A vulnerability exists in EMC NetWorker that could result in elevation of privileges by an unauthorized user who has access to a local file system.
21da0d56fc3b459c3fa2d684fcf9ac54f5b7a89e341c5dd97585db7581f7a7d0When the server to client certificate-based authentication is configured, the EMC Avamar Client does not correctly validate the values in the Common Name (CN) and Subject Alternative Name (SAN) field of the Avamar Server certificate. This could potentially allow spoofing attacks. Versions 6.x and below are affected.
61fee8be51b3f53990f46d2a359d8c0c700dc535d88c28590e9315c215016a62Debian Linux Security Advisory 2664-1 - Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager (NTLM) authentication ("protocolAuthentication = NTLM") together with the 'connect' protocol method ("protocol = connect"). With these prerequisites and using stunnel4 in SSL client mode ("client = yes") on a 64bit host, an attacker could possibly execute arbitrary code with the privileges of the stunnel process, if the attacker can either control the specified proxy server or perform man-in-the-middle attacks on the tcp session between stunnel and the proxy sever.
0be7b3b1982000f18ee3f8dbafa2d404fa383f45824d8da98d0caa83970bc7d4Red Hat Security Advisory 2013-0784-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.1 will be retired on May 31, 2013, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.1 EUS after that date. In addition, after May 31, 2013, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers with subscriptions to the Extended Update Support channels for Red Hat Enterprise Linux 6.1.
5c4ff175df4244b0bc493bca05eff5267963a25598287aeb523c16895e62dc27A vulnerability in the EMC Avamar web based file restore interface could potentially be exploited by a malicious user to access unauthorized files via URL manipulation.
56dd170b8779011adb569379bb521510fc1abe54526340b3f07db8d83fae1865Ubuntu Security Notice 1814-1 - Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. Various other issues were also addressed.
f190a7e65629b41a85f0c9413fd7ff9f3b06f8eff81bc396954d9283c0bdaee7WordPress Advanced XML Reader plugin version 0.3.4 suffers from a XXE (XML eXternal Entity) injection vulnerability.
8f00f9b3232481b2651bd135bbb4cc1f273adbf09d9d0da522f46d08d53f898bD-Link DNS-323 suffers from remote arbitrary file upload, directory traversal, and command execution vulnerabilities.
73e321a17a925589691872d4a616ae300aabc4641e22fad215bbb2024c010d77Ubuntu Security Notice 1813-1 - Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. Various other issues were also addressed.
7368544c5098614eb7828d10406f265200161e116ca06333c37dd23d862edf27Ubuntu Security Notice 1815-1 - Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. Andy Lutomirski discovered a privilege escalation in the Linux kernel's user namespaces. A local user could exploit the flaw to gain administrative privileges.
d7e3f35ae144f5755ed1c27567bd8f421a30bbc3f32a069ad759830fde991224Oracle Database 11g suffers from a null pointer denial of service vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
7366e77f697aca2ecdba7bfb457e1fe1dfc05c93aea874d256f1f2686baea2f7Oracle Database 11g suffers from a denial of service vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
60d5de1a200f206f295e52a01fff891d50942ff110a36d295495ac71804abc8bOracle Retail Integration Bus versions 13.0, 13.1, and 13.2 suffer from a directory traversal vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
6f8a1120d684841ffb90bdd49168f11bb340737bbffc7f5797135391c8ec0273Oracle Retail Central Office versions 13.1, 13.2, 13.3, and 13.4 suffer from a remote SQL injection vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
2c7f0ba82ee179931a11ce83af0f1a97529fbc3be8c23d3c8637508876d2767aBeat Websites version 1.5 suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
714331b1b42de4cf2cee24fb227a4e19dde980c09f152c2ef53bc58c1d6e51a6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed