Debian Linux Security Advisory 2914-1 - An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.
246d8804c5c7645744ef8f11ef9cd8acadbd918b3d44f0b1af1fb7a5b3520249Ubuntu Security Notice 2182-1 - Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net MAC addresses. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Various other issues were also addressed.
9700f1e369f6c75392ba440defb4087b4a9b1b71d9338c9338c67279882a6a1eUbuntu Security Notice 2183-1 - Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
8d3851678414f8bc3ad88106e10038b6b01d7a3dd84c9b1c2b73fac8076b184fDirectShowDemuxFilter as part of Divx plugin suite is vulnerable to heap-based buffer overflow, which can be exploited by malicious people to compromise a user's system.
c9d1f9793f8cfbc3c56502337112221fabaa268d9b9498760b7d0c560c765d16Apache Struts version 2.3.16.2 GA has been released to address ClassLoader security vulnerabilities.
1331886b3f8fd61bb499958c12f3d2ecbc179c9096709e2979167e1fcd693688HP Security Bulletin HPSBMU02994 3 - A potential security vulnerability has been identified in HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.
b8b3de3776dc7c5ce8612d0e42fc9e7fa814ccacafb58ad54f0504fb46d481b9Ubuntu Security Notice 2174-1 - A flaw was discovered in the Linux kernel's handling of SCTP handshake. A remote attacker could exploit this flaw to cause a denial of service (system crash). An error was discovered in the Linux kernel's DCCP protocol support. A remote attacked could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code.
89d8cc09d3de6e1dfd4d0d979f67ece93422dc334b8f7b5f3daad38cd77f0e7cUbuntu Security Notice 2176-1 - A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged local user could exploit this flaw to cause a denial of service (system crash), obtain sensitive information from kernel memory, or possibly gain privileges. Various other issues were also addressed.
0fd82a5dafb7106a5cc61836c60505d61911c8671ff127d0f0dbc78711976927Ubuntu Security Notice 2175-1 - A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged local user could exploit this flaw to cause a denial of service (system crash), obtain sensitive information from kernel memory, or possibly gain privileges. Various other issues were also addressed.
09c34b8b12506da9bd6fc72c2059d1e7329407c33e895ec4e5f280221699ce3bUbuntu Security Notice 2173-1 - A flaw was discovered in the Linux kernel's handling of SCTP handshake. A remote attacker could exploit this flaw to cause a denial of service (system crash). An error was discovered in the Linux kernel's DCCP protocol support. A remote attacked could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code.
dbadbd53311ec0266888516c23db444ce430d9ebb8a0eb78df1cacca49e67218Ubuntu Security Notice 2181-1 - A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged local user could exploit this flaw to cause a denial of service (system crash), obtain sensitive information from kernel memory, or possibly gain privileges. Various other issues were also addressed.
063f2090499833984e6d20908520ead81a01adae15e0e579f1f35034d46fbe21Ubuntu Security Notice 2180-1 - A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged local user could exploit this flaw to cause a denial of service (system crash), obtain sensitive information from kernel memory, or possibly gain privileges. Various other issues were also addressed.
714d749baacff1292847cf6b6d5ff43bb068212cc18722f306a49aee325ae36fUbuntu Security Notice 2179-1 - A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged local user could exploit this flaw to cause a denial of service (system crash), obtain sensitive information from kernel memory, or possibly gain privileges. Various other issues were also addressed.
4814cab0dd641289297f9390a746138aaf52735b4c33e0e473f6109382b184d8Ubuntu Security Notice 2178-1 - A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged local user could exploit this flaw to cause a denial of service (system crash), obtain sensitive information from kernel memory, or possibly gain privileges. Various other issues were also addressed.
48734ec03f1b121f89a30d43df04221ff921f24ff915939d85727eb0d2f85c39Ubuntu Security Notice 2177-1 - A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged local user could exploit this flaw to cause a denial of service (system crash), obtain sensitive information from kernel memory, or possibly gain privileges. Various other issues were also addressed.
ec115bf169eadba7b210bd5db5be22d3f10cc41d0ea9a532653899ba839914c9HP Security Bulletin HPSBMU03017 2 - A potential security vulnerability has been identified with HP Software Connect-IT running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. Revision 2 of this advisory.
e9a78459f7e987b83bf4af8f0957d2dda3712e58121f226f6f32537579683a93HP Security Bulletin HPSBMU03023 - A potential security vulnerability has been identified in HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The Virtual Connect firmware itself is not vulnerable to CVE-2014-0160 (Heartbleed), however, the installer component in versions 4.10 and 4.20 of Virtual Connect does have the vulnerability, and should be replaced with versions 4.10b or 4.20b, or the latest version of Virtual Connect Support Utility referenced below. The VCSU vulnerability is only present during the firmware upgrade process. Revision 1 of this advisory.
265d34dec60e1f903018c216fd1d7594a225c2b117f6462facc19c5c9c6b82ccHP Security Bulletin HPSBST03016 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
cc603d74519194ed684085382b3f25f8e81c35c6cb29ed84719965071aec239bHP Security Bulletin HPSBMU02895 SSRT101253 2 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 2 of this advisory.
0a07ff8e1b3e2972b6af5cc5d704474d68bf9a9d401e1cdab7ed39724fa01539Debian Linux Security Advisory 2906-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
336839d986f877d0c9633d42e6961fa76ae807751676c40199ee1f7de18091c3Debian Linux Security Advisory 2912-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
79dfda837e78d1e5259e544223cb2c97b5077035eab63af2590729a5832b5f12Live.com suffered from a UI redressing attack.
225b94c84cff17ea94e1fb2b927ea713b15076fee01dcd5ee0b5645ae0ed3abfIn Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters was supposed to be resolved. Unfortunately, the correction wasn't sufficient. A security fix release fully addressing this issue is in preparation and will be released as soon as possible.
1b02e3ee3cd52232d9bdeb795f9c25b15c8bffd44b3b7df846a5d3306f54c9eaSitecom WLR-4000 and WLR-4004 both v1 001 suffer from weak firmware encryption and have a predictable WPA key.
1859ad139fce73986b747a807e4df86ff957af3afdcef4c65e307925c5dee454HP Security Bulletin HPSBMU03020 - A potential security vulnerability has been identified with HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
459c9a6e9429ca0b8870610411c7acc83310004b610563f7e202a3d0fa9e5219
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed