exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 186 RSS Feed

Files

EMC Avamar Missing Certificate Validation
Posted Jan 30, 2015
Site emc.com

EMC Avamar contains a security vulnerability that may potentially be leveraged by a malicious user to obtain sensitive information when performing a backup or restore operation relating to the vCenter Server. EMC Avamar VMware image and File Level Restore (FLR) proxies do not verify SSL certificates properly when presented by vCenter and may be vulnerable to man-in-the-middle attacks. This vulnerability may potentially be exploited to obtain sensitive information when performing backup and restore operations relating to the vCenter Server. EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x are affected.

tags | advisory
advisories | CVE-2014-4632
SHA-256 | 960253ccc6bd345db43360a894017a6964b76e9c567c6ab6c5de909091e08bfa
Unisphere Central Redirect / Access Bypass / DoS / Updates
Posted Jan 30, 2015
Site emc.com

Unisphere Central versions prior to 4.0 suffer from a large amount of security vulnerabilities and an update has been released that includes a fix for an unvalidated redirect issue along with various embedded component vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-5107, CVE-2010-5298, CVE-2011-0020, CVE-2011-0064, CVE-2011-3389, CVE-2012-2137, CVE-2012-5885, CVE-2012-6085, CVE-2012-6548, CVE-2012-6549, CVE-2013-0160, CVE-2013-0216, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-0913, CVE-2013-0914, CVE-2013-1767, CVE-2013-1772, CVE-2013-1774, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-1899
SHA-256 | ce4edb828cb719a743e51aeccc8b869350ac720be7a173f3e3978c205c139f5f
VMware Security Advisory 2015-0002
Posted Jan 30, 2015
Authored by VMware | Site vmware.com

VMware Security Advisory 2015-0002 - VMware vSphere Data Protection product update addresses a certificate validation vulnerability.

tags | advisory
advisories | CVE-2014-4632
SHA-256 | 0531aeee8d20e6e4def483d5bc261726b7dc432377407392d954630e1a91fddd
Debian Security Advisory 3145-1
Posted Jan 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3145-1 - Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing HTTP proxy, which might result in denial of service.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2015-1381, CVE-2015-1382
SHA-256 | e6db28ba30169786edf2dcf19679ab5a026574a62ab07e73a140bfd7b7124c5b
Debian Security Advisory 3144-1
Posted Jan 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3144-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412
SHA-256 | 622b1ffb514cee356dcd2ec27f28c7e4b1b32a3f20afd883039207989ce539b0
HP Security Bulletin HPSBOV03226 2
Posted Jan 30, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03226 2 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS BIND 9 Resolver. These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) and other vulnerabilities. NOTE: These vulnerabilities impact OpenVMS TCP/IP BIND servers only. No update is required for BIND clients. Revision 2 of this advisory.

tags | advisory, denial of service, tcp, vulnerability
advisories | CVE-2006-4096, CVE-2007-2926, CVE-2008-1447, CVE-2009-0025, CVE-2011-4313, CVE-2012-4244
SHA-256 | 4935d3f1fb7ea8e8542d5095cd4cb2b982b905b4752fdda66d72da48b1f6e88d
Debian Security Advisory 3146-1
Posted Jan 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3146-1 - Jakub Wilk discovered that in requests, an HTTP library for the Python language, authentication information was improperly handled when a redirect occurred. This would allow remote servers to obtain two Proxy-Authorization header (CVE-2014-1830), or netrc passwords from the Authorization header (CVE-2014-1829).

tags | advisory, remote, web, python
systems | linux, debian
advisories | CVE-2014-1829, CVE-2014-1830
SHA-256 | d12919710b3c1d41c774e5833078bfdcbc449f8d50ae48755845daa5dbf03e7a
Debian Security Advisory 3147-1
Posted Jan 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3147-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412
SHA-256 | 8f72aaccb477a21c98ab72ae6ecbad94d77750711480b0a4c5c4c91781281f8c
Asterisk Project Security Advisory - AST-2015-002
Posted Jan 29, 2015
Authored by Mark Michelson, Olle Johansson | Site asterisk.org

Asterisk Project Security Advisory - CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150.

tags | advisory, web
advisories | CVE-2014-8150
SHA-256 | 29b34a38aceb27270a9742ce1a2328d92a59cc3a2103a91b0fcb2d89ef89580a
Pexip Infinity Non-Unique SSH Host Keys
Posted Jan 29, 2015
Authored by giles | Site pexip.com

Pexip Infinity versions prior to 8 fail to generate unique SSH host keys.

tags | advisory
advisories | CVE-2014-8779
SHA-256 | 43c60a3a4da895b0ff05a3e455fad08e342cad1275ea6870cdccf41b80f4520e
Slackware Security Advisory - glibc Updates
Posted Jan 29, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and 14.1 to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-0235
SHA-256 | 3d6fcd881648b54bc54e46c4ef60b3519d0791bdbb5d2cd4595f585e0f842fc9
Asterisk Project Security Advisory - AST-2015-001
Posted Jan 29, 2015
Authored by Mark Michelson, Y Ateya | Site asterisk.org

Asterisk Project Security Advisory - Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP ports that are allocated in the process are not reclaimed. This issue only affects the PJSIP channel driver in Asterisk. Users of the chan_sip channel driver are not affected. As the resources are allocated after authentication, this issue only affects communications with authenticated endpoints.

tags | advisory
SHA-256 | e9d6055114e8feed6c629f9b504bd51b2f5d85998f7eb3481512d7fdd54bfc05
Cisco Security Advisory 20150128-ghost
Posted Jan 29, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affect applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited. The glibc library is a commonly used third-party software component that is released by the GNU software project and a number of Cisco products are likely affected. This advisory will be updated as additional information becomes available. Cisco will release free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, overflow, code execution
systems | cisco
SHA-256 | 2e0026b3d1367be53ce21e71b130653197f3f5ca3990e8209a45096c3c52ad87
FreeBSD Security Advisory - SCTP Stream Reset
Posted Jan 29, 2015
Authored by Gerasimos Dimitriadis | Site security.freebsd.org

FreeBSD Security Advisory - The input validation of received SCTP RE_CONFIG chunks is insufficient, and can result in a NULL pointer deference later. A remote attacker who can send a malformed SCTP packet to a FreeBSD system that serves SCTP can cause a kernel panic, resulting in a Denial of Service.

tags | advisory, remote, denial of service, kernel
systems | freebsd
advisories | CVE-2014-8613
SHA-256 | 824eda45cddf866613c0fa7058809512cfb24cd0a5c87ec79135569a334f0747
Ubuntu Security Notice USN-2487-1
Posted Jan 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2487-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413
SHA-256 | 977618fcde6fb14bb9e08695cbf23c0db9631a6d42f7460996b7515dc431b25b
Red Hat Security Advisory 2015-0104-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0104-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.

tags | advisory, remote, overflow, arbitrary, local, protocol
systems | linux, redhat
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | b1cca658d4b8f1fdf7bcc3b84f7d28ce7411a215dd2e3dc836aab539982213b3
Red Hat Security Advisory 2015-0103-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0103-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.

tags | advisory
systems | linux, redhat
SHA-256 | 28763e7aef77a0a6d56c094e5c660599d5c01b5b111a915ab16a7f3f16df2685
Red Hat Security Advisory 2015-0102-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0102-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. A race condition flaw was found in the way the Linux kernel's mmap, madvise, and fallocate system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2014-4171, CVE-2014-5471, CVE-2014-5472, CVE-2014-7145, CVE-2014-7822, CVE-2014-7841
SHA-256 | d6cb35f9eec16000c013c4d690821d03205cdba86b1d5048733ff6c4beccc835
Debian Security Advisory 3143-1
Posted Jan 29, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3143-1 - Two vulnerabilities have been discovered in VirtualBox, a x86 virtualization solution, which might result in denial of service.

tags | advisory, denial of service, x86, vulnerability
systems | linux, debian
advisories | CVE-2015-0377, CVE-2015-0418
SHA-256 | f1050808d1f6554b991987409e2d3f7e51d9567d16d64f3037ee3c32f9ea580f
Red Hat Security Advisory 2015-0100-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0100-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-9130
SHA-256 | f99e14e79ad38221edda7624248f82e2ac3c99c67404e44d0ef285df877f138d
Red Hat Security Advisory 2015-0101-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0101-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2015-0235
SHA-256 | 74405882e85d1ed82abffab2b60dc45d12f3952a92ab2a5fd816bee6b62ea845
Red Hat Security Advisory 2015-0099-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0099-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2015-0235
SHA-256 | 07ae3d608c7bc928e164c5f0edd07d9fed0b40c519ef06bfed163e6e7f1b23fa
HP LaserJet Information / Functionality Leakage
Posted Jan 29, 2015
Authored by MustLive

HP LaserJet printers with firmware 20130415 and below suffer from information disclosure and unauthenticated test functionality vulnerabilities.

tags | advisory, vulnerability, info disclosure
SHA-256 | de398ae4079091da76521d5c9f293e42efbd2443898883b6e4bd84295203ec2b
VMware Security Advisory 2015-0001
Posted Jan 28, 2015
Authored by VMware | Site vmware.com

VMware Security Advisory 2015-0001 - VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.

tags | advisory
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3660, CVE-2014-8370, CVE-2015-1043, CVE-2015-1044
SHA-256 | 55fa1873d70654ee0597f3da9f1f88c2593c4ac47e45f3deaf0add63c4c2cd33
FreeBSD Security Advisory - Kernel Memory Disclosure / Corruption
Posted Jan 28, 2015
Authored by Francisco Falcon, Clement LECIGNE | Site security.freebsd.org

FreeBSD Security Advisory - SCTP protocol provides reliable, flow-controlled, two-way transmission of data. It is a message oriented protocol and can support the SOCK_STREAM and SOCK_SEQPACKET abstractions. SCTP allows the user to choose between multiple scheduling algorithms to optimize the sending behavior of SCTP in scenarios with different requirements. Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory.

tags | advisory, kernel, local, protocol
systems | freebsd
advisories | CVE-2014-8612
SHA-256 | 94980381572f511b4697b2bf2b6d1b10dee3a0640f849037c8cd995bace01080
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close