HP Security Bulletin HPSBMU03090 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.
08170bb50ff7c64c4846293aaff4cec011cdc0f0d377009be496d884f440c8cfReviewer information stored in metadata can be leaked for submissions sent to the Optical Society of America's Prism system.
cb86d182e6ced767696ef53f3a189c454daee96a6be0ec6aa702a8536cf84291HP Security Bulletin HPSBHF03088 - A potential security vulnerability has been identified with the HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.
14d7a31200210d301590ec06253545a6892912123653b48f6f1a1c0c59d866adRed Hat Security Advisory 2014-1053-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.
948de4a34ae026c5dab154c65c77547ef33ef30112240c62df3060016b472f9bRed Hat Security Advisory 2014-1052-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.
75bc0be12a1079a05666977a741c31a6e9ce2f144a48b721d2d303d494747755Gentoo Linux Security Advisory 201408-4 - Multiple vulnerabilities have been found in Catfish, allowing local attackers to escalate their privileges. Versions less than 1.0.2 are affected.
e342e1b9433b59625a7d84f55365cef4716234345691fa3b9f0ac84b4e637ee8Ubuntu Security Notice 2313-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS).
375d0e9bc6a3b83ccaf9674f3e9b88d90bfebac31f6b1fabfa4520ec3ed6aa7fUbuntu Security Notice 2314-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS).
b9069da9ff51874f9fc252dc9b3b1c2a8eaceb62a7eb43f755f6e10445fcd760Red Hat Security Advisory 2014-1051-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
2bc8c64b4d40c30637044b290aab53cb727a675c2e060ce0954c773628b6e15aRed Hat Security Advisory 2014-1037-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that the get and log methods of the AgentController wrote log messages without sanitizing user input. A remote attacker could use this flaw to insert arbitrary content into the log files written to by AgentController.
09c5b0e3ed81417c90b2dac8ca16e746d480ab1f3453e680186621ce94661885Red Hat Security Advisory 2014-1050-01 - OpenStack Telemetry collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection; this data is stored in a database and presented via the REST API. In addition, Telemetry's extensible design means it can be optionally extended to gather customized data sets. It was found that authentication tokens were not properly sanitized from the message queue by the notifier middleware. An attacker with read access to the message queue could possibly use this flaw to intercept an authentication token and gain elevated privileges. Note that all services using the notifier middleware configured after the auth_token middleware pipeline were affected.
cb9a2c571fca82c415ce3eb267afabaf89e98f4dea867dffa975e61279670ce0Ganeti versions 2.10.0 through 2.10.6 and 2.11.0 through 2.11.4 suffer from an insecure file permission vulnerability that leads to sensitive information disclosure.
960a55567a500fcc535191d7724093c1ce0c92016cee319f1e41c90f38166437Ubuntu Security Notice 2312-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.
e3816f8c04ea2d8938354eb2bf7c96769ee3acaa5a8f4537d6a799ae59eeb90dOpendaylight version 1.0 suffers from local file inclusion and remote file inclusion vulnerabilities in the Netconf (TCP) service.
b4c4f777d826b243c739648f5e37ec62fdf64c8901732abd6398dcdb787c830eAndroid applications built with the Cordova framework can launch other applications through the use of anchor tags, or by redirecting the webview to an Android intent URL. An attacker who can manipulate the HTML content of a Cordova application can create links which open other applications and send arbitrary data to those applications. An attacker who can run arbitrary JavaScript code within the context of the Cordova application can also set the document location to such a URL. By using this in concert with a second, vulnerable application, an attacker might be able to use this method to send data from the Cordova application to the network. This release is an update to a prior advisory.
4e0dda886cea833a687c664d12a4435708cfcce65b89f11c91f68124746cc7f1HP Security Bulletin HPSBMU03089 - A potential security vulnerability has been identified with HP Executive Scorecard running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities Note: OpenSSL vulnerabilities, are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.
d854fc6c01d15af293b74d065d3d1747b841e3cac51232655a55481b5756ce47Debian Linux Security Advisory 2984-2 - It was discovered that the acpi-support update for DSA-2984-1 would make a laptop's power button forcibly shut the system down, instead of triggering the configured action (usually suspend to RAM). This only affects systems using the gnome-settings-daemon.
42557260d34d50a66f6fe09569e56e789759c32e94fdb6750ae406e5165eec71Gentoo Linux Security Advisory 201408-3 - A vulnerability in LibSSH can result in leakage of private key information. Versions less than 0.6.3 are affected.
8352f547da7a3cf848b8e227033600ae1aeea647697809d94f542b731d45e45aWordPress Disqus versions 2.7.5 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
2df5dbf30ee565d7f622d21cfbcd0f06f378ce8494ab640f6e97b5154395387eUbuntu Security Notice 2311-1 - Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests.
105241bbb753224508871fe229922a8e366df3ce2dae5a0022eeaa4c5a037445Ubuntu Security Notice 2310-1 - It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Various other issues were also addressed.
58d3eb1fd12379457b7d374a0622ac5c590760d80a72c972ae312eb6169fd50cRed Hat Security Advisory 2014-1042-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
a5fd9770eb543143954e0ce7e62172c61b0f36fdf1670bccaa3df126d30abaa1Red Hat Security Advisory 2014-1041-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
f147cfe7cc12e3f4522d55064638a182d5ac28baf1d3276d5e83e5c9db7af0edUbuntu Security Notice 2309-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
faacd4cf1566718d6f69260c44607fa68bfe1e16226d5b2cf2180515f46c35a9Red Hat Security Advisory 2014-1040-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
c84f2ca607c16d6e752c066398ee8786761d415d970c03caeb98cbd795ed9347
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed