Gentoo Linux Security Advisory 201405-28 - A remote command injection vulnerability has been discovered in xmonad-contrib. Versions less than 0.11.2 are affected.
38fb811a8cac5932b75fa59e16b42be8839538cf9284093511c23adc5ced82a8
Red Hat Security Advisory 2014-0565-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.
f1e9f6c1c9be3e43a15d38d75587d92cb3da1e2846c3e184bcdbd280ba0ad505
Red Hat Security Advisory 2014-0564-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.
b605c57114719a77fe275c9838251481f50e536e80553823f178ad6e466a9bba
Red Hat Security Advisory 2014-0563-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.
881e706fc0bedaff8a0768878e85814423dc159dee27a4733dd69daa905544bb
HP Security Bulletin HPSBGN03041 - A potential security vulnerability has been identified with HP IceWall Configuration Manager running Apache Struts. The vulnerability could be exploited remotely resulting in execution of arbitrary code. Revision 1 of this advisory.
64795997cd5a317c0b565929f621a7404bfe676a059784dec8dc3165de9eec6b
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a heap overflow error when processing the "width" and "height" fields of a barcode element in a PDF, which could be exploited to execute arbitrary code via a malicious PDF file.
c5545ff4151f3d3fc0cd08c554b26236da99bbd61f13df1841d24f313158e669
Ubuntu Security Notice 2219-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.
5483ba963061925d2f4fc4ff849d723fc2ed76a1ec4a8e5d606519d95f21cebc
Ubuntu Security Notice 2220-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.
f538ceeba1f59cb49790485df05f335d059438943dbea0956289c617341b9e8f
Ubuntu Security Notice 2227-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
030f8dbdef1c111fe4bbe4103734f72cb888f3ba4144f7241099df3eede3cb21
Ubuntu Security Notice 2228-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.
cbc98ee7edf9f6b0c61ecb645c9d3e101aa77a558f1ea88158b44edf00b8d013
Ubuntu Security Notice 2225-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.
1ca8698870b1aeeb7cd24ed60310742267e3248417075cd461c1b8fa466516f1
Ubuntu Security Notice 2226-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.
bb02d6be147b2a64bf2eed1aa6203edb6f0c032d53a6ce0479e428d685379925
Ubuntu Security Notice 2223-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.
c386b44476309ae7dac47eb0a8d7cc0a26662f0c3adc3b24f480afe3edd7f15c
Ubuntu Security Notice 2224-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.
b625f3ae67dd825bf8f26346dd77dbec5fa9b71a0820c41ad8aa80cd57a6a847
Ubuntu Security Notice 2222-1 - Robert Kisteleki discovered mod_wsgi incorrectly checked setuid return values. A malicious application could use this issue to cause a local privilege escalation when using daemon mode. Buck Golemon discovered that mod_wsgi used memory that had been freed. A remote attacker could use this issue to read process memory via the Content-Type response header. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
36636054de74138601b060fbec176563d8ca424f38c63b93ff1a46e5c5134b57
Ubuntu Security Notice 2221-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.
5616975f2fb4dd39c84f62c8002d7351e1f5dddc09b837aabc10d511eb920b67
Emerson DeltaV versions 10.3.1, 11.3, 11.3.1, and 12.3 suffer from world-writable system folder and hardcoded credential vulnerabilities.
56e7ecad43c295ceb075b56c6cba23a12039fd8da5c350cd0cbaccbe42989156
3.ebay.com.au suffered from a remote SQL injection vulnerability.
ac896c8d7f84eab08d888bc38f0ffbac7bc78ada59535a0ebae9c502787f512c
HP Security Bulletin HPSBUX02960 SSRT101419 3 - A potential security vulnerability has been identified with HP-UX running NTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 3 of this advisory.
e0bb8d4702ecd453b0bdb6a93fed59263c7330cdba9ffb831ed00b6833d62f0d
HP Security Bulletin HPSBMU03009 3 - A potential security vulnerability has been identified with HP CloudSystem Foundation and HP CloudSystem Enterprise software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.
715a2d0a4cdf05596a3668d5ecd8157e6df13d4c09710a6731099c91bd445fb0
RSA Archer GRC 5.4 SP1 P3 platform contains fixes for multiple cross-site scripting vulnerabilities. These vulnerabilities can be exploited to execute arbitrary HTML and script code in an RSA Archer user's browser session in context of an affected RSA Archer application.
8a6799538051d3cc6695cf5dfc128a76888c85fc4316e9384239998346adb6e6
Debian Linux Security Advisory 2936-1 - John Fitzpatrick from MWR Labs reported a stack-based buffer overflow vulnerability in torque, a PBS-derived batch processing queueing system. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code with root privileges.
000e95af2d290953506bcada622442d6062842c424e774b0871880778600207b
Gentoo Linux Security Advisory 201405-27 - A vulnerability in LibYAML could allow an attacker to execute arbitrary code or cause a Denial of Service condition. Versions less than 0.1.6 are affected.
0ee66c37e9ea5190948fb3842e8c8295ad38746709229bb5ee1e8606e76afb7f
HP Security Bulletin HPSBMU03025 2 - A potential security vulnerability has been identified in HP Diagnostics running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.
52629bc62087a9590b7c8b290ce662df2a94e3e0cdab3616e08af610cd2dd175
HP Security Bulletin HPSBMU02995 8 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 8 of this advisory.
8a46199caee50f4b5ccb3fe410da023a1d9cae75b0c14e9eb19f64d6b9895b17