HP Security Bulletin HPSBMU03183 2 - A potential security vulnerability has been identified with HP Server Automation and Server Automation Virtual Appliance running SSL. This is the SSLv3 vulnerability known as "POODLE" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
50dd42f8950f74ed5fcdb76107b4f0688854540b1ea9bbfc9deac8b085470f94HP Security Bulletin HPSBMU03072 3 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. Revision 3 of this advisory.
9da173f7d13011376d0325bd705cfe274d3cffca255633d7ed17afa810ba7d20Red Hat Security Advisory 2014-1870-01 - The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server.
885638c25a72e72e94fdb8647725e8bcfa62cd8fcad0298052f24efe4e1b7425Mandriva Linux Security Advisory 2014-213 - Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle() to be used in that order, and then the duplicate handle must be used to perform the HTTP POST. The curl command line tool is not affected by this problem as it does not use this sequence.
8c2f22fbf0bceec13557eb8ebed885169b49b44a5f993d69f6abfee0dd58fea5Mandriva Linux Security Advisory 2014-214 - Alban Crequy and Simon McVittie discovered several vulnerabilities On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution.
f18c3638c62248de6d67a047b0c027faf904613ac8a45ce27c1d8bbe02610f6bUbuntu Security Notice 2411-1 - Saurav Sengupta discovered that mountall incorrectly handled umask when calling the mount utility, resulting in certain filesystems possibly being mounted with incorrect permissions.
f8ef497221bf050da40793b4cf901875127827eacb1b9e2d4b7d4e5c94f0ac6eRed Hat Security Advisory 2014-1865-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
dc24ad5b598ec2ab364a632b1e81425f128f04fa339b86e44a45a2050537ac81Red Hat Security Advisory 2014-1863-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. Red Hat Subscription Asset Manager is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.
688dccb48f0fad7f4ed5bb8b5c284c3cde47754bf1f5692e7d244e4fdf120639Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 to fix security issues.
c8e06f6798f2065c6aee09594d879f82c98290804b12aaf7347dedd5eb16a147Red Hat Security Advisory 2014-1862-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server.
b95e5e6a4f9a8475b248f2a7c0b6fa60562e8dd85976d14b0cef78343a4ebce4Red Hat Security Advisory 2014-1860-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.
bb10b1eb6943f09018c3fc37c03be99affd56406e1151176cc1ce773d8d263baRed Hat Security Advisory 2014-1861-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server.
1e5c0ea467f5d2b3871a9653f790953cb8f000031d5ca707d2e3f7cc368b6d96Red Hat Security Advisory 2014-1859-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.
9a43ad27f0874894eb259031ca37c0b3ad9742957d3297f792b7785948cf6369Debian Linux Security Advisory 3073-1 - Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack.
8fffc402af38bdb41e678130858ef5a67a02942cf952d7c89fbe50b5cae2713cHP Security Bulletin HPSBGN03192 1 - A potential security vulnerability has been identified with HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the current HP iCAS client software. Revision 1 of this advisory.
3b22f5fc8d2a225d20468f2e0c34749da225bf5130569567f712ac91c0c6e28fGentoo Linux Security Advisory 201411-5 - An absolute path traversal vulnerability could lead to arbitrary code execution. Versions less than 1.16 are affected.
39901c03eab865732404934e3b213c41e488f4c3eeb744fcb7b80f48c2e1f681Prey Anti-Theft for Android is missing proper SSL certification validation that can allow for denial of service and security bypass.
375e740eb82da36272b867f9bfc8c337d55e13acb3c92f8a3fedba233524ef52Ubuntu Security Notice 2409-1 - Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using guest networking. A malicious guest could possibly use this issue to cause a denial of service. Various other issues were also addressed.
0560bed7a0207b09b9eee574c086a9c96540723b7c21d6b2f08c965ea0f7d038HP Security Bulletin HPSBMU03182 1 - A potential security vulnerability has been identified with HP Server Automation. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
2c7547ad37486e13bbfb803f26b54786b2666a0d9a0dc7130cbe590247c0434cDebian Linux Security Advisory 3050-3 - The previous update for iceweasel in DSA-3050-1 did not contain builds for the armhf architecture due to an error in the Debian packaging specific to the armhf build.
986330d8176213258f8f3743d8240fb7636c9b4790c5253b82d1a1459945dddaRed Hat Security Advisory 2014-1852-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
4a006d215c9cae80f1a876b8cc5b0bf08bb44cf658e02ad3743299595a33e101PHPMemcachedAdmin versions 1.2.2 and below suffer from a remote code execution vulnerability.
19d87edb296c6abb43991e0a8e2a208e67c071926458b687ba07422d91852a16SAP Governance, Risk and Compliance (SAP GRC) suffers from SoD bypass, privilege escalation, and remote arbitrary program execution vulnerabilities.
2c6f6dd2ccedd0df4f801c917ff9f40ee8c504126cec43a0f77af7dde206d446HP Security Bulletin HPSBUX03188 SSRT101487 1 - Potential security vulnerabilities have been identified with HP-UX running HP Secure Shell. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
f48ab840d0de653a028d42f01133ffad6f77ec827e8549cb98d0a31ab37fa27cDebian Linux Security Advisory 3071-1 - In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a trust domain.
4a2488a91078e9187bd86f7e1d101335a7b44b196ee02e132b0845e7346a16a2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed