Debian Linux Security Advisory 3030-1 - Multiple SQL injection vulnerabilities have been discovered in the Mantis bug tracking system.
7ec113a935c89ad9a311490ba16351ced2516ceca32df1676255c000535a79faDebian Linux Security Advisory 3029-1 - Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position.
686cb84de4ba244efd0ea0a859ce45d3415fd2e9a99661b6e0d82901f605adddRed Hat Security Advisory 2014-1268-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to supply a malicious image file to QEMU or to helper tools used in image conversion by services such as glance and nova could potentially use these flaws to cause memory corruption, resulting in a crash or possibly arbitrary code execution.
fa9a090f061e49ebd6c9d9180ffd2781fd7e6e5ab6c7769ae73a3ad939cdc81fRed Hat Security Advisory 2014-1281-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system.
9db192dae67115d135082d1c74941604603bf15acde17a51427e55f23152e653Ubuntu Security Notice 2352-1 - Simon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Alban Crequy discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
578a2d1dfc85b26a2a964420dece270158fce7e3eb1ee68afd5fab19c7aa3d29Ubuntu Security Notice 2351-1 - Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx incorrectly reused cached SSL sessions. An attacker could possibly use this issue in certain configurations to obtain access to information from a different virtual host.
02a8e09de555bdb912d184f6c0aefad2a80152bc1062161322d7a1666becefaaUbuntu Security Notice 2350-1 - The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17 which includes the latest CA certificate bundle.
359eef1863967a3b5b7f8d6b8420e45720f540fd85d506dbfbaf0f294396fddaTP-LINK WDR4300 suffers from cross site scripting and denial of service vulnerabilities.
96f6a7503c2af655eae7292736644ce83e0a4d4f6df61a2b334857eae73d6e26Joomla Mac Gallery component versions 1.5 and below suffer from an arbitrary file download vulnerability.
92c2bf84e86e20561df1eaa9ca9f6fd9ec03e8c9b1092777059db18344af0e07HP Security Bulletin HPSBPI03107 - A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote unauthorized access. Note: This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. Revision 1 of this advisory.
c630d7cb333d249c31f5bfb55e2236a3d8bbab6a9929e9aed07b2ff46802f312Mandriva Linux Security Advisory 2014-180 - The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL side-channel attack.
03ec5c081a2354c13e32e599e0fef98400dfb6bbc16a191f9eaf5f922d8321aeKonaKart Storefront Application versions prior to 7.3.0.0 suffer from a cross site request forgery bypass vulnerability.
527973821e6614b395a15c0f745e0e2351e17b8c7738921e8d17f5bcd27a4476Glype Proxy version 1.4.9 privacy settings can be bypassed via cross site request forgery.
5f29a607322d5f837369955ce66d4a2f3d17bda78f12df427d8d7e1333243020Glype Proxy version 1.4.9 suffers from a local address filer bypass vulnerability.
861ab543f64b4b0395368a45276441e04c4678908a962ea14f4f637855924384Joomla Face Gallery component version 1.0 suffers from remote SQL injection and arbitrary file download vulnerabilities.
be82220d948205abc7bb6578e33091fb5a65a984d95e4e2774758733247b1f76A path traversal vulnerability has been identified in the Glype web-based proxy that allows an attacker to run arbitrary PHP code on the server or to remove critical files from the filesystem. Version 1.4.9 is affected.
90908a193872545e7e1dc5fd354b168c8969c94042ebe864eaa3c75d1060efe3TomatoCart version 1.1.8.6.1 suffers from a cross site scripting vulnerability.
79fa551178c89cd026702176897012baab890d8c7eba697d2cb60aa11162509c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed