exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 253 RSS Feed

Files

Red Hat Security Advisory 2014-1294-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1294-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-6271
SHA-256 | 367558e0af4bea38e2153ee9ee9c6ce9ff57eb72553269ce1c96319107027e35
Red Hat Security Advisory 2014-1295-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1295-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-6271
SHA-256 | 0ab1587f987ce692a6ed8a870be5c168ea32c5c83293ed22e852410b266a93f8
Red Hat Security Advisory 2014-1293-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1293-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-6271
SHA-256 | 11602d72b531b9a3376befaf2f40d6b9bc9bb40b1d354a5986c1541d7c56f5cd
Debian Security Advisory 3031-1
Posted Sep 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3031-1 - The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the 'http' apt method binary, or potentially to arbitrary code execution.

tags | advisory, web, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2014-6273
SHA-256 | 1868df8a88a13239945f034440fe682b0e121f18704c5b892e1bc8e05326064e
Red Hat Security Advisory 2014-1292-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1292-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A buffer overflow flaw was discovered in the way HAProxy handled, under very specific conditions, data uploaded from a client. A remote attacker could possibly use this flaw to crash HAProxy. All haproxy users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

tags | advisory, remote, web, overflow, tcp
systems | linux, redhat
advisories | CVE-2014-6269
SHA-256 | ea9afa70ec341e7cbc76477bb85a10d68d3e96ac7cd0d0fd2f67a7cf2af9b196
Ubuntu Security Notice USN-2359-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2359-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5077, CVE-2014-5471, CVE-2014-5472
SHA-256 | cf16b83f0cf1bc592f97d89975e48b9fc09cdb89e7cbea49009a9915a86c8c9b
Ubuntu Security Notice USN-2358-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2358-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5077, CVE-2014-5471, CVE-2014-5472
SHA-256 | 0d19c0cfd635887d874af2d1b5bf9dfce4d6a57b5a3961bb65c05caa2a2a30c8
Ubuntu Security Notice USN-2355-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2355-1 - Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-5471, CVE-2014-5472
SHA-256 | 6bb051a04b06b8f356fa6ace8abe900b0e5f36a2d10b0d99e687194d614f39f8
Ubuntu Security Notice USN-2357-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2357-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5471, CVE-2014-5472
SHA-256 | 0ebb86614e3898d4a547dc9127eb1ace7ab6fa1c8b81e79dc053df7fce2da65e
Ubuntu Security Notice USN-2354-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2354-1 - Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-5471, CVE-2014-5472
SHA-256 | cc00d48b3eea531226e9d223ac3a99209cf8c6e5080f17972bfb51e37ce4567e
Ubuntu Security Notice USN-2356-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2356-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5471, CVE-2014-5472
SHA-256 | ce2fd3f7419d213c47c8c6b1fbeea798fbd8c810f8df48d686af866f5ffb68db
Red Hat Security Advisory 2014-1288-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1288-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-3558
SHA-256 | c991ced44fef7bb991203a4ead263b61c8c1f6f53e189e60feca71610ed39418
Ubuntu Security Notice USN-2353-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2353-1 - It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to cause APT to crash, resulting in a denial of service, or possibly execute arbitrary code. In addition, this update fixes regressions introduced by the USN-2348-1 security update: APT incorrectly handled file:/// sources on a different partition, incorrectly handled Dir::state::lists set to a relative path, and incorrectly handled cdrom: sources. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-6273
SHA-256 | f18a6d99273ccea43f4ff13505d8b7b64673270f54fc2a22c95b75f5502949bc
Microsoft Security Bulletin Re-Release For September, 2014
Posted Sep 24, 2014
Site microsoft.com

This bulletin summary notes that MS14-055 has undergone a major revision increment as of September 23, 2014.

tags | advisory
SHA-256 | 7e49f4a65656a8c1d41f3f15917fef8811b7317a8253711433dd361375197b18
Debian Security Advisory 3030-1
Posted Sep 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3030-1 - Multiple SQL injection vulnerabilities have been discovered in the Mantis bug tracking system.

tags | advisory, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2014-1608, CVE-2014-1609
SHA-256 | 7ec113a935c89ad9a311490ba16351ced2516ceca32df1676255c000535a79fa
Debian Security Advisory 3029-1
Posted Sep 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3029-1 - Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position.

tags | advisory
systems | linux, debian
advisories | CVE-2014-3616
SHA-256 | 686cb84de4ba244efd0ea0a859ce45d3415fd2e9a99661b6e0d82901f605addd
Red Hat Security Advisory 2014-1268-01
Posted Sep 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1268-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to supply a malicious image file to QEMU or to helper tools used in image conversion by services such as glance and nova could potentially use these flaws to cause memory corruption, resulting in a crash or possibly arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223, CVE-2014-3461
SHA-256 | fa9a090f061e49ebd6c9d9180ffd2781fd7e6e5ab6c7769ae73a3ad939cdc81f
Red Hat Security Advisory 2014-1281-01
Posted Sep 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1281-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-3917
SHA-256 | 9db192dae67115d135082d1c74941604603bf15acde17a51427e55f23152e653
Ubuntu Security Notice USN-2352-1
Posted Sep 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2352-1 - Simon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Alban Crequy discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639
SHA-256 | 578a2d1dfc85b26a2a964420dece270158fce7e3eb1ee68afd5fab19c7aa3d29
Ubuntu Security Notice USN-2351-1
Posted Sep 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2351-1 - Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx incorrectly reused cached SSL sessions. An attacker could possibly use this issue in certain configurations to obtain access to information from a different virtual host.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-3616
SHA-256 | 02a8e09de555bdb912d184f6c0aefad2a80152bc1062161322d7a1666becefaa
Ubuntu Security Notice USN-2350-1
Posted Sep 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2350-1 - The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17 which includes the latest CA certificate bundle.

tags | advisory
systems | linux, ubuntu
SHA-256 | 359eef1863967a3b5b7f8d6b8420e45720f540fd85d506dbfbaf0f294396fdda
HP Security Bulletin HPSBPI03107
Posted Sep 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03107 - A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote unauthorized access. Note: This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2014-0224
SHA-256 | c630d7cb333d249c31f5bfb55e2236a3d8bbab6a9929e9aed07b2ff46802f312
Mandriva Linux Security Advisory 2014-180
Posted Sep 22, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-180 - The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL side-channel attack.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-5270
SHA-256 | 03ec5c081a2354c13e32e599e0fef98400dfb6bbc16a191f9eaf5f922d8321ae
Gentoo Linux Security Advisory 201409-08
Posted Sep 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201409-8 - A vulnerability in libxml2 allows a remote attacker to cause Denial of Service. Versions less than 2.9.1-r4 are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2014-0191
SHA-256 | 3d3e51ebf497b1002f4ac43821208f034b3bdc6899d6ce505e3b73fa6133ac3c
Gentoo Linux Security Advisory 201409-07
Posted Sep 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201409-7 - A vulnerability in c-icap could result in Denial of Service. Versions less than 0.2.6 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2013-7401, CVE-2013-7402
SHA-256 | ed77256c73678e5e8baf81a4a62dd912b81fffb0a62ad82f6ab2495c58dce29f
Page 4 of 11
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close