Gentoo Linux Security Advisory 201402-25 - A vulnerability in OpenSSL's handling of TLS handshakes could result in a Denial of Service condition. Versions less than 1.0.1f are affected.
dc177282d243b8879ad0b5b085aa003520dc2c9504ed6635ff0590bdc37c0499Gentoo Linux Security Advisory 201402-24 - Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt, which may result in execution of arbitrary code, Denial of Service, or the disclosure of private keys. Versions less than 2.0.22 are affected.
b179c24948b12fd20220e710cd0fc8df88dcb5a2e4985677436d991735781ae4Gentoo Linux Security Advisory 201402-23 - Multiple vulnerabilities have been found in libXfont, the worst of which allow for local privilege escalation. Versions less than 1.4.7 are affected.
1cfd0d5f0fb45806d0f2f9036f3ae48ed7e9656364f91bdf2bfb40c33c748933Gentoo Linux Security Advisory 201402-22 - A heap-based buffer overflow in TCPTrack might allow a remote attacker to execute arbitrary code. Versions less than 1.4.2 are affected.
ed7d1c7c7983fbe5c6a0fc0434bd45572d8a04b05d945a883f877ca58302826dGentoo Linux Security Advisory 201402-21 - Multiple vulnerabilities have been found in libTIFF, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 4.0.3-r6 are affected.
707bad1294ac3b0a266eaeb2ec4cb55aa7008c0ab780cd9c1f258db6072baa3aGentoo Linux Security Advisory 201402-20 - Multiple vulnerabilities have been found in KVIrc, the worst of which allows remote attackers to execute arbitrary code. Versions less than 4.1_pre4693 are affected.
c61e316675969c2cfb76e436110b34ef9afcd12d0323484e5485524a38a3a01eMandriva Linux Security Advisory 2014-046 - Cross-site scripting vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. This upgrade provides the latest phpmyadmin version to address this vulnerability. Additionally phpseclib packages has been added due to new dependencies.
5499c576a7df330914ff676519142bf62bd04f5f2be1cdd03102f3ae2e614994Gentoo Linux Security Advisory 201402-19 - A buffer overflow in libtar might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.2.20-r2 are affected.
551d7905d4ffe777cd040b0ada4455c1bf57e0d94c1391a2b1c629e783ccfac8Apple Security Advisory 2014-02-21-2 - iOS 7.0.6 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
cde1d10d64b0767872cce08826488246a3000f833e12e93ab69299851856330fGoogle's public data explorer suffered from an XML external entity injection vulnerability.
f1f93b1a77eeff328b95a62faf8d24425b8847dd2d7576805d6e28322cdc50d6Slackware Security Advisory - New kernel packages are available for Slackware 14.1 (64-bit) to fix a security issue.
cc78a9497557a0501a4443b959c390cd7c60c4c627e19be5e2974d83af41c6bdGentoo Linux Security Advisory 201402-18 - GNU Midnight Commander does not properly sanitize environment variables, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 4.8.7 are affected.
ceed69737e7c9a4f5f9ef054f685065c8dab8dcda182eaaf2a1e9c196f8826f2Debian Linux Security Advisory 2865-1 - Various vulnerabilities were discovered in PostgreSQL.
1e90886f93fefed24a7953c71f5b376443d1842c66045e0c90af12c5d5c348beRed Hat Security Advisory 2014-0195-01 - Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. This Red Hat JBoss Portal 6.1.1 release serves as a replacement for 6.1.0.
ad17b99c336d1d0ac63117515d8fb941efea61e47e0482fa54c72c275372cd9eDebian Linux Security Advisory 2864-1 - Various vulnerabilities were discovered in PostgreSQL.
1867d5a2cd522f7cbb2c54a13eda5771d56c14a038dde227b4ba0af113cc2e61Mandriva Linux Security Advisory 2014-045 - A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and tar_extract_all prefix parameter. The updated packages have been patched to correct this issue.
a65c1beb056ccb0d18e8a96e55d09be2aa60f9240441e3ae174e13ed63df08d3Slackware Security Advisory - New mariadb and mysql packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
b83dbc636a812dc56e004c015b772296ed0b6e308651fe000eca32edf038cceeDrupal Slickgrid third party module version 7.x suffers from an access bypass vulnerability.
b82495ac12980498ae19fd2c3fa6a88d0ba085f50649e1069079841e6635be62Drupal Maestro third party module version 7.x suffers from a cross site scripting vulnerability.
2ef084f5b4cc54fe1dc67b659959f605be95c7487e7c178f6f67bf4e8b3e199fCisco Security Advisory - A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.
263d52d0a8e480eea065400653b0fdc7afcef68f1eee6b4bf79831817897f504Cisco Security Advisory - A vulnerability in Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by accessing the server command-line interface (CLI) remotely using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which provide full administrative rights to the system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
455d4762adae3d53ac5f9a0be511be629af140dfb873bcfee3b94ecc53315070Grails by Pivotal versions 2.0.0 through 2.3.5 suffer from an information disclosure vulnerability. The Grails resources plug-in, a default dependency of Grails since 2.0.0, does not block access to resources located under /WEB-INF by default. This means that both configuration files and class files are publicly accessible when they should be private.
451b602b09ccce7eff090015aff878aa007f796e3c4b5d2deb17b38dbd1a45a0Core FTP Server version 1.2 build 505 suffers from a local code execution vulnerability.
64260d9a672fe5d35579393d66ab0047c1d1ed3a7ca49c30bcfd2138e3c204d5Cisco Security Advisory - Cisco Intrusion Prevention System (IPS) Software is affected by multiple denial of service vulnerabilities.
087b1f35eb691046fdadd7e1fc8310b32781c77a9caf1c1cd2a1b0f0b23ac858Cisco Security Advisory - Cisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could exploit this vulnerability by sending traffic to match the condition that triggers cut-through proxy authentication.
5459e6bb915e633b8b42ae60ecd4bef2461e0ba288585381f58d06ba5e554903
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed