Debian Linux Security Advisory 2765-2 - The update released for davfs2 in DSA 2765 had a version number for Debian 7 "wheezy" that sorts lower than the version in Debian 6 "squeeze", causing problems on upgrades. This update makes a package of davfs2 in wheezy available which corrects only the version number.
aa8bfc6ea9c15a1557ed96764c642823aafbff021291cfa52eff9a50cf97c2e6Red Hat Security Advisory 2014-0899-01 - The openstack-neutron packages provide Openstack Networking, the virtual network service. OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. It was discovered that an authenticated user could add a security group rule with an invalid CIDR causing the openvswitch-agent process to fail and prevent further rules from being applied.
12984459022baf2395d5a366d6fa4c480f4128a03b2f292f6a9b26954ff26981Ubuntu Security Notice 2289-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.
ee4b5aba8b85af49f51b037947116834b7eba864e9592e5b19b0e8efa9345287Ubuntu Security Notice 2281-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. A flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). Various other issues were also addressed.
fb76516b15ce9ca580e4630ff501124404a3bd73f76afd4fa1763950b0a262abVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an input validation error in DirectShow when processing and unserializing "Stretch" objects in memory, which could be exploited to elevate privileges and execute arbitrary code in the context of the logged on user, or e.g. bypass Internet Explorer's Enhanced Protected Mode (EPM) sandbox.
40f607f1e58adf819a7c42c06abb4eb9360e75d0caf490c0619a31a7fb069410VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling "ShowSaveFileDialog()", which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.
700a7758a2ea45f7d7adc64c38c0a1f3ef968cb15f258ae383dc779133000acaRemote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server "Desktop Client" installed.
3f95a17f5a3e3e08e1e5b964c913a1f26f928b80824fd0094146709d8a80f674VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion vulnerability when processing object types within data shared between the broker and sandboxed processes, which could be exploited by a sandboxed process to achieve code execution within the broker context and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.
7b2092a65c7957bd27e081adb9fb8fc46c778ffa0f86266785a00a12ab75e46fVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free vulnerability when manipulating CSS @import statements through "addImport()" or "removeImport()", which could be exploited by attackers to leak arbitrary memory or execute arbitrary code via a malicious web page. Versions 9, 10, and 11 are affected.
cd96a783b0ba06438db8d155e68c36b5c423d9b3a31f74080fdd6447b9005d44HP Security Bulletin HPSBMU03072 SSRT101644 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
b2ab6e14584863667d15fb117618e07354ef9957457802c05b651e4fba71c1feUbuntu Security Notice 2280-1 - It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. A remote attacker could possibly use this issue to cause applications using MiniUPnPc to crash, resulting in a denial of service.
5117542815fcf93452faef16813bce06800a6e938b6b81dd1edc398b7cd296c0Ubuntu Security Notice 2279-1 - Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
102c3b451b291373563c086d75532664f1f5b37b475c6c040d5b1359c0209760Red Hat Security Advisory 2014-0889-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.
d955c02b6fb6ac14d03885483e62d7eae4828a382f7ace3097c1309e2b00fc3aRed Hat Security Advisory 2014-0898-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
18741ed083fd88bef12746d5d7cb90c7633e1bbdee424711f7b3da2352532b3cRed Hat Security Advisory 2014-0897-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
80ff770a940677ba6ce6e5fd9f188c8b53262afdde5337e1bd2d8f9c30bc6b65Red Hat Security Advisory 2014-0896-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.5.0, and includes bug fixes and enhancements.
f3cb7fd4bf3ab53aa837fd1043fd374cbb2e9e4e0d0f3b86eac19d2b75a3056cRed Hat Security Advisory 2014-0895-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.3.0 serves as a replacement for Red Hat JBoss Data Grid 6.2.1. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.3.0 Release Notes.
aeb0b570938a9a6265d4028ddf3b4294b3853a5be7bb3907f9ec1aa0586df308Gentoo Linux Security Advisory 201407-4 - A vulnerability in GnuPG can lead to a Denial of Service condition. Versions less than 2.0.24 are affected.
f7be745ceed87b9b64547f9e9de4ec5241c8f3295bfdc3031551291bb5a16cedRed Hat Security Advisory 2014-0890-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.
b3aae823004ba1feeaae51546b3ea5b2573c2738250f2333c1900c5b9508acaeGentoo Linux Security Advisory 201407-3 - Multiple vulnerabilities have been found in Xen, the worst of which could lead to arbitrary code execution. Versions less than 4.3.2-r4 are affected.
600ec9e94e030b36e7d0770eb003e8d183518912299983d949f22aba378524acRed Hat Security Advisory 2014-0887-02 - JBoss Remoting is a stand-alone project that provides an API for making remote invocations using pluggable transports and data marshallers. JBoss Application Server 5 and supported Red Hat JBoss 5.x products contain JBoss Remoting, which includes a partial implementation of the JMX remoting specification JSR 160. This implementation is provided in jmx-remoting.sar, which is deployed by default in unsupported community releases of JBoss Application Server 5.x. This implementation does not implement security as defined in JSR 160, and therefore does not apply any authentication or authorization constraints. A remote attacker could use this flaw to potentially execute arbitrary code on a vulnerable server. All of the supported Red Hat JBoss 5.x products are not affected by this issue in their default configuration. These products are only vulnerable if JMX remoting is enabled by manually deploying jmx-remoting.sar from the jboss-as/docs/examples directory. Unsupported community releases of JBoss Application Server 5.x are affected. All users of the standalone JBoss Remoting project are also affected.
135d5c4a321a8fbc578a3508486fc58852de448195dd8f13ec7114baf60130ffHP Security Bulletin HPSBGN03068 - Potential security vulnerabilities have been identified with HP OneView running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.
9f946d69e9ae40c2b4951e6887030d834e2b618227253bcf06f848fb7f7f8e75HP Security Bulletin HPSBHF02913 - Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS). The vulnerabilities could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
805c37c22bb461da54bf4be56b89f7757e21875b44289d28facaff156b211741HP Security Bulletin HPSBST03039 - Potential security vulnerabilities have been identified with HP StoreVirtual 4000 Storage and StoreVirtual VSA. The vulnerabilities could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
6602c51ec6623596c7878756e8f0e731f49ba8f5350d89183544c5361c41042eRed Hat Security Advisory 2014-0886-00 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
d3ca816758feba4cd5d87e779e2f7d1863ed3a7afb7b0768d0234ca5c12c0450
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed