ignore security and it'll go away
Showing 1 - 25 of 187 RSS Feed

Files

EMC Avamar Missing Certificate Validation
Posted Jan 30, 2015
Site emc.com

EMC Avamar contains a security vulnerability that may potentially be leveraged by a malicious user to obtain sensitive information when performing a backup or restore operation relating to the vCenter Server. EMC Avamar VMware image and File Level Restore (FLR) proxies do not verify SSL certificates properly when presented by vCenter and may be vulnerable to man-in-the-middle attacks. This vulnerability may potentially be exploited to obtain sensitive information when performing backup and restore operations relating to the vCenter Server. EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x are affected.

tags | advisory
advisories | CVE-2014-4632
MD5 | ce55af5556dad5d37c8fbcc7cba43b46
Unisphere Central Redirect / Access Bypass / DoS / Updates
Posted Jan 30, 2015
Site emc.com

Unisphere Central versions prior to 4.0 suffer from a large amount of security vulnerabilities and an update has been released that includes a fix for an unvalidated redirect issue along with various embedded component vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-5107, CVE-2010-5298, CVE-2011-0020, CVE-2011-0064, CVE-2011-3389, CVE-2012-2137, CVE-2012-5885, CVE-2012-6085, CVE-2012-6548, CVE-2012-6549, CVE-2013-0160, CVE-2013-0216, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-0913, CVE-2013-0914, CVE-2013-1767, CVE-2013-1772, CVE-2013-1774, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-1899
MD5 | 77b7ca247803592598a9f050a2092ac7
VMware Security Advisory 2015-0002
Posted Jan 30, 2015
Authored by VMware | Site vmware.com

VMware Security Advisory 2015-0002 - VMware vSphere Data Protection product update addresses a certificate validation vulnerability.

tags | advisory
advisories | CVE-2014-4632
MD5 | 90c495da18e05939705ef7726b92e478
Debian Security Advisory 3145-1
Posted Jan 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3145-1 - Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing HTTP proxy, which might result in denial of service.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2015-1381, CVE-2015-1382
MD5 | 0a39e1383c4014ee1b60a9df0c0cb416
Debian Security Advisory 3144-1
Posted Jan 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3144-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412
MD5 | 582e8e0f25c2920d083e15dc54d5097e
HP Security Bulletin HPSBOV03226 2
Posted Jan 30, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03226 2 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS BIND 9 Resolver. These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) and other vulnerabilities. NOTE: These vulnerabilities impact OpenVMS TCP/IP BIND servers only. No update is required for BIND clients. Revision 2 of this advisory.

tags | advisory, denial of service, tcp, vulnerability
advisories | CVE-2006-4096, CVE-2007-2926, CVE-2008-1447, CVE-2009-0025, CVE-2011-4313, CVE-2012-4244
MD5 | 030d30c3b6c8106e6b18648558b2d49a
Debian Security Advisory 3146-1
Posted Jan 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3146-1 - Jakub Wilk discovered that in requests, an HTTP library for the Python language, authentication information was improperly handled when a redirect occurred. This would allow remote servers to obtain two Proxy-Authorization header (CVE-2014-1830), or netrc passwords from the Authorization header (CVE-2014-1829).

tags | advisory, remote, web, python
systems | linux, debian
advisories | CVE-2014-1829, CVE-2014-1830
MD5 | 6095111dbdce77f5d4dcf5a079b38606
Debian Security Advisory 3147-1
Posted Jan 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3147-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412
MD5 | 3bc167a52cf829fc2cca4b718a4575e0
Asterisk Project Security Advisory - AST-2015-002
Posted Jan 29, 2015
Authored by Mark Michelson, Olle Johansson | Site asterisk.org

Asterisk Project Security Advisory - CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150.

tags | advisory, web
advisories | CVE-2014-8150
MD5 | 40713dbc27a6fb8e51bb53765591ef4e
Pexip Infinity Non-Unique SSH Host Keys
Posted Jan 29, 2015
Authored by giles | Site pexip.com

Pexip Infinity versions prior to 8 fail to generate unique SSH host keys.

tags | advisory
advisories | CVE-2014-8779
MD5 | 771ad68eb387cba60d860d6c38a2ea4f
Slackware Security Advisory - glibc Updates
Posted Jan 29, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and 14.1 to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-0235
MD5 | 5afdab05e39a1e3233e0a0dcc49dd310
Asterisk Project Security Advisory - AST-2015-001
Posted Jan 29, 2015
Authored by Mark Michelson, Y Ateya | Site asterisk.org

Asterisk Project Security Advisory - Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP ports that are allocated in the process are not reclaimed. This issue only affects the PJSIP channel driver in Asterisk. Users of the chan_sip channel driver are not affected. As the resources are allocated after authentication, this issue only affects communications with authenticated endpoints.

tags | advisory
MD5 | b700c0e717e1ace4e886b2f4400800f0
Cisco Security Advisory 20150128-ghost
Posted Jan 29, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affect applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited. The glibc library is a commonly used third-party software component that is released by the GNU software project and a number of Cisco products are likely affected. This advisory will be updated as additional information becomes available. Cisco will release free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, overflow, code execution
systems | cisco
MD5 | de610f6405d09d968322a7bd123b4b8e
FreeBSD Security Advisory - SCTP Stream Reset
Posted Jan 29, 2015
Authored by Gerasimos Dimitriadis | Site security.freebsd.org

FreeBSD Security Advisory - The input validation of received SCTP RE_CONFIG chunks is insufficient, and can result in a NULL pointer deference later. A remote attacker who can send a malformed SCTP packet to a FreeBSD system that serves SCTP can cause a kernel panic, resulting in a Denial of Service.

tags | advisory, remote, denial of service, kernel
systems | freebsd
advisories | CVE-2014-8613
MD5 | 5e79498af0df2b8c95eda66db75f9cba
Ubuntu Security Notice USN-2487-1
Posted Jan 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2487-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413
MD5 | 842dfe9e72b0e14eacc13f9dc483eb57
Red Hat Security Advisory 2015-0104-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0104-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.

tags | advisory, remote, overflow, arbitrary, local, protocol
systems | linux, redhat
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
MD5 | e7470191a6430289d2a3fe335f29b10a
Red Hat Security Advisory 2015-0103-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0103-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.

tags | advisory
systems | linux, redhat
MD5 | 38ed19c4729867ba1eee09ed429774ec
Red Hat Security Advisory 2015-0102-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0102-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. A race condition flaw was found in the way the Linux kernel's mmap, madvise, and fallocate system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2014-4171, CVE-2014-5471, CVE-2014-5472, CVE-2014-7145, CVE-2014-7822, CVE-2014-7841
MD5 | 97136860966be61252c05fa237264b28
Debian Security Advisory 3143-1
Posted Jan 29, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3143-1 - Two vulnerabilities have been discovered in VirtualBox, a x86 virtualization solution, which might result in denial of service.

tags | advisory, denial of service, x86, vulnerability
systems | linux, debian
advisories | CVE-2015-0377, CVE-2015-0418
MD5 | 93d98340c9b3d1b9151f30ba1ed5d080
Red Hat Security Advisory 2015-0100-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0100-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-9130
MD5 | d29bb4e551324cc99e0e640e151d9751
Red Hat Security Advisory 2015-0101-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0101-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2015-0235
MD5 | 84b5b97a912dee75b389e7757eff9aec
Red Hat Security Advisory 2015-0099-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0099-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2015-0235
MD5 | 7a3b68d727fb9103b447c25a763bfc9b
HP LaserJet Information / Functionality Leakage
Posted Jan 29, 2015
Authored by MustLive

HP LaserJet printers with firmware 20130415 and below suffer from information disclosure and unauthenticated test functionality vulnerabilities.

tags | advisory, vulnerability, info disclosure
MD5 | 62e8338b92686dbc969aed5cb37a17a2
VMware Security Advisory 2015-0001
Posted Jan 28, 2015
Authored by VMware | Site vmware.com

VMware Security Advisory 2015-0001 - VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.

tags | advisory
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3660, CVE-2014-8370, CVE-2015-1043, CVE-2015-1044
MD5 | a45dda44dc108cb82a5e5d8f5a6e5a1a
FreeBSD Security Advisory - Kernel Memory Disclosure / Corruption
Posted Jan 28, 2015
Authored by Francisco Falcon, Clement LECIGNE | Site security.freebsd.org

FreeBSD Security Advisory - SCTP protocol provides reliable, flow-controlled, two-way transmission of data. It is a message oriented protocol and can support the SOCK_STREAM and SOCK_SEQPACKET abstractions. SCTP allows the user to choose between multiple scheduling algorithms to optimize the sending behavior of SCTP in scenarios with different requirements. Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory.

tags | advisory, kernel, local, protocol
systems | freebsd
advisories | CVE-2014-8612
MD5 | d91dfbcc12d71302de651badd86e3a5f
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
UK TV Drama About North Korea Hit By Hackers
Posted Oct 17, 2017

tags | headline, hacker, government, britain, cyberwar, korea
Russia Tweaks Telegram With Tiny Fine For Decryption Denial
Posted Oct 17, 2017

tags | headline, government, privacy, russia, cryptography
Never Mind The WPA2 Drama... Details Emerge Of TPM Key Fail
Posted Oct 17, 2017

tags | headline, wireless, flaw, cryptography
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close