dompdf version 0.6.0 suffers from an arbitrary file read vulnerability.
92b8dc520430a9519be7065511e00f1c9c0dee972e93abecf56f7088fcb5f2e8AirPhoto WebDisk version 4.1.0 for iOS suffers from a code execution vulnerability.
a1802ada857397a36c3e6ffcb26134d37823d23882870916c1a0875bf24f7c32WD Arkeia Virtual Appliance versions 7.0.3 up to 10.2.8 suffer from directory traversal and remote command execution vulnerabilities.
a5c1ac710642d9616ae3b1411b3ca389b79ab289df5d221a1dd9075170dfe6ddApple Security Advisory 2014-04-22-4 - AirPort Base Station Firmware Update 7.7.3 is now available and addresses a security issue. An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue.
bcc954ff6dd3f9af4c693d79f9c6375e2c876b9ed219f2665051d932f95aacd7HP Security Bulletin HPSBMU02997 2 - A potential security vulnerability has been identified with HP Smart Update Manager (SUM) running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
3c1260054506cccf56c662aed65a41072f7aceddc27835d4b72e40530eebe442HP Security Bulletin HPSBMU02995 5 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 5 of this advisory.
a4a725dc86600a76fe72f0bf00f2ab20733261da69bfce0f5da2a32ccbe486baHP Security Bulletin HPSBMU03013 - A potential security vulnerability has been identified with WMI Mapper for HP Systems Insight Manager running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
798dc254a3e05f1bc968d822959d055dbfc4ed5738051985bb5e2b576000ffeaHP Security Bulletin HPSBST03015 - A potential security vulnerability has been identified with HP 3PAR OS running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
a356840cc2062366e3d3a806cf95c23b8bc14bb933a9885433db2a95e65058b9HP Security Bulletin HPSBST03000 - A potential security vulnerability has been identified with HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
b4a9f6460a61443cfad89a4d3a83b40a6e8ce7136d4eb2256816beb2249053b6Debian Linux Security Advisory 2808-2 - A regression in the decoding of chroma-subsampled images in OpenJPEG was introduced by one of the patches for CVE-2013-6045. This update fixes the regression.
1bc3eab48bad3d51925ad946a04bd55fe7f01aa46ae1463d05f210f1766a0cd6Red Hat Security Advisory 2014-0423-01 - The openshift-origin-broker package provides the OpenShift Broker service that manages all user logins, DNS name resolution, application states, and general orchestration of the applications. The rubygem-openshift-origin-auth-remote-user package provides the remote user authentication plug-in. A flaw was found in the way openshift-origin-broker handled authentication requests via the remote user authentication plug-in. A remote attacker able to submit a request to openshift-origin-broker could set the X-Remote-User header, and send the request to a passthrough trigger, resulting in a bypass of the authentication checks to gain access to any OpenShift user account on the system.
f598489c43378ab1d4e656502a914e058b9c591b74e6b3a5a7c8e9656ca0e1afRed Hat Security Advisory 2014-0429-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests. It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default.
53023a6197bb41566dbc8326d3498e9cbd804c10d6c95d86d54a9306d223e308Red Hat Security Advisory 2014-0422-01 - The openshift-origin-broker package provides the OpenShift Broker service that manages all user logins, DNS name resolution, application states, and general orchestration of the applications. The rubygem-openshift-origin-auth-remote-user package provides the remote user authentication plug-in. A flaw was found in the way openshift-origin-broker handled authentication requests via the remote user authentication plug-in. A remote attacker able to submit a request to openshift-origin-broker could set the X-Remote-User header, and send the request to a passthrough trigger, resulting in a bypass of the authentication checks to gain access to any OpenShift user account on the system.
4bdc39e07f063683224e2c5b173c10db71b79172f5adf98767338f036c361d58Ubuntu Security Notice 2171-1 - Ryan Finnie discovered that the rsync daemon incorrectly handled invalid usernames. A remote attacker could use this issue to cause rsync to consume resources, resulting in a denial of service.
0b1c668afcf8f71fe601b80a142200db900ad136a0a5a4324761377608a25f9bUbuntu Security Notice 2170-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.37. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
e140fefd327b538d55d3d3fbbb2f2edf4b723ccfd0b982527b9e75360f6c3655Ubuntu Security Notice 2169-2 - USN-2169-1 fixed vulnerabilities in Django. The upstream security patch for CVE-2014-0472 introduced a regression for certain applications. This update fixes the problem. Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. An attacker could possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions. Michael Koziarski discovered that Django did not always perform explicit conversion of certain fields when using a MySQL database. An attacker could possibly use this issue to obtain unexpected results. Various other issues were also addressed.
a7b08008b8314bc324c3bac2dbe355fbb780f90950b9918e89cde30052b8e26eLivetecs Timelive version 6.2.71 suffers from a remote unauthenticated file upload vulnerability.
f0f158d3d96e8565d4d53985dbdba9b7555117f47cba41615212e13defff7250Livetecs Timelive version 6.2.71 allows for unauthenticated access to sensitive information and functionality.
02948c7c609981d9edad0e2356e60853025842a2c999894107dc2ee9fa7d11baCMS Softgov suffers from a cross site scripting vulnerability.
a250266e77b7973f183925e4e68325b67a7d54597807f8ba13e33daa4f3c4ffaThis is a shell script that uses unicornscan, the heartbleed proof of concept, nmap, and various other tools in order to do a mass scan for vulnerable SSL instances.
3d5d5d98ca65a01f362846317f934b92ff5da2da31a106a1dbb6210210922bc9IBM Server RAID Manager Browser Edition version 1.2 suffers from a remote blind SQL injection vulnerability.
d8f87ec4a9233f7fa59befd16e4c3d3bf7213674c7527531b03d9b76e5b42d2eBleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
b9dd8ee3053813f5ff75d34d8e0f41a37a3efeac003a6ab767604dd17a77f4ffApple Security Advisory 2014-04-22-3 - Apple TV 6.1.1 is now available and addresses vulnerabilities related to credential compromise, ASLR bypass, code execution, and more.
d81613426a53f674f7139c2f7f48ccd2a036e3b91520029902421cb35746ef3eApple Security Advisory 2014-04-22-2 - iOS 7.1.1 is now available and addresses vulnerabilities in IOKit Kernel, CFNetwork HTTPProtocol, Secure Transport, and WebKit.
f28da37ecb5c5cd5e4f54bd76a029ed17595e3d1258104a49dc05c23ee23660bApple Security Advisory 2014-04-22-1 - Security Update 2014-002 is now available and addresses vulnerabilities in CFNetwork HTTPProtocol, CoreServicesUIAgent, FontParser, Heimdal Kerberos, ImageIO, Intel Graphics Driver, IOKit Kernel, the kernel, power management, Ruby, and more.
9bfdfa84c349e009ae9cfd6999bec5ea1e79b30268900ea21bdf77c411c8ff36
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed