Debian Linux Security Advisory 2581-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects.
0714b6a1dfad19c051f809a2bc142984Ubuntu Security Notice 1653-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
3850bf1f5afaddbc0bbd17e5cdd7b564Red Hat Security Advisory 2012-1541-01 - These packages contain the Linux kernel. A malicious NFSv4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. A flaw in the dl2k driver could allow a local, unprivileged user to issue potentially harmful IOCTLs, possibly causing Ethernet adapters using the driver to malfunction.
8eb1a0bdd08c312b7c91d2dd937b2dbeRed Hat Security Advisory 2012-1542-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. Multiple input validation vulnerabilities were discovered in rubygem-activerecored. A remote attacker could possibly use these flaws to perform an SQL injection attack against an application using rubygem-activerecord. Multiple cross-site scripting flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack.
e57ad96523b395ece603fe69fec783e1Red Hat Security Advisory 2012-1540-01 - These packages contain the Linux kernel. A race condition in the way asynchronous I/O and fallocate() interacted when using ext4 could allow a local, unprivileged user to obtain random data from a deleted file. A flaw in the way the Xen hypervisor implementation range checked guest provided addresses in the XENMEM_exchange hypercall could allow a malicious, para-virtualized guest administrator to crash the hypervisor or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level.
b91458cfe9a71a259fc48800519ec6ceRed Hat Security Advisory 2012-1543-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. This update fixes bugs in and adds enhancements to the System Engine packages, and upgrades the system to CloudForms 1.1. This update also fixes the following security issues: It was discovered that Katello did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to download consumer certificates or change settings of other users' systems if they knew the target system's UUID.
09ad22a8b9412ce8ceaeea634a03becfRed Hat Security Advisory 2012-1539-01 - This package provides jabberd 2, an Extensible Messaging and Presence Protocol server used for XML based communication. It was discovered that the XMPP Dialback protocol implementation in jabberd 2 did not properly validate Verify Response and Authorization Response messages. A remote attacker able to connect to the jabberd's server-to-server communication port could possibly use this flaw to spoof source domains of the XMPP messages. Users of Red Hat Network Proxy 5.5 are advised to upgrade to this updated jabberd package, which resolves this issue. For this update to take effect, Red Hat Network Proxy must be restarted.
e4fdead382f0a5533509aaad9b5f9e18Red Hat Security Advisory 2012-1537-01 - JasperReports Server is a reporting server. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service. This update also fixes the following bugs: Adding a user to any ROLE caused an unexpected exception.
0d1fb1f00967f87786626d86a121c46eRed Hat Security Advisory 2012-1506-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. A flaw was found in the way Red Hat Enterprise Linux hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were stored in the "/tmp/" directory and could be pre-created by an attacker. A local, unprivileged user on the host to be added to the Red Hat Enterprise Virtualization environment could use this flaw to escalate their privileges. This update provides the Red Hat Enterprise Virtualization Manager part of the fix. The RHSA-2012:1508 VDSM update must also be installed to completely fix this issue.
3da59e6e432296e90b77079bdcaf1038Red Hat Security Advisory 2012-1538-01 - This package provides jabberd 2, an Extensible Messaging and Presence Protocol server used for XML based communication. It was discovered that the XMPP Dialback protocol implementation in jabberd 2 did not properly validate Verify Response and Authorization Response messages. A remote attacker able to connect to the jabberd's server-to-server communication port could possibly use this flaw to spoof source domains of the XMPP messages. Users of Red Hat Network Satellite 5.5 are advised to upgrade to this updated jabberd package, which resolves this issue. For this update to take effect, Red Hat Network Satellite must be restarted.
2ce4277cb69fe535849c515bd9898f1aRed Hat Security Advisory 2012-1508-01 - VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux 6.3 hosts. A flaw was found in the way Red Hat Enterprise Linux hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were stored in the "/tmp/" directory and could be pre-created by an attacker. A local, unprivileged user on the host to be added to the Red Hat Enterprise Virtualization environment could use this flaw to escalate their privileges. This update provides the VDSM part of the fix. The RHSA-2012:1506 Red Hat Enterprise Virtualization Manager update must also be installed to completely fix this issue.
85e8f314c2e66a89e03227c1fb1b2de1Red Hat Security Advisory 2012-1505-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Red Hat Enterprise Virtualization Hypervisor hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were downloaded in an insecure way, that is, without properly validating SSL certificates during HTTPS connections. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, potentially gaining root access to the host being added to the Red Hat Enterprise Virtualization environment. This update provides the VDSM part of the fix. The RHSA-2012:1506 Red Hat Enterprise Virtualization Manager update must also be installed to completely fix this issue.
f9e212942c2ebf6a7220b0a84f50196eRed Hat Security Advisory 2012-1491-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way Netlink messages without SCM_CREDENTIALS data set were handled. When not explicitly set, the data was sent but with all values set to 0, including the process ID and user ID, causing the Netlink message to appear as if it were sent with root privileges. A local, unprivileged user could use this flaw to send spoofed Netlink messages to an application, possibly resulting in the application performing privileged operations if it relied on SCM_CREDENTIALS data for the authentication of Netlink messages.
aece63615129fd789a2fd3c42520e29cManageEngine MSPCentral version 9 suffers from cross site request forgery, insecure session cookies, and cross site scripting vulnerabilities.
a6b249d821b0d77e77659a38b9618210Twitter is apparently vulnerable to an SMS spoofing vulnerability?
b5bdfe4e34bb192cfacb16d4df651ce8Panda Internet Security versions 2012 and 2013 suffer from a binary planting privilege escalation vulnerability.
0de792645d740c4750a9112fa9b925fbWirtualna Polska S.A. (WP) suffers from cross site request forgery and cross site scripting vulnerabilities.
c7aa22c81deed635329a459cba9795b0Secunia Security Advisory - Kingcope has reported a vulnerability in SSH Tectia Server, which can be exploited by malicious people to bypass certain security restrictions.
ba3b45071f47d177b8529962df50ca25Secunia Security Advisory - Multiple vulnerabilities have been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.
fadca92b803802f29046d3b4a5bb07fcSecunia Security Advisory - Two vulnerabilities have been reported in RSA NetWitness Informer, which can be exploited by malicious people to conduct click-jacking and cross-site request forgery attacks.
d6f6080f2219e7706dfd97952d89cabeSecunia Security Advisory - Debian has issued an update for mysql-5.1. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, by malicious users to cause a DoS (Denial of Service) and potentially execute arbitrary code, and by malicious people to potentially compromise a vulnerable system.
af021546c7a3295c80ad62b1c3fe3596Secunia Security Advisory - Zhao Liang has discovered a vulnerability in SmarterMail, which can be exploited by malicious users to conduct script insertion attacks.
3d2f9b315e362c81a37d3e370bd0881cSecunia Security Advisory - A weakness has been reported in The Sleuth Kit, which can be exploited by malicious people to hide certain data.
3272c8e5a77265eb8cbd020da7610fd5Secunia Security Advisory - A vulnerability has been discovered in Newscoop, which can be exploited by malicious people to conduct SQL injection attacks.
0dd3122677434f9f3eaaa3069ffdc019Secunia Security Advisory - Matthew Joyce has discovered multiple vulnerabilities in ConcourseConnect, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks.
62be12769f955cc9df9376dae9bf15fa
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed