Yealink VoIP phone version SIP-T38G suffers from a remote command execution vulnerability.
fb2d80104f51da4001d9597a2f431e1b861c30293aeaced550b6f80f066ce184
Yealink VoIP phone version SIP-T38G suffers from a local file inclusion vulnerability.
cdc9dbf82ea7c6a98f1f7d9faad5ded1b55062cea0fa71540e7fd8b59aaaa707
Yealink VoIP phone version SIP-T38G suffers from having default credentials that are also easily guessable.
c72f40bbfb9a4b85330815612963afc4e28e8964dcbb6b15b66483af237fa725
Yealink VoIP phone version SIP-T38G suffers from a remote privilege escalation vulnerability that gains a root shell.
7c44a1a9f61f69ae042bf1629987bc2859ef4cae78be693127d1d81214dfd2ce
Apache Hive version 0.13.0 suffers from an authorization failure issue. In SQL standards based authorization mode, the URIs used in Hive queries are expected to be authorized on the file system permissions. However, the directory used in import/export statements is not being authorized.
61ed4103a143c74a694ee44973c4370db7fea80bb79bfce00f4a89e58f49ccb0
Asterisk Project Security Advisory - When a SIP transaction timeout caused a subscription to be terminated, the action taken by Asterisk was guaranteed to deadlock the thread on which SIP requests are serviced. Note that this behavior could only happen on established subscriptions, meaning that this could only be exploited if an attacker bypassed authentication and successfully subscribed to a real resource on the Asterisk server.
e21cdaf3769c98aa4d94fbad230c4dee902998f19cff528885690e12ebe7363a
Asterisk Project Security Advisory - Establishing a TCP or TLS connection to the configured HTTP or HTTPS port respectively in http.conf and then not sending or completing a HTTP request will tie up a HTTP session. By doing this repeatedly until the maximum number of open HTTP sessions is reached, legitimate requests are blocked.
e6779aabe2219ce71ab967736150fa4798031e2d5a8f66d132a104297bd2b824
Asterisk Project Security Advisory - Manager users can execute arbitrary shell commands with the MixMonitor manager action. Asterisk does not require system class authorization for a manager user to use the MixMonitor action, so any manager user who is permitted to use manager commands can potentially execute shell commands as the user executing the Asterisk process.
930cf84fa176bf5c4db20b34cce8c5d33a35ed70742265a86ef2b9f3ab699974
Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver's pub/sub framework. If an attempt is made to unsubscribe when not currently subscribed and the endpoint's "sub_min_expiry" is set to zero, Asterisk tries to create an expiration timer with zero seconds, which is not allowed, so an assertion raised.
6b85765fc735a00c686484dac76731431461bf16a925d2e52ab0d28b8d4331fe
HP Security Bulletin HPSBUX03046 SSRT101590 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access. Revision 1 of this advisory.
d75f304dc6572576f762b5741032d4dc9efdd2bc7c88b604e7c4c29467b6abe9
HP Security Bulletin HPSBST03016 4 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.
c824c58a9d51692dcb8aa9df7c86fb0c1822c96d29fe3b750299904ddbb92a55
Debian Linux Security Advisory 2958-1 - Jakub Wilk discovered that APT, the high level package manager, did not properly perform authentication checks for source packages downloaded via "apt-get source". This only affects use cases where source packages are downloaded via this command; it does not affect regular Debian package installation and upgrading.
19296d16249771950faaee28768d0a874401c3af83973d3af7aa27529ec405ce
Debian Linux Security Advisory 2957-1 - Omer Iqbal discovered that Mediawiki, a wiki engine, parses invalid usernames on Special:PasswordReset as wikitext when $wgRawHtml is enabled. On such wikis this allows an unauthenticated attacker to insert malicious JavaScript, a cross site scripting attack.
19b4e0e8cff7a78116f8653d8bbc33fdb71622b5dead1492c49e96bcb9629e9f
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
917831245636b0494aead175e3a3bcce86546142c7f17d17b69b3c2a8be81145
PostgreSQL versions 8.4.1 suffer from a JOIN hashtable size integer overflow denial of service vulnerability.
9db855da789a69d025877c1caa3bc529eab23d8f2f93cbb52a56e90ac26c8bba
Yealink VoIP Phones suffer from CRLF injection and cross site scripting vulnerabilities. This affects firmware version 28.72.0.2 and hardware version 28.2.0.128.0.0.0.
5877e5e599e1ec8f3252efb057e48af4340a62c662c79b06e1baef4de7a15174
Ubuntu Security Notice 2232-2 - USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem.
d49b4026ed9759b0d6b4bb639439c57eca0db6792111a2adef6eb775ea9133f0
Ubuntu Security Notice 2245-1 - Florian Weimer discovered that json-c incorrectly handled buffer lengths. An attacker could use this issue with a specially-crafted large JSON document to cause json-c to crash, resulting in a denial of service. Florian Weimer discovered that json-c incorrectly handled hash arrays. An attacker could use this issue with a specially-crafted JSON document to cause json-c to consume CPU resources, resulting in a denial of service. Various other issues were also addressed.
a57ea49884c6cf0f8ea45672c161cc7b8c6f2ed0c6eee532aa167162dcba60d9
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
e74e97acc0d02ba2701034c10231edd9ae527398c25e6f1c669109f614c933ca
ZTE and TP-Link RomPager denial of service exploit. Written in Python.
b847f56fc5a8eaa3c354049c5a4f08bba8048b56a1c096a063b2c0489b2dacdc
Core FTP LE version 2.2 suffers from a heap overflow vulnerability.
ead49735f50318542245f54c6d25ec0dd04028d80682db796236c4da0d1082ff
Plesk versions 10.4.4 and 11.0.9 XXE injection exploit.
a888af2afa6a4a2e8c49d9d0384d86c3420acad12ed0440f2a3ebf119774860e
SHOUTCAST DNAS version 2.2.1 suffers from a persistent cross site scripting vulnerability.
3080f8605c59820781061cf338116d804dc3126e08515ae5237e279c5e6ded98