The WordPress download-manager plugin contains multiple unauthenticated file upload vulnerabilities which were fixed in version 2.7.5.
079e34e20841af90322c299baf4e66895abbbef7cea8d6d73043669dc843d6bf
This bulletin summary lists one bulletin that has undergone a major revision increment for December, 2014.
10f297ef1c2d5cdcff4b9051acd3dab402f0f4dc2931074932d16cef502726d8
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
57b1120e91bd4e348e1a4cee9eb7b197d05fc25169e062f1a11f5dd4b9322c60
This Metasploit module exploits a PHP object injection vulnerability in Tuelap <= 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() call exists in the 'src/www/project/register.php' file. The exploit abuses the destructor method from the Jabbex class in order to reach a call_user_func_array() call in the Jabbex class and call the fetchPostActions() method from the Transition_PostAction_FieldFactory class to execute PHP code through an eval() call. In order to work, the target must have the 'sys_create_project_in_one_step' option disabled.
5a33756ac6f164ee2fb059946d33588c9b36b6022e2d724e212c9716e418d54e
A potential vulnerability in RSA Authentication Manager 8.0 and RSA Authentication Manager 8.1 may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks.
c94e4103d1b1f6c1f48e2083bc20a14a126ed6661565ecc81889a562ba568adb
RSA Archer GRC Platform version 5.x suffers from cross site scripting and various other Oracle JRE 7 vulnerabilities.
6b4a2792bb657ccb72440c6bd80139f9a70eac83846efd16aae3847693ce4c1c
EMC Isilon InsightIQ may be potentially affected by a cross-site scripting vulnerability that could be exploited by malicious users to compromise the affected system. EMC Isilon InsightIQ versions 3.0.1, 3.0.0, 2.5.2, 2.5.1, 2.5.0, 2.1.0, 2.0.1, and 2.0.0 are affected.
df55b5989651d1f6edd03b4ab30686d501dbe2c8291efc49da5667b050cb47a9
Docker version 1.3.3 has been released to address privilege escalation, path traversal, and spoofing vulnerabilities.
8500831f87dd1053a5b03c9bb78a961217c43693b105c24e9149353125d6553a
HP Security Bulletin HPSBUX03162 SSRT101767 3 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle On Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.
ac73ab793d3e143cbf0d6f6b0e608c4518b82d95afb0fd03bef55139f7c4359f
Debian Linux Security Advisory 3099-1 - Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector. This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count.
b16d3d2ddbe47620229c22a1286fd9cd9b5f6f1382c46f6f464f040d0fb9cfd5
Red Hat Security Advisory 2014-1985-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash.
80b5d38f57260b3a962b8a2b0f4fd7064ffb4a33fe8c3de927322f243c9d200a
Red Hat Security Advisory 2014-1984-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash.
87b5b982594ba2b6e1106bf92f7524c83e64a6f93b0b3a96deb18212d2feb05d
Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.
0d52bd946d4c830b5f1f480535296f513bafe2d3abc811d6666cbb6fb317a087
Gentoo Linux Security Advisory 201412-10 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2013. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.
dfae5213058f17a174e44b8ab87d7bf913eba47a9c114a364faf2921fd834a0e
Gentoo Linux Security Advisory 201412-9 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.
4995f714768dc9489827ec4c465280ca801c6e87a06c8c8703f318a02caf11a8
Ubuntu Security Notice 2448-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.
cc26cddcf990c6e4806b8a2830ba32c515f3b08214bf8c6381b965ed04395de6
Ubuntu Security Notice 2444-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.
8d55b495c08c469f393a908849b08199e4e913ec6381b4b38d921293f81b5df4
Ubuntu Security Notice 2447-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.
df1d53cc9704187a3bff3f08f70b26ee26d8e4cf0a0fd71fa2bd5ced9530d3d6
Ubuntu Security Notice 2446-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.
8e8cdac6a89c267aaf2a3f6860b6f66859cff32a439578520916813950701dd3
Ubuntu Security Notice 2445-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.
94e812239191ebdb5a1cef87d91adbdb63a8e570f57301b832942b8b783b3c83
Ubuntu Security Notice 2443-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.
cf6047ccb1b24e003bd8fa8a4bde8410e0623e015f81104c409931c57084f548
Ubuntu Security Notice 2442-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
288267c834792a8e3246504ad1734c3fe48f348a5065045fb6df325ec1dcf9ee
Ubuntu Security Notice 2441-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
351ac93482ab04f44a623a4251f21fe15ca92d2c32eaf98a44a99b4d5a247b0e
Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.
a863e2eb03f0ac1937834e096aa9a52158ef6e9eb8144f3d6df45b14d4002a27
WordPress WP Construction Mode plugin version 1.91 suffers from a reflective cross site scripting vulnerability.
4b3a420c975d97c587880090e2cd44f989c3707e35392b402ae97274917b937f