The node secret in various RSA products was stored using an encryption key and encryption algorithm that is no longer considered effective by RSA standards. An attacker could potentially exploit this to eavesdrop on or modify network communications.
aa93da7ec23c1eb57fcf8e9e3d4836c3
A vulnerability exists in EMC VNX and EMC Celerra Control Station that could result in elevation of privileges by a lower level administrator with access to the system.
f288fa1145143aa5ddc94d8b28db24b4
Ubuntu Security Notice 1831-1 - Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk.
e82abfcead537fff44e6ad855f77d37a
Red Hat Security Advisory 2013-0831-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd services until libvirtd is restarted.
85f3fdaf74deffdfc7fd121735ba6287
Ubuntu Security Notice 1830-1 - Sam Stoelinga discovered that Keystone would not immediately invalidate tokens when deleting users via the v2 API. A deleted user would be able to continue to use resources until the token lifetime expired.
82566ef97744d2710d8171d67427267b
Red Hat Security Advisory 2013-0830-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.
7bb6dc79bc8e7ab3006a4f2c7b088e28
Call For Papers for the No cON Name 2013 conference. It will be held in Barcelona, Spain, from November 1st through the 2nd, 2013.
c5f2777c4f07f203ffb5ba99626e3fec
This whitepaper discusses the security of Apple iOS with particular focus on its usage in the workplace.
b36063ebf62406da23afbad2ef455be1
Ubuntu Security Notice 1829-1 - Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
ff3a0e9be566d64fd676635ebcfc874b
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
bfc33a0a53127ca7ded55c5f0c3c05ab
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
957faf1bb4d106c6a10bb8aad6256832
Debian Linux Security Advisory 2669-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
e762497d8e6cf9758f4005bbd356f707
This document is not intended to be a definitive guide, but more of a review of specific security issues resulting from the use of HTML 5.
419f5768fc2814c6e1eeaa774ba42148
This Metasploit module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root privileges. In order to exploit the vulnerability a valid user (any role) in the web frontend is required. The module has been tested successfully on the Mutiny 5.0-1.07 appliance.
bcc22eb78076b724aa40a0672ea3118a