Debian Linux Security Advisory 2891-1 - Several vulnerabilities were discovered in MediaWiki, a wiki engine.
cd5776f1a1d81c9161dcf857098c8b2d1dd8f0ecc0834c564f76e6445537d711Debian Linux Security Advisory 2890-1 - Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework.
27f9ee57599c732f28379d5fd74abab6f97c737a3bcf24f10c2f7392d21aa918Red Hat Security Advisory 2014-0344-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
3f3acd558c38d4a1ccfb6f2b8bec52c3ae93d8bb93ba8db626244df22e8c8a38Red Hat Security Advisory 2014-0342-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
fb4636b121cc06c3f8f983ea3435be6d5e3e08969f2723469ce849ffee9c90ceRed Hat Security Advisory 2014-0345-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
d60440c19355c7c09e42866458a7ac9981825da1b0b456b641cb370c61340940Red Hat Security Advisory 2014-0343-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
2c3501de41dad7648e0b0ec1fc7cf09a1c34b786bb2e3f7402306edcde85d3e2Red Hat Security Advisory 2014-0341-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
b531a7447c88b6daa2a1487c069a72622b42551b72216051e073e1ca4e49bc98Red Hat Security Advisory 2014-0340-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 1 offering will be retired as of June 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 1 after June 30, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 1 after this date. We encourage customers to plan their migration from Red Hat Enterprise Developer Toolset Version 1 to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product.
fad6fd6b2752093091cbe4719dd22ca5b0fd8130476fe260d36fe381ec81137dRed Hat Security Advisory 2014-0339-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.
27433747bde26addd9b3464670fd4f3098c0354c6a1ecdaa823c9aff3f2c26eeDebian Linux Security Advisory 2891-2 - In the Mediawiki update issued as DSA 2891-1, a few files were missing from the package. This update corrects that problem.
9f5bf02fc06867cb3e9bab406d4c6f55a8099580c8d026245672cf4672def2a2Apache ModSecurity versions prior to 2.7.6 appears to suffer from a filter evasion vulnerability via chunked requests.
b4577633493ef0b6de597cd73adb4abb6e8f136bc25547ae839a067e7209bd00Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
62e2803d1077490bc2ecda2387b52e9eb3db0fc8c4b9ce06938637ceff9ae9f1Slackware Security Advisory - New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
3de211c34bb48756bad2a6643d32350fc340d729d5c68ece7d1a140aa017252bSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1, and -current to fix security issues.
d20713213e1f498660bb8b43f4fbc662136bfc2b790071d4f7b2be3a9b9051daSlackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
6120fb4a8bf6d6ae054f4a491f7039bf7641e93ba9382dbe574ea9e812474cccSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1, and -current to fix security issues.
334938e89e2d3072c73f300991ac514dc6ea30b1d9b395eb8f4969e48e99e779Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
11220e483e0470a5c002fab2accd9c67a8f9231abc1cf27ee995893039c1e38cSlackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
4fbd2389486aa3af7ea8d9c620951216e696c1a2f7cd4f5c668793bc276a08f3Debian Linux Security Advisory 2889-1 - An SQL injection vulnerability was discovered in postfixadmin, a web administration interface for the Postfix Mail Transport Agent, which allowed authenticated users to make arbitrary manipulations to the database.
6c98896315477340680db98e02791077026f5bb90eef2f49e4ff280754b1c63aDebian Linux Security Advisory 2888-1 - Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack.
423a0919621086aaccc30b1f280aaa8df27b793c92b30df5b3341a89bb7b74d0Symantec LiveUpdate Administrator versions 2.3.2.99 and below suffer from password reset and remote SQL injection vulnerabilities.
11f001616a25bdfdf4be738bd0ef7f77bf985f9f7a0f5c873331ffa8305ed340LibYAML versions 0.1.5 and below are affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the yaml_parser_scan_uri_escapes() function. A specially crafted YAML file, with a long sequence of percent-encoded characters in a URL, can be used to trigger the overflow.
801017e1ff1d3bdeae05eeef0c85d7625a0088eef454bd42667d1a259ef47ff8HP Security Bulletin HPSBST02968 2 - A potential security vulnerability has been identified with certain HP StoreOnce appliances. This vulnerability could be exploited to allow remote unauthorized access to the appliance. Revision 2 of this advisory.
381ca615d8d8fface93b274db6423d82a2e18741438d20d4c269d5e2cb2270f8Debian Linux Security Advisory 2887-1 - Aaron Neyer discovered that missing input sanitizing in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message.
a3b48a31da8b85333d9e14e6c946b5b226635072b357a1c97013b03a850b0350EMC VPLEX GeoSynchrony versions 4.0 through 5.2.1 suffer from path traversal, timeout validity, session fixation, and various other vulnerabilities.
865ebcefce882874598ff43ecc2a95087b307183385a9a725bb5ad0baf892e95
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed