Twenty Year Anniversary
Showing 1 - 25 of 209 RSS Feed

Files

Mandriva Linux Security Advisory 2014-237
Posted Nov 30, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-237 - An assumption in Mojolicious versions prior to 5.48 had an issue where CGI parameter handling could result in parameter injection attacks.

tags | advisory, cgi
systems | linux, mandriva
MD5 | e7fef773a37b60926117d5ccb06dfa40
Ubuntu Security Notice USN-2426-1
Posted Nov 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2426-1 - Michele Spagnuolo discovered that FLAC incorrectly handled certain malformed audio files. An attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8962, CVE-2014-9028
MD5 | a38684a77f68c0304df035fb082b87c4
Ubuntu Security Notice USN-2427-1
Posted Nov 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2427-1 - Hanno Bock discovered that Libksba incorrectly handled certain S/MIME messages or ECC based OpenPGP data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9087
MD5 | aa05292572b774aa3bf73f8e7e3a4ddf
HP Security Bulletin HPSBGN03209
Posted Nov 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03209 - A potential security vulnerability has been identified with HP Application Lifecycle Management running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | 28194b252becbc7597e4977fdd471f73
Ubuntu Security Notice USN-2425-1
Posted Nov 28, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2425-1 - It was discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2014-7824
MD5 | f2a95196c63cfe08addb66450febd4bf
FileVista Path Leakage / Path Write Modification
Posted Nov 28, 2014
Authored by DS

FileVista versions prior to 6.1 leak internal path data and allow extraction outside of the stated path.

tags | advisory, info disclosure
advisories | CVE-2014-8788, CVE-2014-8789
MD5 | 7d0dfbef3741155722a7ca59d645ed80
Gentoo Linux Security Advisory 201411-11
Posted Nov 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-11 - Multiple vulnerabilities have been found in Squid, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 3.3.13-r1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0128, CVE-2014-7141, CVE-2014-7142
MD5 | cbe0833a61541372eb99920080cc3a8f
Debian Security Advisory 3078-1
Posted Nov 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3078-1 - An integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksba_oid_to_str() function of libksba, an X.509 and CMS (PKCS#7) library. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application using libksba to crash (denial of service), or potentially, execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-9087
MD5 | 965c78a03ffcbe621696690bdf4a78e4
Mandriva Linux Security Advisory 2014-235
Posted Nov 28, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-235 - Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-5269
MD5 | 270003ab7e450c0c88c3fcce2e116e67
Mandriva Linux Security Advisory 2014-234
Posted Nov 28, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-234 - Updated libksba packages fix a security vulnerability. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service.

tags | advisory, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2014-9087
MD5 | aa9a63204a3f5d87f74be2b91465c555
Mandriva Linux Security Advisory 2014-236
Posted Nov 28, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-236 - An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3710
MD5 | 9418cdef0c381844c0de9590a10e2ab3
Mandriva Linux Security Advisory 2014-233
Posted Nov 28, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-233 - An updated wordpress package fixes cross site scripting, cross site request forgery, and various other vulnerabilities.

tags | advisory, vulnerability, xss, csrf
systems | linux, mandriva
advisories | CVE-2014-9031, CVE-2014-9032, CVE-2014-9033, CVE-2014-9034, CVE-2014-9035, CVE-2014-9036, CVE-2014-9037, CVE-2014-9038, CVE-2014-9039
MD5 | 288503effbbc8b9c6f0c840e149c7914
Mandriva Linux Security Advisory 2014-232
Posted Nov 28, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-232 - The function wordexp\(\) fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of $((... ``)) where ... can be anything valid. The backticks in the arithmetic expression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This update fixes the issue.

tags | advisory, shell
systems | linux, mandriva
advisories | CVE-2014-7817
MD5 | 7b3eb93ce346e1df90abd3ec9d6b0df9
Red Hat Security Advisory 2014-1915-01
Posted Nov 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1915-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security Bulletin APSB14-26, listed in the References section. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-8439
MD5 | cb31c95d356a3eaf6857c9f62584bc42
Mandriva Linux Security Advisory 2014-231
Posted Nov 27, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-231 - Icecast did not properly handle the launching of scripts on connect or disconnect of sources. This could result in sensitive information from these scripts leaking to clients.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-9018
MD5 | d733da1df5a4615a2c1a08b4cdf722be
Red Hat Security Advisory 2014-1914-01
Posted Nov 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1914-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.

tags | advisory, denial of service, overflow, ruby
systems | linux, redhat
advisories | CVE-2014-4975, CVE-2014-8080, CVE-2014-8090
MD5 | 0eb8d46493dde6ab962a9c6cea3a9e40
Mandriva Linux Security Advisory 2014-230
Posted Nov 27, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-230 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-3647, CVE-2014-3673, CVE-2014-3687, CVE-2014-3690, CVE-2014-7825, CVE-2014-7826, CVE-2014-7970, CVE-2014-8369
MD5 | 0faf6770e14fbf8b183e2daab3b95edb
Red Hat Security Advisory 2014-1913-01
Posted Nov 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1913-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.

tags | advisory, denial of service, overflow, ruby
systems | linux, redhat
advisories | CVE-2014-4975, CVE-2014-8080, CVE-2014-8090
MD5 | 32dd5b679d826a9757290e0883176953
Ubuntu Security Notice USN-2423-1
Posted Nov 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2423-1 - Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Damien Millescamp discovered that ClamAV incorrectly handled certain PE files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2013-6497, CVE-2014-9050
MD5 | a2a47d5b596acc51c92366b5c5f92d4c
Red Hat Security Advisory 2014-1912-01
Posted Nov 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1912-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.

tags | advisory, denial of service, overflow, ruby
systems | linux, redhat
advisories | CVE-2014-4975, CVE-2014-8080, CVE-2014-8090
MD5 | 3274bc2cc840ebddceee2bcc8fabdb99
Red Hat Security Advisory 2014-1911-01
Posted Nov 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1911-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. The CVE-2014-8090 issue was discovered by Red Hat Product Security.

tags | advisory, denial of service, ruby
systems | linux, redhat
advisories | CVE-2014-8080, CVE-2014-8090
MD5 | 78a9c5f874333aa5d0e55200fda9341a
Debian Security Advisory 3077-1
Posted Nov 27, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3077-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
MD5 | bc12eefe9dfccbef4ec4ce4dec6f6848
HP Security Bulletin HPSBGN03202
Posted Nov 27, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03202 - A potential security vulnerability has been identified with HP CMS: Configuration Manager running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | d44c5857863338cc5c7273a4fac817ce
Mandriva Linux Security Advisory 2014-229
Posted Nov 27, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-229 - A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC client. A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes when using the file transfer message feature. Additionally libvncserver has been built against the new system minilzo library which is also being provided with this advisory.

tags | advisory, remote, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055
MD5 | 4483cf739c4756a5c449301327de2ba1
Red Hat Security Advisory 2014-1906-01
Posted Nov 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1906-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was found that OpenShift Enterprise 2.1 did not properly restrict access to services running on different gears. This could allow an attacker to access unprotected network resources running in another user's gear. In a previous update, OpenShift Enterprise 2.2 introduced the oo-gear-firewall command, which creates firewall rules and SELinux policy to contain services running on gears to their own internal gear IPs. The command is invoked by default during new installations of OpenShift Enterprise 2.2 to prevent this security issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3602, CVE-2014-3674
MD5 | 283d8d14cfcd831376e1a7333c0943fb
Page 1 of 9
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
UK Hacking Prosecutions Dropped Significantly Last Year
Posted Aug 20, 2018

tags | headline, hacker, government, britain
Gmail Now Lets You Send Self-Destructing Confidential Mode Emails From Your Phone
Posted Aug 20, 2018

tags | headline, privacy, email, phone, google
DNS Requests Are Routinely Spied On
Posted Aug 20, 2018

tags | headline, privacy, dns, spyware
When The Hotel Staff, Not The Hackers, Invade Your Privacy
Posted Aug 20, 2018

tags | headline, hacker, privacy, conference
Appliance Botnet Could Bring Power Grid To Its Knees
Posted Aug 17, 2018

tags | headline, flaw, scada
Chinese Hackers Target Alaska
Posted Aug 17, 2018

tags | headline, hacker, government, usa, china, cyberwar
Necurs Botnet Launches Fresh Assault Against Banks
Posted Aug 17, 2018

tags | headline, malware, bank, cybercrime, botnet, fraud
Apple Hack Teen Pleads Guilty
Posted Aug 17, 2018

tags | headline, hacker, data loss, apple
Google Expands Bug Bounty To Include Fraud Protection Bypass
Posted Aug 16, 2018

tags | headline, fraud, flaw, google
Credit Card Skimmers Now Need To Fear The Reaper
Posted Aug 16, 2018

tags | headline, hacker, bank, cybercrime, fraud, conference
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close