Cisco Security Advisory - A vulnerability in the Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security Router could allow an unauthenticated, remote attacker to gain root-level access to an affected device. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.
f2904214edf565450c46b33ee605148c5e29f09f71f311bf295142aa6102eca1Debian Linux Security Advisory 2840-1 - Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. A remote attacker could exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service.
7a4e6e3edbabd53c7021a5f4ea2490aa91c3d510fd476c8a0afd8ec7c592ac90Gentoo Linux Security Advisory 201401-7 - Multiple Denial of Service vulnerabilities have been found in libxslt. Versions less than 1.1.28 are affected.
f23dd72c3b893d110a45c420e9dac3a0ca04e3ad16ed8dc28007045c29b7bbf2Gentoo Linux Security Advisory 201401-6 - A stack-based buffer overflow in Git might allow a local attacker to gain escalated privileges. Versions less than 1.7.2.2 are affected.
0078fd3cb1b2ce989ded157fb1594874759fe92f440b59fbaf7e69d2366bd48bRed Hat Security Advisory 2014-0018-01 - The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
0f840c2a80d469348a2f0f6db12138d55905de6840034df20511234afa0c5b66Conceptronic camera CIPCAMPTIWL with firmware 21.37.2.49 suffers from a cross site request forgery vulnerability.
c936953abc9b003cdedd3e88f2c0d79e0d4917e23725676c6212ee65de3ad7d4The Joomla Aclassfb component suffers from a remote shell upload vulnerability.
9d0fb8ff59906454f8f77b6cd1a8d6cbd5c42f068d8b4fc058718a4e32f3316fvBulletin YUI version 2.9.0 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
70b04ec197f8e63c02b7663b1a4b2d9d18521f1c0c32ac2e1970802272e3fc06Lorex Security DVR systems suffers from an active-x related buffer overflow vulnerability.
a54d0f52ae58b40ee40061c7e9c569e51ba1726893d2ddd6e053141f37699907This Metasploit module will cause remote code execution on several SerComm devices. These devices typically include routers from NetGear and Linksys. Tested against NetGear DG834.
9b733578aa9b9d3b0e314171f950e5b06d7e37d888dc961f586106abfaaeedecOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5aLynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
78abf32de8ba0d0a67617e61fa1cb640b7508cd32d15ea092104768963766702Ubuntu Security Notice 2079-1 - Anton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Dmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS retransmissions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.
8b01c75a1f6dc71ca305dc74fc6913c030cad0950cfba7ec713698b31175de80WordPress NextGen Gallery plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
2048dd3332f93135c9fa534a0d715495878f18701186d45dda32ab9eff032a79The Joomla Melody component suffers from a cross site scripting vulnerability.
6102f20c0e44aa4040f3c629757e685bd0741d329ca67792e2fd597dab8e54adUbuntu Security Notice 2077-2 - USN-2077-1 fixed a vulnerability in Puppet. The upstream patch introduced a regression resulting in the default file mode being incorrect. This update fixes the problem. It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. Various other issues were also addressed.
5412352220a034db7b4522541d0173b31733bffdd5c28132671bce3335a562c7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed