Ubuntu Security Notice 1906-1 - Yorick Koster discovered that File Roller incorrectly sanitized paths. If a user were tricked into extracting a specially-crafted archive, an attacker could create and overwrite files outside of the extraction directory.
583492944776fbd0fbf5cc8cbacdc74c2df30d412ffaaa166afb48b3960e0321
rpcbind CALLIT procedure UDP denial of service proof of concept exploit.
b1f8e8ac62cc8aa90feb364db73662e95355e499461aacc4babe70c99e31dd2d
Ubuntu Security Notice 1905-1 - It was discovered that PHP incorrectly handled the xml_parse_into_struct function. If a PHP application parsed untrusted XML, an attacker could use this flaw with a specially-crafted XML document to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code. It was discovered that PHP incorrectly handled the jdtojewish function. An attacker could use this flaw to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.
ca764260def9fed8a82b043ed86476cd75c73a0e28f0a9a7dc0438cb6d7963b2
Red Hat Security Advisory 2013-1076-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0636 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS.
e514c34f443c7c63e0a1cb1c40019ce86c10b07bf91c91138fe0259c0e5141ac
Red Hat Security Advisory 2013-1083-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was found in the way Keystone handled LDAP based authentication. If Keystone was configured to use LDAP authentication, and the LDAP server was configured to allow anonymous binds, anyone able to connect to a given service using Keystone could connect as any user, including the admin, without supplying a password.
f7335f06806387494c444983aa45f063b423edb34d8f85e771e34b0897104964
Red Hat Security Advisory 2013-1051-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service.
a8237bc5b0d4bf99427f678d7db474dc77cb9ba7060a71275ad8e94debf18eb2
netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.
be656505a745b41a05dc5fcf746b167dbb7dce761520725f93f79d222c6e5357
The Joomla Googlemaps plugin suffers from cross site scripting, path disclosure, denial of service, and XML injection vulnerabilities.
165dc70f4d8846397f4d21ce1f9794a33e98cb8d13ea08baf7996288d00ca669
Debian Linux Security Advisory 2722-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
205d6ba45c2ac50e43f376f72ec9f52ae8f2d51b5db211236230f603843dfbef
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
ec6fdbe005e9789f64a2eb59bce6ed0182b40f164f99fe7d0081355897a00e21
Mandriva Linux Security Advisory 2013-196 - Updated java-1.6.0-openjdk packages fix multiple security vulnerabilities.
869b68c084c8fd4d72ae353a576a7c8617307bf7360d63d7816d3a7a235ee7d1
Ubuntu Security Notice 1904-1 - It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. Various other issues were also addressed.
cd859ab9c1529eb842030310fdae2e007f5f2c595e947035ccee976394f0e6e5
Red Hat Security Advisory 2013-1063-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
309505c2c8254540813cdaa10f7c8c273952f53f9b8394498febda01107705ea
HP Security Bulletin HPSBPV02891 - A potential security vulnerability has been identified with HP ProCurve Switches. The vulnerability could be remotely exploited resulting in unauthorized information disclosure. Revision 1 of this advisory.
a13c78b7e9815f844c448c9eb92c69522b4f6a4f767e7c12192d6a9794671eef
Dell Kace 1000 SMA version 5.4.70402 suffers from multiple cross site scripting vulnerabilities.
f31d9466c071de7d9384679b764eb2b12bfadfa571627c915b0ffc7b94cf09ee
Ubuntu Security Notice 1903-1 - It was discovered that the mod_rewrite module incorrectly sanitized non-printable characters before writing data to log files. A remote attacker could possibly use this flaw to execute arbitrary commands by injecting escape sequences in the log file. It was discovered that the mod_dav module incorrectly handled certain MERGE requests. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. Various other issues were also addressed.
abd462126aebf1bb2c7fabc5c4f67e1480ea33b6a384117cb877b884bcb02807
Olive File Manager version 1.0.1 for iOS suffers from arbitrary file upload and cross site scripting vulnerabilities.
4923d8db6286e1cf6917d43aa359d9d1dbc6d093111aca760cfae1f6c1112cbc
FTP Sprite version 1.2.1 for iOS suffers from a persistent script insertion vulnerability.
b17f9f86c93c7d304115e7a035b5f7635cf9f925526f289c29667e10571460d8
Squid version 3.3.5 remote denial of service crash exploit.
247867b58f499ec2f8cbd7f45618c22bc77cf0fc844f2741c42df41f4033fd68
Eglibc suffers from a PTR MANGLE bug. All statically linked applications compiled with glibc and eglibc are affected, independent of the operating system distribution. Note that this problem is not solved by only patching the eglibc, but it is also necessary to recompile all static executables. Proof of concept exploit included.
886e08b8e90e2d9b861f8e4dba2d25b994c4200f1929e01cc6bc74363c57f184
Red Hat Security Advisory 2013-1062-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
d5af94336d7fe63affede3df98c2a9ba5b0b2fe4b757d285b2aa441de70ebcfe
Nikon CoolPix L Series Fw version 1.0 suffers from an information disclosure vulnerability.
00c5dc25f1958967070a5163d5ecb6dda8b5bb295f0fb9e5d15b3cce7642bdc8
Barracuda CudaTel version 2.6.02.040 suffers from a cross site scripting vulnerability.
7c11db64cfe677974655ad7002705d5f2f7e6ebaafd849999276966c27b4d925
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
8f5ab28d2f9a943a9dfc50307c5daaf56b714386bbe85c9e2477e3573ce613f4
Huawei E587 3G Mobile Hotspot version 11.203.27 is prone to a cross site scripting vulnerability in the Web UI. A specially crafted SMS can bypass the function used to sanitize incoming SMS messages.
373b9c30f4352d098058d5cab005e87b017ca30d8f579978bd5c62448923b344