Red Hat Security Advisory 2014-0448-01 - Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A use-after-free flaw was found in the way Firefox resolved hosts in certain circumstances. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox.
036e0f8ed361fb24dcfd70187da07fb2d6493d57a7833ba2f31577d8834177fbRed Hat Security Advisory 2014-0447-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security Bulletin APSB14-13, listed in the References section. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
107f7360351027e618cf2344f18d82c17a5a01451a5768e0bd7d6f3cc02e1e8aApache Struts 1, now EOL'ed a year ago, suffers from a ClassLoader manipulation vulnerability similar to recent findings.
d753af8cf08ba2c2ef2788acb38ccb3268e20b5f6097e41ffbf640ac694b1f2fHP Security Bulletin HPSBMU03020 2 - A potential security vulnerability has been identified with HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
cdda7e39e3bfafc44217b4c9a7e029567a6a2d95a43e7ccac56a7c342920cd16Ubuntu Security Notice 2185-1 - Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
cac7cbb67ced17c78361165cc7c3b566fff48bd23c5d90687e88e4ae5a84c369Ubuntu Security Notice 2184-1 - Frederic Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session.
971d9a9d0418fd595042de940e87cc3d2fa03401f9970f243a361ef29a225daeOnapsis Security Advisory - SAP BusinessObjects InfoView suffers from a reflective cross site scripting vulnerability.
4d161054fd847d69430573900f5115a49e4c02cca4ed535d5cd5fc6a1576f55bOnapsis Security Advisory - SAP BASIS suffers from a missing authorization check. SAP Netweaver ABAP Application Server is affected.
256bd960fbdebcad59f543091e1b5400cedf42289a770e76797b5c696842db46Onapsis Security Advisory - It has been detected that some functionality of the affected webdynpro displays all the SAP systems that are registered on the SLD without requiring username or password. This situation will bring valuable information to an attacker to plan a more complex attack over the SAP environment. SAP Netweaver Java Application Server is affected.
f0232025c98889497fcb0c0b1d72442e16fc22b24d19905bd9ad64c3644c09bbOnapsis Security Advisory - SAP is missing an authorization check in profile maintenance. SAP Solution Manager version 7.1 is affected.
b7c303f7bf2fdf075bdc1e6b7520a92fcb05d90222559301ac050e06fa65efc3Onapsis Security Advisory - SAP background processing suffers from a missing authorization check. A remote authenticated attacker could execute the vulnerable RFC function and obtain sensitive information regarding the target application server. SAP Solution Manager version 7.1 is affected.
59f5fd063cd638475b56911c3f860c68eb3d9222d3f786d79c7538b9fdef6595Red Hat Security Advisory 2014-0442-01 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.
90de0d5d1901866aea6b25380c9b7653ebb6058d87fd37e433c3292b6ef4f1deHP Security Bulletin HPSBUX02963 SSRT101297 2 - A potential security vulnerability has been identified with HP-UX's m4(1) macro processor command. The vulnerability could be exploited locally resulting in unauthorized access. Revision 2 of this advisory.
59c2099bd84ba67d08b22cdb56812971e7ee08d98025ea91319d22b2fd53b979Onapsis Security Advisory - An information disclosure exists in SAP Software Lifecycle Manager. SAP Solution Manager version 7.1 is affected.
66175ddf4ff1b483f9589574588c2c2d8333d5951f8f26a85a6a946dc17690beHP Security Bulletin HPSBMU03022 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 1 of this advisory.
7c7a616ea0bc1d238574c012deee840077e6027ee20c991b2e71a95cc720bf18HP Security Bulletin HPSBMU03025 - A potential security vulnerability has been identified in HP Diagnostics running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
347c3c86c55fb210fc9799ac5fef38c3c769fb03d47928b50b4baa56fdb9121fHP Security Bulletin HPSBGN03010 2 - A potential security vulnerability has been identified in HP Software Server Automation running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.
5d03cfbf9506cfa5ffba29cb25add2ed339e9a76c30ccf4b7e8a326e25adf64bHP Security Bulletin HPSBMU02995 6 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol.
a16128da2b79c4167b73519c5aa603028d61b3670cd39f820ab4f7d536462f45Debian Linux Security Advisory 2917-1 - John Lightsey of the Debian Security Audit project discovered that the super package did not check for setuid failures, allowing local users to increase the privileges on kernel versions which do not guard against RLIMIT_NPROC attacks.
e0476131e071183f506462ecceda9739dfc04884d9904a2c1bdd34573468feaeDebian Linux Security Advisory 2916-1 - Alex Chapman discovered that a buffer overflow in processing "MMS over HTTP" messages could result in the execution of arbitrary code.
b98c02efa33ad151d06db39badeaf7597e398a418c2631e736133f390348bf39Debian Linux Security Advisory 2915-1 - Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package - leading to the creation of files outside the directory of the source being unpacked.
859d36f5c8dbbb0f25181d9f7ae180b3b816a16350c962858405417b686e0242Red Hat Security Advisory 2014-0441-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.
76d13db51b4045a6c0f2480a10421f2b9d3e34717be95ac5e1153a50ab90035bRed Hat Security Advisory 2014-0440-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.
8a92a7112ff8929cffa301f60b1e4e60c37e9603b197a23ec374b5be691ea107Red Hat Security Advisory 2014-0439-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A denial of service flaw was found in the way the Linux kernel's IPv6 implementation processed IPv6 router advertisement packets. An attacker able to send a large number of RA packets to a target system could potentially use this flaw to crash the target system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system.
2b623200e0a9ae6450a12d72a8175b17fe8b289abc75e214b50cd7e3b3ee735bDebian Linux Security Advisory 2913-1 - An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.
d394e08c70f78f10ec9cd82c86a33e9f0cbfa6cc31f0ca140dbf37e345337995
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed