HP Security Bulletin HPSBUX02963 SSRT101297 2 - A potential security vulnerability has been identified with HP-UX's m4(1) macro processor command. The vulnerability could be exploited locally resulting in unauthorized access. Revision 2 of this advisory.
59c2099bd84ba67d08b22cdb56812971e7ee08d98025ea91319d22b2fd53b979
Onapsis Security Advisory - An information disclosure exists in SAP Software Lifecycle Manager. SAP Solution Manager version 7.1 is affected.
66175ddf4ff1b483f9589574588c2c2d8333d5951f8f26a85a6a946dc17690be
TRENDnet TEW-634GRU version 1.00.23 suffers from local file disclosure, router crash, and privilege escalation vulnerabilities.
38342dcf82a4e158add2c032f5e76a186438778accbb57fe5bb4c316489090c3
NTP ntpd monlist query reflection denial of service exploit.
fc458431c984a824aac0863ef7422ed300c3dc830b42f819b52b5db6f76ba518
McAfee ePolicy Owner (ePowner) version 0.1 is an exploit that can add an administrative user to McAfee ePolicy Orchestrator as well as execute arbitrary commands on versions 4.6.0 through 4.6.5.
0d651b0edd706e44bde243c2797b7f496490b9316136b12f61d3d2aa3d0e1523
Symantec Endpoint Protection Manager version 12.1.2015.2015 SEH overflow proof of concept exploit.
8bee128e1781c61bead3c3b0efa4f85a7a42194ff51d0beaf8d2d0e973d01216
HP Security Bulletin HPSBMU03022 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 1 of this advisory.
7c7a616ea0bc1d238574c012deee840077e6027ee20c991b2e71a95cc720bf18
HP Security Bulletin HPSBMU03025 - A potential security vulnerability has been identified in HP Diagnostics running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
347c3c86c55fb210fc9799ac5fef38c3c769fb03d47928b50b4baa56fdb9121f
HP Security Bulletin HPSBGN03010 2 - A potential security vulnerability has been identified in HP Software Server Automation running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.
5d03cfbf9506cfa5ffba29cb25add2ed339e9a76c30ccf4b7e8a326e25adf64b
HP Security Bulletin HPSBMU02995 6 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol.
a16128da2b79c4167b73519c5aa603028d61b3670cd39f820ab4f7d536462f45
Debian Linux Security Advisory 2917-1 - John Lightsey of the Debian Security Audit project discovered that the super package did not check for setuid failures, allowing local users to increase the privileges on kernel versions which do not guard against RLIMIT_NPROC attacks.
e0476131e071183f506462ecceda9739dfc04884d9904a2c1bdd34573468feae
Debian Linux Security Advisory 2916-1 - Alex Chapman discovered that a buffer overflow in processing "MMS over HTTP" messages could result in the execution of arbitrary code.
b98c02efa33ad151d06db39badeaf7597e398a418c2631e736133f390348bf39
Debian Linux Security Advisory 2915-1 - Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package - leading to the creation of files outside the directory of the source being unpacked.
859d36f5c8dbbb0f25181d9f7ae180b3b816a16350c962858405417b686e0242
Red Hat Security Advisory 2014-0441-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.
76d13db51b4045a6c0f2480a10421f2b9d3e34717be95ac5e1153a50ab90035b
Red Hat Security Advisory 2014-0440-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.
8a92a7112ff8929cffa301f60b1e4e60c37e9603b197a23ec374b5be691ea107
Red Hat Security Advisory 2014-0439-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A denial of service flaw was found in the way the Linux kernel's IPv6 implementation processed IPv6 router advertisement packets. An attacker able to send a large number of RA packets to a target system could potentially use this flaw to crash the target system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system.
2b623200e0a9ae6450a12d72a8175b17fe8b289abc75e214b50cd7e3b3ee735b
Debian Linux Security Advisory 2913-1 - An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.
d394e08c70f78f10ec9cd82c86a33e9f0cbfa6cc31f0ca140dbf37e345337995
Debian Linux Security Advisory 2914-1 - An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.
246d8804c5c7645744ef8f11ef9cd8acadbd918b3d44f0b1af1fb7a5b3520249
Ubuntu Security Notice 2182-1 - Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net MAC addresses. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Various other issues were also addressed.
9700f1e369f6c75392ba440defb4087b4a9b1b71d9338c9338c67279882a6a1e
Ubuntu Security Notice 2183-1 - Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
8d3851678414f8bc3ad88106e10038b6b01d7a3dd84c9b1c2b73fac8076b184f
Cells Blog version 3.4 suffers from a cross site scripting vulnerability.
ac38eaafb762b8cd9ec3b83028d2896357b2d5a6ff887d5e608437f19de3ff8e
TILT is a tool written in python that performs simple recon jobs against a given host.
7650ecfc159019f337cfedb9c433953f434bc3023e343c316fa0f81082d2e29a
CalendarScript version 3.2.1 suffers from a remote password disclosure vulnerability. Note that this finding houses site-specific data.
2e13799d7288e78b76f6fa3dbafdf7e565429515f7fc0f98fd86950948824f2d
Adem version 0.5.1 suffers from a local file inclusion vulnerability.
5490331b8db5b36ceac02b07263b7087277af584b62dbd78bccb2cfc1a49abbc
Kmplayer versions 3.8.0.122 and 3.8.0.123 suffer from a dll hijacking vulnerability.
4f4e9badb8f84d790e98982d772cc340148cbc9c1495f5667c8e623b4e81ca66