Ubuntu Security Notice 2311-1 - Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests.
105241bbb753224508871fe229922a8e366df3ce2dae5a0022eeaa4c5a037445
IBM Sametime Meet Server version 8.5 suffers from a reflective cross site scripting vulnerability.
e4d190702ff79740508c84c53897a8ccfa7a8e5c69de6ea78f5f8bdead6ace27
IBM Sametime Meet Server version 8.5 suffers from a password disclosure vulnerability.
fbac5fd69fa0121c9ad2a573faa45822043f96f12caf4e6c772fdbfb73e4f92a
IBM Sametime Meet Server version 8.8 suffers from a remote arbitrary file upload vulnerability.
a1948e9b3992363b375614da149aca81e22e4b77935273eb6ed883981ca609b7
Ubuntu Security Notice 2310-1 - It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Various other issues were also addressed.
58d3eb1fd12379457b7d374a0622ac5c590760d80a72c972ae312eb6169fd50c
Red Hat Security Advisory 2014-1042-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
a5fd9770eb543143954e0ce7e62172c61b0f36fdf1670bccaa3df126d30abaa1
Red Hat Security Advisory 2014-1041-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
f147cfe7cc12e3f4522d55064638a182d5ac28baf1d3276d5e83e5c9db7af0ed
Ubuntu Security Notice 2309-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
faacd4cf1566718d6f69260c44607fa68bfe1e16226d5b2cf2180515f46c35a9
WordPress GB Gallery Slideshow plugin suffers from a remote SQL injection vulnerability.
9cfaa591ec9aa3d4248dcc53d74c972d54551d251661f0c0997cf7cbbc2bb0d0
Red Hat Security Advisory 2014-1040-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
c84f2ca607c16d6e752c066398ee8786761d415d970c03caeb98cbd795ed9347
Debian Linux Security Advisory 3004-1 - Sebastian Krahmer discovered that Kauth used Policykit insecurely by relying on the process ID. This could result in privilege escalation.
d0cbf458524a741d0147e2a9d3c8ef942e1891f292b0643d4d3b5cc91c430659
Red Hat Security Advisory 2014-1039-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
f3cdf1e9d78876065cfd5fdcf939ee9388ca8b23e3255cd79aa82c3e0053cdea
Red Hat Security Advisory 2014-1038-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment.
220eef9b77e8329c308283833debe085021b4510cef9b147d1800c2590e7f7da
Debian Linux Security Advisory 3003-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.
70339fe9c5d5fd5a410f2b3dabbca2412936ecc78d144f4d00c4a0c1f5267955
Debian Linux Security Advisory 3002-1 - Multiple vulnerabilities were discovered in the dissectors for Catapult DCT2000, IrDA, GSM Management, RLC ASN.1 BER, which could result in denial of service.
600b83ba31ac791c50d1211db30fb7d80d56e233a65282f8705bf468f6be7d8b
Debian Linux Security Advisory 3001-1 - Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure.
99e5b331c3e5e59d98d41f8809a1dbbb885b45e2f323c2fd353cc35335377b1d
Gentoo Linux Security Advisory 201408-2 - A vulnerability in FreeType could result in execution of arbitrary code or Denial of Service. Versions less than 2.5.3-r1 are affected.
90bec08d103b2c2f1e3514f1d73fa1ce766274489a45a1a69a20dda0decf2f91
Debian Linux Security Advisory 3000-1 - Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos.
9e0bf167110ededceb1858ae76f9d9ae9089e225902c5c4500a77d626fe971c7
Debian Linux Security Advisory 2999-1 - A denial of service vulnerability was discovered in Drupal, a fully-featured content management framework. A remote attacker could exploit this flaw to cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections, leading to the site becoming unavailable or unresponsive.
a17bc95d386dc907de06fe2d79c4c5e267dd97bb7369239608bcd96bd26ac071
Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
e6c1e38ce693c76a337bfee5d7931997488682a149dcc7351a58577e1f17db5b