all things security
Showing 1 - 22 of 22 RSS Feed

Files Date: 2014-06-12

Cisco Security Advisory 20140611-ipv6
Posted Jun 12, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the parsing of malformed Internet Protocol version 6 (IPv6) packets in Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a Network Processor (NP) chip and a line card processing traffic. Only Trident-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected by this vulnerability. The vulnerability is due to insufficient logic in parsing malformed IPv6 packets. An attacker could exploit this vulnerability by sending a stream of malformed IPv6 packets to the affected device. An exploit could allow the attacker to cause a lockup and eventual reload of an NP chip and a line card, leading to a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco, osx
MD5 | 511cbb05a3c390d7350289c392184de7
Debian Security Advisory 2955-1
Posted Jun 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2955-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflows may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-1533, CVE-2014-1538, CVE-2014-1541, CVE-2014-1545
MD5 | d23097cd6efcec264ff1ca69680d3a1c
Debian Security Advisory 2956-1
Posted Jun 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2956-1 - Multiple security issues have been found in the Icinga host and network monitoring system (buffer overflows, cross-site request forgery, off-by ones) which could result in the execution of arbitrary code, denial of service or session hijacking.

tags | advisory, denial of service, overflow, arbitrary, csrf
systems | linux, debian
advisories | CVE-2013-7106, CVE-2013-7107, CVE-2013-7108, CVE-2014-1878, CVE-2014-2386
MD5 | 3a510a9b313af02e20e22f1497106089
Mandriva Linux Security Advisory 2014-122
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-122 - The chkrootkit script contains a flaw that allows a local attacker to create an executable in /tmp that will be run by the user running chkrootkit, allowing the attacker to escalate privileges.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-0476
MD5 | a7b15f5574dbc894fe5027796b119c57
Mandriva Linux Security Advisory 2014-123
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-123 - Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity keys and hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2013-7295, CVE-2014-0160
MD5 | 6fe7f133cb56a9958b9c86a2d7d60ff9
HP Security Bulletin HPSBMU03045
Posted Jun 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03045 - A potential security vulnerability has been identified with HP Service Virtualization, running the AutoPass license server. The vulnerability could be exploited remotely to allow code execution. Revision 1 of this advisory.

tags | advisory, code execution
advisories | CVE-2013-6221
MD5 | 8888a92a06a6568e65abf03f3d7e3483
IBM AIX 6.1.8+ Privilege Escalation
Posted Jun 12, 2014
Authored by Tim Brown | Site portcullis-security.com

IBM AIX versions 6.1.8 and later suffer from a local privilege escalation vulnerability in libodm due to an arbitrary file write.

tags | exploit, arbitrary, local
systems | aix
advisories | CVE-2014-3977
MD5 | 319e4008a767f106fb7dc54a17237ed2
EDSC 2014 Call For Papers
Posted Jun 12, 2014
Site edsconf.com

EDSC is an annual security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded systems testing is a rapidly expanding area of the security industry and staying current is important for engineers, researchers, and testers alike. EDSC brings the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research. This year's conference will be held at EM Fine Art in Seattle, providing a unique conference experience in the heart of South Lake Union. The conference is limited to 120 attendees and takes place November 20th through the 21st, 2014.

tags | paper, conference
MD5 | 7e62d1777372978c07da5e066a22a2f3
Mandriva Linux Security Advisory 2014-121
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-121 - It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2014-3775
MD5 | 0f4ec4973c48ac6e523170c4e7dd608b
Mandriva Linux Security Advisory 2014-119
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-119 - XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this could potentially lead to an XSS crossing a privilege boundary.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3966
MD5 | 03a0a7a9c70d9cff15822f9ed7cf0dc7
Mandriva Linux Security Advisory 2014-117
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-117 - capng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, as uid 0 but without capabilities, which is potentially dangerous.

tags | advisory, root
systems | linux, mandriva
advisories | CVE-2014-3215
MD5 | 1386b3e50aceea3aa7590f91dc3a428e
Mandriva Linux Security Advisory 2014-116
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-116 - A flaw was found in the way file's Composite Document Files format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the info from the same offset. This led to many file_printf() calls in cdf_file_property_info(), which caused file to use an excessive amount of CPU time when parsing a specially-crafted CDF file. A flaw was found in the way file parsed property information from Composite Document Files files. A property entry with 0 elements triggers an infinite loop.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-0237, CVE-2014-0238
MD5 | af250ca605e6a6a97f0f8a45b2e62f88
Mandriva Linux Security Advisory 2014-115
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-115 - A flaw was found in the way file's Composite Document Files format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the info from the same offset. This led to many file_printf() calls in cdf_file_property_info(), which caused file to use an excessive amount of CPU time when parsing a specially-crafted CDF file. A flaw was found in the way file parsed property information from Composite Document Files files. A property entry with 0 elements triggers an infinite loop. PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to this issue. It has been updated to the 5.5.13 version, which fixes this issue and several other bugs. Additionally, php-apc has been rebuilt against the updated php packages.

tags | advisory, php
systems | linux, mandriva
advisories | CVE-2014-0237, CVE-2014-0238
MD5 | 55e52205ade486d622ae7dfc25d2574e
Mandriva Linux Security Advisory 2014-114
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-114 - Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled.

tags | advisory, web, denial of service
systems | linux, mandriva
advisories | CVE-2014-0128
MD5 | 8a3c82135d956a87596a9ab49a9f3b43
Mandriva Linux Security Advisory 2014-113
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-113 - Multiple vulnerabilities has been discovered and corrected in python-django. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability, python
systems | linux, mandriva
advisories | CVE-2014-0472, CVE-2014-0473, CVE-2014-0474, CVE-2014-1418, CVE-2014-3730
MD5 | 59290f269980e186220a833f9283a5b3
Red Hat Security Advisory 2014-0745-01
Posted Jun 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0745-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-16, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2014-0531, CVE-2014-0532, CVE-2014-0533, CVE-2014-0534, CVE-2014-0535, CVE-2014-0536
MD5 | e63c45fdc3987267cf719a870ec00abd
Red Hat Security Advisory 2014-0748-01
Posted Jun 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0748-01 - Jinja2 is a template engine written in pure Python. It provides a Django-inspired, non-XML syntax but supports inline expressions and an optional sandboxed environment. It was discovered that Jinja2 did not properly handle bytecode cache files stored in the system's temporary directory. A local attacker could use this flaw to alter the output of an application using Jinja2 and FileSystemBytecodeCache, and potentially execute arbitrary code with the privileges of that application. All Jinja2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications using Jinja2 must be restarted.

tags | advisory, arbitrary, local, python
systems | linux, redhat
advisories | CVE-2014-1402
MD5 | 16ff8116a513ddc8025ddd5fa36443fe
Red Hat Security Advisory 2014-0747-01
Posted Jun 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0747-01 - Jinja2 is a template engine written in pure Python. It provides a Django-inspired, non-XML syntax but supports inline expressions and an optional sandboxed environment. It was discovered that Jinja2 did not properly handle bytecode cache files stored in the system's temporary directory. A local attacker could use this flaw to alter the output of an application using Jinja2 and FileSystemBytecodeCache, and potentially execute arbitrary code with the privileges of that application. All python-jinja2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications using python-jinja2 must be restarted.

tags | advisory, arbitrary, local, python
systems | linux, redhat
advisories | CVE-2014-1402
MD5 | 20e9aa33d5fc70093d8c00e7cf64469f
Ubuntu Security Notice USN-2244-1
Posted Jun 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2244-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3984
MD5 | 0f5a210ad8b5c4fed70d4a30ccb1eb1d
Ubuntu Security Notice USN-2243-1
Posted Jun 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2243-1 - Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor Wagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1533, CVE-2014-1534, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, CVE-2014-1540, CVE-2014-1541, CVE-2014-1542
MD5 | 5a47ac2f5973933854c4c281ebc41be9
Mandriva Linux Security Advisory 2014-120
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-120 - The miniupnpc library before 1.9 may be vulnerable to a denial of service due to a buffer overrun that can be triggered by something on the network.

tags | advisory, denial of service, overflow
systems | linux, mandriva
MD5 | e150f2ea03996dc112e728c875c49bd2
Mandriva Linux Security Advisory 2014-118
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-118 - Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-3421, CVE-2014-3422, CVE-2014-3423
MD5 | 8028fef8f15ba54a3b705c9791b19931
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close