OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3
This archive contains a couple of pdfs detailing 22 security vulnerabilities in Oracle Database Java VM along with proof of concept code.
ecf11e83b5525ba9d476e4539ffb04359d6e5d4f9b76b0703665010c38864b7f
Red Hat Security Advisory 2014-1648-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-22, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
1518474dc019ece2e0dd6b35b8b736b5243ad5a094aae9c840ef5cacfa3d77cf
Red Hat Security Advisory 2014-1647-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.
c935120444dd42549c6490a4443329554888cc0698eabaca9ff54d6ec2b1dd87
Ubuntu Security Notice 2384-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
edd8c0da1c9990ed9375968220e771edd1443af9b3d426ba28039844540ffaf4
Firefox versions prior to 33 leak bits of uninitialized memory when rendering certain types of truncated images onto canvas tags. Secondly, MSRC case #19611cz is a seemingly similar issue with Internet Explorer apparently using bits of uninitialized stack data when handling JPEG files with an oddball DHT.
8b9a6d35010ff886448c6426873326338f84f0a0385c80c92c4b6d3104a7d64c
ADF Faces version 12.1.2.0 suffers from a cross site scripting vulnerability.
1133f9915da8a3cc4eb0ab104e7646e7507625c906b4f85e176f18b9f5a8961c
WordPress WP Google Maps plugin version 6.0.26 suffers from a cross site scripting vulnerability.
52fb61bbb26041254dbeba3e3e018728f75f897f2ffef1a5c26f1bab37fff08e
WordPress MaxButtons plugin version 1.26.0 suffers from a cross site scripting vulnerability.
6c85df93e5f41cf643cf32021c2ed932c062bed98447ffc4fda3cdc81e2905af
HP Security Bulletin HPSBUX03139 SSRT101608 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for HP-UX. The vulnerability could be exploited remotely to allow cross-site request forgery (CSRF). Revision 1 of this advisory.
07c4253e079338f4909292838d423e212343724eba67e286ae33423a104c1c27
This bulletin summary notes that MS14-042 has undergone a major revision increment as of October 14, 2014.
3df56daae8792f81697e00b2e7604f390a145d3b0ec99e76b830a66fce040575
This bulletin summary lists eight re-released Microsoft security bulletins for October, 2014.
d37289ed9aa6a4a4c4a4fccd36a8f90d0fe34ab212b1d44e83249b013b6d720a
Ubuntu Security Notice 2373-1 - Bobby Holley, Christian Holler, David Bolter, Byron Campen and Jon Coppeard discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a buffer overflow during CSS manipulation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
1a350165d76673a03f43f670144161d532b675d1fd852188e57c0dfa762c9fbc
Debian Linux Security Advisory 3049-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for RTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial of service.
3d3c45389342bb51a66b6ba545f85ca4301ebde8c2bce45522bd931a463732d5
Red Hat Security Advisory 2014-1636-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
0e4e99699e8366da4b4ef5c7f4a8d7d98e03c00aff69d7ac28b7fec1c3a3e2a0
Red Hat Security Advisory 2014-1634-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity attack against applications using the StAX parser to parse untrusted XML documents.
ff889b003b294350056f06337bcc49df675acd480cfe9adebf5926206260a7cc
Red Hat Security Advisory 2014-1620-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity attack against applications using the StAX parser to parse untrusted XML documents.
e42b953beb5349a59d8789d82e00888eadc63967a980ca64c3607073df9c6497
Red Hat Security Advisory 2014-1633-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity attack against applications using the StAX parser to parse untrusted XML documents.
dbe571c9220e78db49cf806a2546d176a1421fbc369806f3d7a8123e1702ca85
Red Hat Security Advisory 2014-1635-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the Alarm API, which allows applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass cross-origin restrictions.
21dd7290d876ef9b6fe753fb1ff1eb5a68116a8fdfeeab3d2622fe8e98771f5a
Indeed Job Search version 2.5 suffers from a cross site scripting vulnerability.
3f86932dee76c57b86ada962d3468e644f81549233eb0606159d2edec616535c
PayPal Inc iOS Mobile Application - Banking version 4.6.0 suffers from an authorization bypass vulnerability.
c3031f6f89c06eb2f3525e774bc37b045042bff0b2d4f2f770c9e5130bd49cb4
The PayPal Inc MultiOrderShipping API suffered from filter bypass and persistent XML vulnerabilities.
521c296aa1cb313e3553e81917c43918b8a2f5714e9d191e67ccc9cd8d4daaa8
The PayPal Inc shipping application suffered form a cross site scripting vulnerability.
62cf9c78f72465c8b7709c86ba0886380d7deec9d88dc5c1ae4870b5dd12d0d4
OpenSSL Security Advisory 20141015 - A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected. Other issues were also addressed.
7f813dab43819360edd0f61d0861444f45d4c41b0e985a636961e64207acbf57
A vulnerability within Microsoft Bluetooth Personal Area Networking module, BthPan.sys, can allow an attacker to inject memory controlled by the attacker into an arbitrary location. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile.
d94d249bed8485ab2ccc4e373683d6802502b4edd5262cd0b25082323dcef9a7