HP Security Bulletin HPSBST03000 4 - A potential security vulnerability has been identified with HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.
d73fa1bd882e7f8008920c158bf623bc8f8b58fa93cf66a5af55c435e4a4b1a2Red Hat Security Advisory 2014-0819-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.0.2 serves as a replacement for Red Hat JBoss BPM Suite 6.0.1, and includes bug fixes and enhancements.
5b2018ca1ea60bf0c168ce31e1328db1823bbc6237ead19c714f783467b0aac2Red Hat Security Advisory 2014-0818-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.2 serves as a replacement for Red Hat JBoss BRMS 6.0.1, and includes bug fixes and enhancements.
be959037484d1a765743e14b992c71c12dc19b2d050e960a53ed6defd1d3f971Red Hat Security Advisory 2014-0816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. The SSH utility script created a world-writable file in /tmp/ using a predictable name, and then executed it as root. A local attacker could use this flaw to execute arbitrary commands as the root user. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.
ed0336504b371e408526319445a5c9fd1d368cc89d53bfcce748e66dc58f4a6dGentoo Linux Security Advisory 201406-35 - Multiple vulnerabilities have been found in Openfire, the worst of which could lead to a Denial of Service condition. Versions less than 3.9.2-r1 are affected.
41324993ffa3eb7b745123fc71b6da971e9a55bdf18cdf640e314610a2cc46afRed Hat Security Advisory 2014-0814-01 - The Red Hat Enterprise Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. It was found that the ovirt-engine REST API resolved entities in XML API calls. A remote attacker with credentials to call the ovirt-engine REST API could use this flaw to read files accessible to the user running the ovirt-engine JBoss server, and potentially perform other more advanced XXE attacks.
05adc95783f571a217ffe1d911df66b509c35fc597481b598054f42f53193008Red Hat Security Advisory 2014-0815-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code.
a010735c07300e81c05307db46a722929722e51bde6e7a4c5df209d29725b131Debian Linux Security Advisory 2970-1 - Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool.
67f7c14f82e222e1693697e3659a72b9ae669ebe3fb08bb51ed5f7d72102d52eGentoo Linux Security Advisory 201406-34 - Multiple vulnerabilities have been discovered in KDE Libraries, the worst of which could lead to man-in-the-middle attacks. Versions less than 4.12.5-r1 are affected.
c63b9a944ba7c2935d68a4a420c83a2435da78ca96c29e73e8fb03e625d03496Gentoo Linux Security Advisory 201406-33 - Multiple vulnerabilities have been found in Wireshark, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.10.8 are affected.
b218ed0f4b25bc94042856f53c2c5fb0fd853c918f085b1972ba76584ad83010Gentoo Linux Security Advisory 201406-32 - Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Versions less than 6.1.13.3 are affected.
090fb98b78d165daf38005d744a51c041e7041bc82e7280894ff7c9447061a32HP Security Bulletin HPSBMU03056 - Potential security vulnerabilities have been identified with HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
b614877919ffd8acdaa97393db4294d3cac0f62dcd1d3c07cbb31e1f020b0139HP Security Bulletin HPSBMU03057 - Potential security vulnerabilities have been identified with HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
d2900fe18279864e2d174ab252466414338a67aafa6110a5ff22a7ed7b064f41HP Security Bulletin HPSBMU03061 - A potential security vulnerability has been identified with HP Release Control. The vulnerability could be exploited remotely to allow disclosure of privileged information and elevation of privilege. Revision 1 of this advisory.
c70eb870381013491398bee0005e8a0260fd303241d869b858908d47530e5385Debian Linux Security Advisory 2969-1 - Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the application.
a83f23287604c42c60b88d579639ae305d020bfe95bbe0985afe821df9d5acaaHP Security Bulletin HPSBMU03058 - A potential security vulnerability has been identified with HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This vulnerability could be exploited remotely to allow the disclosure of information. Revision 1 of this advisory.
5a8ab459e9c0801f07c313e0141eb38d3964109dce9b296244e7e197b23ecbc0Ubuntu Security Notice 2263-1 - Salva discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.
c1756759393556e7f3f5ea6151c39cb7d4f78aee5b448f98be9b3580b90bbe19Ubuntu Security Notice 2262-1 - A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions.
e114f0a79df2dc184f86e4e1f8e322df6730085883dcbe31affbebb324233371Ubuntu Security Notice 2261-1 - Salva discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.
05bf0bde4d4865f155ffc5c349bcbc021cacad831e176b70b78ef8aa1290dd14Ubuntu Security Notice 2259-1 - Salva discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.
4fb5093864365c1809ce0fbfe91f7fb846b76d82177e2f2d13873e3cdaf599b2Ubuntu Security Notice 2260-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. Various other issues were also addressed.
a4a39b070b3c2638637a0a3a42c4348f420eadd2c2d14b44a27b4ddd0bcfd35cGentoo Linux Security Advisory 201406-28 - Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.8.7 are affected.
a7dfc0ad8bcd2a1522857cab1a97683ee996889cfb13167b2801ba61ff9de83fGentoo Linux Security Advisory 201406-31 - Multiple vulnerabilities have been found in Konqueror, the worst of which may allow execution of arbitrary code. Versions less than 4.9.3-r1 are affected.
1636f80f16d96860865cc10c6c36fa432ab92847a621b4576d877dd92920fa80Debian Linux Security Advisory 2968-1 - Jean-Rene Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop.
98f994e455ffe9e827e3cdac132ac260a69f23cd0b844b512787858cbce46187Gentoo Linux Security Advisory 201406-30 - A vulnerability has been found in sudo allowing a local attacker to gain elevated privileges. Versions less than 1.8.5 are affected.
cab36e1715276e014e86008e83baf9b2196d6035b61ecca23891bc04e1afc11d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed