Red Hat Security Advisory 2014-0522-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. These updated packages upgrade MariaDB to version 5.5.37.
6c7b692716d4b3231366034b209f15ed6358a6cc0307d2637ae8cab01d54704dFTP Rush version 2.1.8 fails to validate X.509 certificates.
08db1ca6e7f0ad3753320343d94123a3e0682c3ebd85684834dbf71b50e8349dHP Security Bulletin HPSBGN03007 - A potential security vulnerability has been identified with HP IceWall MCRP and HP IceWall SSO. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.
efb991644ef78dc252a79e960261969be05afaad1b9be719585683b5ad015725HP Security Bulletin HPSBMU03022 3 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 3 of this advisory.
8f9087315afcbac376a9d94829c09203bb41b0d59eacf16f29ed2914592cfcdfApple Security Advisory 2014-05-16-1 - iTunes 11.2.1 is now available and addresses a security issue. Upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writable, allowing modification of these directories. This issue was addressed with improved permission handling.
1e857140974b6a2cba7cdf4afaf97bcf0ca7211a33d794ddd92936f0ea523187HP Security Bulletin HPSBHF02946 2 - A potential security vulnerability has been identified with certain HP servers that use NVIDIA Computing GPU processors. The vulnerability could be exploited resulting in an elevation of privilege. Revision 2 of this advisory.
1a1f5a30071511664a0697b6d00c81b1609e84a81d6a433fb1760f8208dd1135Red Hat Security Advisory 2014-0512-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
fa55406cf632fc5cffe50d9de595748c36a5faeed71c118696960fbef60173deRed Hat Security Advisory 2014-0513-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity attacks, possibly resulting in a denial of service or an information leak on the system. An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash.
3d551b6c132f55a4510bfa07d62cbc76c5971974060b32e4b1e88be27977c857Debian Linux Security Advisory 2931-1 - It was discovered that incorrect memory handling in OpenSSL's do_ssl3_write() function could result in denial of service.
3f131205b5bad70a4b0c2968f610fdfe51b874d320d478dd3e6a32fece1b4fcaDebian Linux Security Advisory 2930-1 - Several vulnerabilities have been discovered in the chromium web browser.
6705791b0d2338a1d0d3e61db86868bf7a15dc26285570bd2b3b0f99dd124a53Gentoo Linux Security Advisory 201405-26 - A local privilege escalation vulnerability has been discovered in X2Go Server. Versions greater than or equal to 4.0.1.12 are affected.
96dee0802bacb92e7c729081527ca8041b571a4ba775b09701a9c9183aa1e8c9Debian Linux Security Advisory 2932-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.
af995b245f580294572b97f383cf24b6f963fccf80a5d40dc7189c0e88bd2c6dCA Technologies is investigating an OpenSSL vulnerability, referred to as the "Heartbleed bug" that was publicly disclosed on April 7, 2014. CA Technologies has confirmed that the majority of their product portfolio is unaffected. There are, however, several products that used vulnerable versions of OpenSSL 1.0.1 and consequently may be affected.
cd70166d5a87d345097aa5d535e0e71a59c770f9dfeb06ac3274b16b979bdcfdThe ARRIS / Motorola SURFboard SBG6580 series wi-fi cable modem gateway disclosure username and password information for the user interface as well as wireless network keys via SNMP.
68baa90946e554834f316f5ad452d3b5148fcd52b9dc9efc01e2fec10f34f92eMandriva Linux Security Advisory 2014-098 - Due to flaws in the embedded copy of dcraw in rawtherapee, corrupt input files might trigger a division by zero, an infinite loop, or a null pointer dereference.
07ff6eb1ad4336835cecc21a788c476ced6573f11a2ba4662dd3e4a789815a1bMandriva Linux Security Advisory 2014-095 - It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.
bdda9e490d58910aa0c5c618c3765ea30a160f6fb71b2be4423f4076d612bfb3Mandriva Linux Security Advisory 2014-092 - lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving.cups/client.conf. Cross-site scripting vulnerability in scheduler/client.c in Common Unix Printing System before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. The updated packages have been patched to correct these issues.
42c1c60c5b38f63153e3d145588b75d3bd5cddd4e0f739227eba41ec8a6c26e7Gentoo Linux Security Advisory 201405-25 - A vulnerability in Symfony may allow remote attackers to read arbitrary files. Versions less than 1.4.20 are affected.
feb36ab99419e287a5143c2b3e211068bbac6fc1a57c4548f5fa6a3feb279a1eGentoo Linux Security Advisory 201405-24 - Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service. Versions less than 1.4.8-r1 are affected.
d9222b06fe4084a9196c4106e29e02ec8051b6ed75b924156e34d9b342dbb8a5Gentoo Linux Security Advisory 201405-23 - A vulnerability in lib3ds might allow a remote attacker to execute arbitrary code. Versions less than 2.0.0_rc1 are affected.
a625ca18ebf43ec3b64c1856da0bf137bfbeab77530e25c6d4982e5b23354d6cGentoo Linux Security Advisory 201405-22 - Multiple vulnerabilities in Pidgin may allow execution of arbitrary code. Versions less than 2.10.9 are affected.
d6ade25d1829f578c0c4b87491c29680a25c44d0e8a781b9891d64b725a269edGentoo Linux Security Advisory 201405-21 - A vulnerability has been found in Charybdis and ShadowIRCd, possibly resulting in remote Denial of Service. Versions less than 3.4.2 are affected.
cd564f81b8571c1bf5b5e258f5cd6b100409c49a7c5ff1d2daa5366096e45bffGentoo Linux Security Advisory 201405-20 - A stack-based buffer overflow in JBIG-KIT might allow remote attackers to cause a Denial of Service. Versions less than 2.1 are affected.
b72402b9c4b4b8334ba339b80c5b8e3bde5e2e8f0917ed325dea455f8257a78aGentoo Linux Security Advisory 201405-19 - Multiple vulnerabilities have been found in MCrypt, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.6.8-r2 are affected.
acfc23d623fcfd04590fc6005aa75082db03dd2551cb88ac87bad7cf8ae3e53dGentoo Linux Security Advisory 201405-18 - A buffer overflow in OpenConnect could result in execution of arbitrary code or Denial of Service. Versions less than 4.08 are affected.
8fd81a808724458e96eb1c937d4d7331859832e110f78716f99e117c98017ce2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed