Ubuntu Security Notice 2311-1 - Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests.
105241bbb753224508871fe229922a8e366df3ce2dae5a0022eeaa4c5a037445IBM Sametime Meet Server version 8.5 suffers from a reflective cross site scripting vulnerability.
e4d190702ff79740508c84c53897a8ccfa7a8e5c69de6ea78f5f8bdead6ace27IBM Sametime Meet Server version 8.5 suffers from a password disclosure vulnerability.
fbac5fd69fa0121c9ad2a573faa45822043f96f12caf4e6c772fdbfb73e4f92aIBM Sametime Meet Server version 8.8 suffers from a remote arbitrary file upload vulnerability.
a1948e9b3992363b375614da149aca81e22e4b77935273eb6ed883981ca609b7Ubuntu Security Notice 2310-1 - It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Various other issues were also addressed.
58d3eb1fd12379457b7d374a0622ac5c590760d80a72c972ae312eb6169fd50cRed Hat Security Advisory 2014-1042-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
a5fd9770eb543143954e0ce7e62172c61b0f36fdf1670bccaa3df126d30abaa1Red Hat Security Advisory 2014-1041-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
f147cfe7cc12e3f4522d55064638a182d5ac28baf1d3276d5e83e5c9db7af0edUbuntu Security Notice 2309-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
faacd4cf1566718d6f69260c44607fa68bfe1e16226d5b2cf2180515f46c35a9WordPress GB Gallery Slideshow plugin suffers from a remote SQL injection vulnerability.
9cfaa591ec9aa3d4248dcc53d74c972d54551d251661f0c0997cf7cbbc2bb0d0Red Hat Security Advisory 2014-1040-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
c84f2ca607c16d6e752c066398ee8786761d415d970c03caeb98cbd795ed9347Debian Linux Security Advisory 3004-1 - Sebastian Krahmer discovered that Kauth used Policykit insecurely by relying on the process ID. This could result in privilege escalation.
d0cbf458524a741d0147e2a9d3c8ef942e1891f292b0643d4d3b5cc91c430659Red Hat Security Advisory 2014-1039-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
f3cdf1e9d78876065cfd5fdcf939ee9388ca8b23e3255cd79aa82c3e0053cdeaRed Hat Security Advisory 2014-1038-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment.
220eef9b77e8329c308283833debe085021b4510cef9b147d1800c2590e7f7daDebian Linux Security Advisory 3003-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.
70339fe9c5d5fd5a410f2b3dabbca2412936ecc78d144f4d00c4a0c1f5267955Debian Linux Security Advisory 3002-1 - Multiple vulnerabilities were discovered in the dissectors for Catapult DCT2000, IrDA, GSM Management, RLC ASN.1 BER, which could result in denial of service.
600b83ba31ac791c50d1211db30fb7d80d56e233a65282f8705bf468f6be7d8bDebian Linux Security Advisory 3001-1 - Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure.
99e5b331c3e5e59d98d41f8809a1dbbb885b45e2f323c2fd353cc35335377b1dGentoo Linux Security Advisory 201408-2 - A vulnerability in FreeType could result in execution of arbitrary code or Denial of Service. Versions less than 2.5.3-r1 are affected.
90bec08d103b2c2f1e3514f1d73fa1ce766274489a45a1a69a20dda0decf2f91Debian Linux Security Advisory 3000-1 - Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos.
9e0bf167110ededceb1858ae76f9d9ae9089e225902c5c4500a77d626fe971c7Debian Linux Security Advisory 2999-1 - A denial of service vulnerability was discovered in Drupal, a fully-featured content management framework. A remote attacker could exploit this flaw to cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections, leading to the site becoming unavailable or unresponsive.
a17bc95d386dc907de06fe2d79c4c5e267dd97bb7369239608bcd96bd26ac071Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
e6c1e38ce693c76a337bfee5d7931997488682a149dcc7351a58577e1f17db5b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed