469005a5d9cd6cf4dd533400746453f53f7672a93339e2f298e285126efUbuntu Security Notice 2123-1 - It was discovered that file incorrectly handled Composite Document files. An attacker could use this issue to cause file to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Bernd Melchers discovered that file incorrectly handled indirect offset values. An attacker could use this issue to cause file to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.
c15cd48bc8b2799f13c365755252a2482623291ddeebb7c5be3f90af4ec34e10Gentoo Linux Security Advisory 201402-27 - A vulnerability in pidgin-knotify might allow remote attackers to execute arbitrary code. Versions 0.2.1 and below are affected.
bd35a01c12edbb39efb00665101fb5625886d7cf8e22e46d5468af7c2c2f6b98Drupal Project Issue File Review third party module version 6.x suffers from a cross site scripting vulnerability.
e28a6cbac52ea9062d475561ecd582132a19356c74b977a8f2c3c14fd96983e8Drupal Open Omega third party theme version 7.x suffers from an access bypass vulnerability.
3ffbc3e066436f401887a605bc6972b7273f85ee4b6ffcd592b9a0d7aa384779
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed