D-Link DAP-1320 wireless range extenders suffer from cross site scripting and directory traversal vulnerabilities.
77b810526b2243160b03793dfdb3c3585e5ec7325808307c5d7dc5f0e4ec20bdF-Secure Messaging Security Gateway version 7.5.0.892 suffers from a reflective cross site scripting vulnerability.
1ebe4673c3131e4294001e8442564433f1c1492f36c6fab08541b4faaba0b2bbAIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
b375bd144b2f81ac70be343ff773bd7359c755f388f319524145505fb617fc64Nagios Remote Plugin Executor (NRPE) versions 2.15 and below suffer from a remote command execution vulnerability.
035764b6de0406994622b53a57f33221624085f4e55263d2f7452b0cfbc8b3edHP Security Bulletin HPSBMU02995 3 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 3 of this advisory.
86765e24d5fcb7d4170feb34ec2d8d7db6999d8047673df3d2fb46a973590cdbHP Security Bulletin HPSBMU02998 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
733ae6b6c797c2f872b96a8cfe71841d57f9fd119cfbb08abf8bc944a7445c49HP Security Bulletin HPSBGN03010 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
172c320e016b03571bbe375dc655cf8d96104b9638eb6a31af4da51d7f8d2058HP Security Bulletin HPSBMU02935 2 - Potential security vulnerabilities have been identified with HP LoadRunner Virtual User Generator. The vulnerabilities could be exploited to allow remote code execution and disclosure of information. Revision 2 of this advisory.
c17c49979c868c01c3de4db8eacd6549014a47f13c9b15385389dc06d3eacb41HP Security Bulletin HPSBMU02987 - A potential security vulnerability has been identified with HP Universal Configuration Management Database Integration Service. The vulnerability could be exploited to allow remote execution of code. Revision 1 of this advisory.
146b6c10aaae84fdd8c94f2074128e3d38ec819b17d443dbeec5d4e08d5f449cHP Security Bulletin HPSBMU02988 - A potential security vulnerability has been identified with HP Universal Configuration Management Database Integration Service. The vulnerability could be exploited to allow disclosure of information. Revision 1 of this advisory.
5cfdc87ca68bc3d113f239c5c7c951f574a2fc5614984e93389993becc828ef0HP Security Bulletin HPSBMU02982 - A potential security vulnerability has been identified with HP Database and Middleware Automation (DMA). The vulnerability could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.
b4e78fd8204d45695af10e5c2e77b2a9175a0c50fd21acb8579dcc925aaa1477HP Security Bulletin HPSBGN03008 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
dc12ff4b97cc7f7bde3e57c9bc930be617618f08358ac5d4132d942d76cef2c1HP Security Bulletin HPSBMU02996 - A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. This vulnerability could be remotely exploited resulting in unauthorized access or execution of arbitrary code. Revision 1 of this advisory.
832c5ff1a9d8afd2aacff0f24630f22290dc29524365a7b0173bb95574e49237Red Hat Security Advisory 2014-0412-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
14e6e30de1dd8d53d0118bd04bcdd0bae0938c861f8eebcd77cbd8be81d4fe4cRed Hat Security Advisory 2014-0413-02 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
36273595a316596e5e9c175f2af277f4b20df80c8667ad56d776f9fbe9258c28Red Hat Security Advisory 2014-0409-02 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. The gluster-swift component, provided by Red Hat Storage, requires the auth_token middleware. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.
debcf705b06b5d1037df044c9082983bed52386575c5808c293ec0369d358feaMandriva Linux Security Advisory 2014-079 - Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library. Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU.
283252a26796384c39dbaf9c5eebd109cce41ade7c0422b68ccb6e4ff62aa236Red Hat Security Advisory 2014-0416-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues: An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
0032421aec1d1d27f91354a5fea1ce01a8e83f64e4d39583854c2b9d91e466a1Red Hat Security Advisory 2014-0415-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. A buffer overflow flaw was found in the way the libyaml library parsed URLs in YAML documents. An attacker able to load specially crafted YAML input to an application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An integer overflow flaw was found in the way the libyaml library handled excessively long YAML tags. An attacker able to load specially crafted YAML input to application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
5fef5f073818707ceea9b7f87273bfe379b0a83bea50ee402ae2cf18c228dca7Red Hat Security Advisory 2014-0414-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section.
5b3fb26a72b3dc5b46c59de7a98419bcfae270b7312d42ac692372308de6f6a1CMSimple versions 4.4.2 and below suffer from a remote file inclusion vulnerability.
f91d039649d0d7455138e22a97cb9bbde986f51fffebbd0a62328e6e857ccbeaJzip version 2.0.0.132900 structured exception handler (SEH) unicode buffer overflow denial of service exploit.
a6e85747e12c5a2bb932271a468a9287a562d49c9948a9fb730c4886698b8934Poor treatment of file paths may lead to rogue binary execution in McAfee Security Scanner Plus.
1f27a310e8ba534f86eb471ef915bc94b1c682806e2c9e1eb7e4cbce7b1f69a1ASUS RT series of routers disclose administrative credentials.
8772a0c6d1603fbc6b5d100af4cf6abccf78190e836b3ada0d1b5bdd764b4937
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed