Gentoo Linux Security Advisory 201402-25 - A vulnerability in OpenSSL's handling of TLS handshakes could result in a Denial of Service condition. Versions less than 1.0.1f are affected.
dc177282d243b8879ad0b5b085aa003520dc2c9504ed6635ff0590bdc37c0499
Gentoo Linux Security Advisory 201402-24 - Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt, which may result in execution of arbitrary code, Denial of Service, or the disclosure of private keys. Versions less than 2.0.22 are affected.
b179c24948b12fd20220e710cd0fc8df88dcb5a2e4985677436d991735781ae4
Gentoo Linux Security Advisory 201402-23 - Multiple vulnerabilities have been found in libXfont, the worst of which allow for local privilege escalation. Versions less than 1.4.7 are affected.
1cfd0d5f0fb45806d0f2f9036f3ae48ed7e9656364f91bdf2bfb40c33c748933
Gentoo Linux Security Advisory 201402-22 - A heap-based buffer overflow in TCPTrack might allow a remote attacker to execute arbitrary code. Versions less than 1.4.2 are affected.
ed7d1c7c7983fbe5c6a0fc0434bd45572d8a04b05d945a883f877ca58302826d
Gentoo Linux Security Advisory 201402-21 - Multiple vulnerabilities have been found in libTIFF, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 4.0.3-r6 are affected.
707bad1294ac3b0a266eaeb2ec4cb55aa7008c0ab780cd9c1f258db6072baa3a
Gentoo Linux Security Advisory 201402-20 - Multiple vulnerabilities have been found in KVIrc, the worst of which allows remote attackers to execute arbitrary code. Versions less than 4.1_pre4693 are affected.
c61e316675969c2cfb76e436110b34ef9afcd12d0323484e5485524a38a3a01e
Mandriva Linux Security Advisory 2014-046 - Cross-site scripting vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. This upgrade provides the latest phpmyadmin version to address this vulnerability. Additionally phpseclib packages has been added due to new dependencies.
5499c576a7df330914ff676519142bf62bd04f5f2be1cdd03102f3ae2e614994
Gentoo Linux Security Advisory 201402-19 - A buffer overflow in libtar might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.2.20-r2 are affected.
551d7905d4ffe777cd040b0ada4455c1bf57e0d94c1391a2b1c629e783ccfac8
Apple Security Advisory 2014-02-21-2 - iOS 7.0.6 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
cde1d10d64b0767872cce08826488246a3000f833e12e93ab69299851856330f
Google's public data explorer suffered from an XML external entity injection vulnerability.
f1f93b1a77eeff328b95a62faf8d24425b8847dd2d7576805d6e28322cdc50d6
Slackware Security Advisory - New kernel packages are available for Slackware 14.1 (64-bit) to fix a security issue.
cc78a9497557a0501a4443b959c390cd7c60c4c627e19be5e2974d83af41c6bd
Gentoo Linux Security Advisory 201402-18 - GNU Midnight Commander does not properly sanitize environment variables, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 4.8.7 are affected.
ceed69737e7c9a4f5f9ef054f685065c8dab8dcda182eaaf2a1e9c196f8826f2
Debian Linux Security Advisory 2865-1 - Various vulnerabilities were discovered in PostgreSQL.
1e90886f93fefed24a7953c71f5b376443d1842c66045e0c90af12c5d5c348be
Red Hat Security Advisory 2014-0195-01 - Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. This Red Hat JBoss Portal 6.1.1 release serves as a replacement for 6.1.0.
ad17b99c336d1d0ac63117515d8fb941efea61e47e0482fa54c72c275372cd9e
Debian Linux Security Advisory 2864-1 - Various vulnerabilities were discovered in PostgreSQL.
1867d5a2cd522f7cbb2c54a13eda5771d56c14a038dde227b4ba0af113cc2e61
Mandriva Linux Security Advisory 2014-045 - A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and tar_extract_all prefix parameter. The updated packages have been patched to correct this issue.
a65c1beb056ccb0d18e8a96e55d09be2aa60f9240441e3ae174e13ed63df08d3
Slackware Security Advisory - New mariadb and mysql packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
b83dbc636a812dc56e004c015b772296ed0b6e308651fe000eca32edf038ccee
Drupal Slickgrid third party module version 7.x suffers from an access bypass vulnerability.
b82495ac12980498ae19fd2c3fa6a88d0ba085f50649e1069079841e6635be62
Drupal Maestro third party module version 7.x suffers from a cross site scripting vulnerability.
2ef084f5b4cc54fe1dc67b659959f605be95c7487e7c178f6f67bf4e8b3e199f
Cisco Security Advisory - A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.
263d52d0a8e480eea065400653b0fdc7afcef68f1eee6b4bf79831817897f504
Cisco Security Advisory - A vulnerability in Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by accessing the server command-line interface (CLI) remotely using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which provide full administrative rights to the system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
455d4762adae3d53ac5f9a0be511be629af140dfb873bcfee3b94ecc53315070
Grails by Pivotal versions 2.0.0 through 2.3.5 suffer from an information disclosure vulnerability. The Grails resources plug-in, a default dependency of Grails since 2.0.0, does not block access to resources located under /WEB-INF by default. This means that both configuration files and class files are publicly accessible when they should be private.
451b602b09ccce7eff090015aff878aa007f796e3c4b5d2deb17b38dbd1a45a0
Core FTP Server version 1.2 build 505 suffers from a local code execution vulnerability.
64260d9a672fe5d35579393d66ab0047c1d1ed3a7ca49c30bcfd2138e3c204d5
Cisco Security Advisory - Cisco Intrusion Prevention System (IPS) Software is affected by multiple denial of service vulnerabilities.
087b1f35eb691046fdadd7e1fc8310b32781c77a9caf1c1cd2a1b0f0b23ac858
Cisco Security Advisory - Cisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could exploit this vulnerability by sending traffic to match the condition that triggers cut-through proxy authentication.
5459e6bb915e633b8b42ae60ecd4bef2461e0ba288585381f58d06ba5e554903