Ubuntu Security Notice 2161-1 - Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Ivan Fratric discovered that libyaml-libyaml-perl incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
40ba76175d55d2cd3a01708a25f19c6fad7553363aaf45f025c92809f7375e03HP Security Bulletin HPSBHF02981 - A potential security vulnerability has been identified in HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4). The vulnerability could be exploited to allow an attacker to gain unauthorized privileges and unauthorized access to privileged information. Revision 1 of this advisory.
5ea0494629de01edae0a6065171716d3b43bdb84b9247ee48f2b98599d24cad6Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
bb059b58acc01bcb7eab1444c843d035121f4df8e7ef1df3e0656692412e1287CA Technologies Support is alerting customers to multiple vulnerabilities with CA Erwin Web Portal version 9.5. The vulnerabilities occur due to insufficient path verification. A remote unauthenticated attacker can use directory traversal attacks to gain sensitive information, cause a denial of service condition, gain additional access, or potentially execute arbitrary code.
1fa77a7f3fc523298c5d236fa24d1b5a144393aef591858b7d37f886f4712e9cRed Hat Security Advisory 2014-0374-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.2.1 serves as a replacement for Red Hat JBoss Data Grid 6.2.0. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.2.1 Release Notes.
4fcf60b8261c41c040f82fb1df7b3976a270c863be2321569e155eae8c02a69ePrivate Photo+Video version 1.1 Pro for iOS suffers from a persistent cross site scripting vulnerability.
598bdc7413cd5595a64c028dabcb486616f1987e973aaa097b25e4d3c51e5c1bMA Lighting Technology grandMA onPC version 6.808 is exposed to a remote denial of service issue when processing socket connection negotiation. This issue occurs when the application handles a single malformed packet over TCP port 7003, resulting in a crash.
1d85de1ce8040c6d45a103d51029790fa8c1838d9264532526cc629595516360FortiADC version 3.2 suffers from a cross site scripting vulnerability.
30f1d853ff50f0ccf128b6b78ca4b1fafbe53ac7827269ea0926ae1f3c959168Red Hat Security Advisory 2014-0373-01 - JBoss Web Server is an enterprise ready web server designed for medium and large applications, and is based on Tomcat. JBoss Web Server provides organizations with a single deployment platform for Java Server Pages and Java Servlet technologies, PHP, and CGI. It uses a genuine high performance hybrid technology that incorporates the best of the most recent OS technologies for processing high volume data, while keeping all the reference Java specifications. Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to servlets and web applications.
2c709527d60e25bda2422d453c660f6900578eae1644bbfb89c6ec9545133888Red Hat Security Advisory 2014-0372-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.1 serves as a replacement for Red Hat JBoss BRMS 6.0.0, and includes bug fixes and enhancements.
577002c736b2df2c0050d3e19a92808a039cee26aa4b4c483da50f9877b40914Ubuntu Security Notice 2160-1 - Ivan Fratric discovered that LibYAML incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code.
3509d711f01e385958d4ad94df9fc129682d708e1738cb2c9a240bb5354d1c45Red Hat Security Advisory 2014-0371-01 - Red Hat JBoss BPM Suite is a business rules management system for the management, storage, creation, modification, and deployment of JBoss rules. This release of Red Hat JBoss BPM Suite 6.0.1 serves as a replacement for Red Hat JBoss BPM Suite 6.0.0, and includes bug fixes and enhancements.
99885327df8a85809381376bd6e2bb53cdb5341de4df4c673c82671d34d1a452Red Hat Security Advisory 2014-0370-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
23c24f50fdf21ed836e93f9e4ec870aa900cb7955737b9c8d2d63e617c9d99efRed Hat Security Advisory 2014-0369-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
48cf3598512a313242cb90a3736d7889382e931ae4d7eb28d6afcccddcb006f7This Metasploit module exploits the trusted $PATH environment variable of the SUID binary "ibstat".
51da38d4ecfc882e0f9edee386884cfd71707197a3535e673abb6fa3c9ec49dbSysdig captures system calls and other system level events using a linux kernel facility called tracepoints, which means much less overhead than strace. It then "packetizes" this information, so that you can save it into trace files and filter it, a bit like you would do with tcpdump. This makes it very flexible to explore what processes are doing. Sysdig is also packed with a set of scripts that make it easier to extract useful information and do troubleshooting.
5a4efb7887fccb3234190f76ab4e2322de7ea159f7ddf7d44de14a91b6f207a3Microsoft Outlook versions 2007 through 2013 suffer from a denial of service vulnerability.
6eca607c56b006c4f7b78e49106b52630cdb96b46ad746d45698cc710486021eRed Hat Security Advisory 2014-0368-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication including user name and password credentials, token-based systems, and AWS-style logins. It was found that the ec2token API in keystone, which is used to generate EC2-style credentials, could generate a token not scoped to a particular trust when creating a token from a received trust-scoped token. A remote attacker could use this flaw to retrieve a token that elevated their privileges to all of the trustor's roles. Note that only OpenStack Identity setups that have EC2-style authentication enabled were affected.
664967c649f1a950ab8e7192f7523f64c4e422717a57fbd90fe666ab47fb3976Red Hat Security Advisory 2014-0367-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A timing attack flaw was found in the way the swift TempURL middleware responded to arbitrary TempURL requests. An attacker with knowledge of an object's name could use this flaw to obtain a secret URL to this object, which was intended to be publicly shared only with specific recipients, if the object had the TempURL key set. Note that only setups using the TempURL middleware were affected.
78f1b540c0c847a43548ff429db2dc3a092e9d896f17cfe1e4093716cabd0252Red Hat Security Advisory 2014-0366-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. A flaw was found in the way the libvirt driver handled short-lived disk back-up files on Compute nodes. An authenticated attacker could use this flaw to create a large number of such files, exhausting all available space on Compute node disks, and potentially causing a denial of service. Note that only Compute setups using the libvirt driver were affected.
47ba1801dc83624fbf50ee613dc304783f073a7e15da7d1c8b3e00d2c2e29650Red Hat Security Advisory 2014-0365-01 - OpenStack Dashboard provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A flaw was found in the way OpenStack Dashboard sanitized the Instance Name string. By embedding HTML tags in an Instance Name, a remote attacker could use this flaw to execute a script within a victim's browser, resulting in a cross-site scripting attack. Note that only setups using OpenStack Dashboard were affected.
29fc0fcdcb2c8addcf4972400ab3addbaec6c74335e19a5d866d45f3125815b8Red Hat Security Advisory 2014-0364-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. A buffer overflow flaw was found in the way the libyaml library parsed URLs in YAML documents. An attacker able to load specially crafted YAML input to an application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An integer overflow flaw was found in the way the libyaml library handled excessively long YAML tags. An attacker able to load specially crafted YAML input to application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
ce729a29b9bebd731354b0823cc4922bd495122b3272c5b2dc706dd96eb50c12Oracle Identity Manager version 11g R2 SP1 (11.1.2.1.0) suffers from an unvalidated redirect vulnerability.
448648d9c9455c65f7634ce01453a90dccfc315fbdcd51f5d3b99558048a7446
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed