Mandriva Linux Security Advisory 2014-237 - An assumption in Mojolicious versions prior to 5.48 had an issue where CGI parameter handling could result in parameter injection attacks.
98859800d41e5970bfc20ef732e417c65eb6261c997609728209566a9a7bf6efUbuntu Security Notice 2426-1 - Michele Spagnuolo discovered that FLAC incorrectly handled certain malformed audio files. An attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.
3b6937356aa74e200c7dccd14b5fca4055bfd9ad918b1102663fea68014208afUbuntu Security Notice 2427-1 - Hanno Bock discovered that Libksba incorrectly handled certain S/MIME messages or ECC based OpenPGP data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.
f5cd342ed6be07a6d1c5d748def8c51af71ac915a866fd5ac48d17039b860a6aHP Security Bulletin HPSBGN03209 - A potential security vulnerability has been identified with HP Application Lifecycle Management running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
e679dd5c2daede4524e04696a912f8c749c70a8bafe54a0b2f0b220562cbe80eUbuntu Security Notice 2425-1 - It was discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service.
df98e002d16cc210ffd23af3c713e5b075ae7b6a0974979d6b56caca058a00f6FileVista versions prior to 6.1 leak internal path data and allow extraction outside of the stated path.
3c41a9d024130c7bed75e3f82d0c36623aba0b5bbf2db458319d7eee03859fcbGentoo Linux Security Advisory 201411-11 - Multiple vulnerabilities have been found in Squid, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 3.3.13-r1 are affected.
73ccf120cd4c0ce4a96bbcd00e0a93a9fa5bff2c7dac71efc1a6c14ead3b2cffDebian Linux Security Advisory 3078-1 - An integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksba_oid_to_str() function of libksba, an X.509 and CMS (PKCS#7) library. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application using libksba to crash (denial of service), or potentially, execute arbitrary code.
7217c0ae2ea44f802fdb12bc21101dee31a22b1db69bedc15efca5b833bb17ccMandriva Linux Security Advisory 2014-235 - Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files.
ffd5432731e6114de1f6fb03fdbfbba1a28f30ebad18de3760db8f1515a334c3Mandriva Linux Security Advisory 2014-234 - Updated libksba packages fix a security vulnerability. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service.
4161d0bb416d2018777c709cd2038b0aaa0dba746d8e27b13c8d1dccd3322e19Mandriva Linux Security Advisory 2014-236 - An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash.
3608d773793a8a2661f099e810c1c55e6f15845bbccf334b6e42c4f47a616266Mandriva Linux Security Advisory 2014-233 - An updated wordpress package fixes cross site scripting, cross site request forgery, and various other vulnerabilities.
fc0e8f592fe175467d50e535aa40bb6824e42aeab1a1a0ddd3da3b18e749ce97Mandriva Linux Security Advisory 2014-232 - The function wordexp\(\) fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of $((... ``)) where ... can be anything valid. The backticks in the arithmetic expression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This update fixes the issue.
3ae4a73075a4f65622957a8cedc74c98147406a7b1913f82ee05ab73b4ee0479Red Hat Security Advisory 2014-1915-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security Bulletin APSB14-26, listed in the References section. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
53efab1af664258ac3efe445b3476dea79d5f1cdad2149b62af991792779a123Mandriva Linux Security Advisory 2014-231 - Icecast did not properly handle the launching of scripts on connect or disconnect of sources. This could result in sensitive information from these scripts leaking to clients.
869d8835249b0bad75dd9dcc9c0d9d0bab22dd39b5771ff84b36c0092d5d8ddfRed Hat Security Advisory 2014-1914-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.
64e3d44e9dbab89e160adf73238ebdb29bdeec72fc06bbc51f513a53b785ec91Mandriva Linux Security Advisory 2014-230 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.
e78db882e943ee9b4f1b7075ddaa971883bca45bf173bf02afe691b652970d70Red Hat Security Advisory 2014-1913-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.
d34b054a1a09c5c71830a7fcd1d0e8f4e17c481c432a2ca499f384346ad1bb95Ubuntu Security Notice 2423-1 - Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Damien Millescamp discovered that ClamAV incorrectly handled certain PE files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
d6092dd8150ce52077c247cd9ef37e9c7460b34082e92cd732c24dd6bdcedf14Red Hat Security Advisory 2014-1912-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.
605c3f723bbfea05479a3515ed6e3f17674fe0a63446d76ac3980b8b44b410b6Red Hat Security Advisory 2014-1911-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. The CVE-2014-8090 issue was discovered by Red Hat Product Security.
f40e101efebd630758efe522c9936ca1eb07b705ae9818d1a01084211278397cDebian Linux Security Advisory 3077-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
62c0314467aa2c9895f33a70b2c2b807f397a7842f9458256402276ac4e2ab97HP Security Bulletin HPSBGN03202 - A potential security vulnerability has been identified with HP CMS: Configuration Manager running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
11d8f74f3d234703927a352f928edc3ce65648f18012e6152aa5b809e5c5d27eMandriva Linux Security Advisory 2014-229 - A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC client. A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes when using the file transfer message feature. Additionally libvncserver has been built against the new system minilzo library which is also being provided with this advisory.
59582641be6253489b02c2a056d9dc2e9d78bc1f386ccc42b6724b2908a98685Red Hat Security Advisory 2014-1906-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was found that OpenShift Enterprise 2.1 did not properly restrict access to services running on different gears. This could allow an attacker to access unprotected network resources running in another user's gear. In a previous update, OpenShift Enterprise 2.2 introduced the oo-gear-firewall command, which creates firewall rules and SELinux policy to contain services running on gears to their own internal gear IPs. The command is invoked by default during new installations of OpenShift Enterprise 2.2 to prevent this security issue.
0dab918722c6ec216cdaf16e5440d534c679006cc8fc02bb2ddd7d4dbe5f3701
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed