FreeBSD Security Advisory - The ntpd(8) daemon supports a query 'monlist' which provides a history of recent NTP clients without any authentication. An attacker can send 'monlist' queries and use that as an amplification of a reflection attack.
855ebbd21f6a31190a872cdb3928fdba92ff66aa654805455eab3998917e5b1eFreeBSD Security Advisory - A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2.
8cfc9cbab96b1b477732894dceb5515843f94bda1957f4f8b56f78b5d7e6a1d7Debian Linux Security Advisory 2844-1 - It was discovered that djvulibre, the Open Source DjVu implementation project, can be crashed or possibly make it execute arbitrary code when processing a specially crafted djvu file.
d7ca29eafee9d5e622caf3059b505b8d854dd08ed68522086213d1b74c3930ecCisco Security Advisory - Cisco Secure Access Control System (ACS) is affected by privilege escalation, command injection, and unauthenticated user access vulnerabilities.
a877e0bdd634a90d1446f6d3d275b8802a4064aed2a3213f2c1790df2d560db7Red Hat Security Advisory 2014-0028-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-02, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.335.
72b1fad90804590637bc1f91825768c2f1bff69b80340ba1322986cb8a7d3048Ubuntu Security Notice 2082-1 - Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions.
8ccfc6fba38df9120e96e707d0a9e03460184e1d2c68c90777c3dda22d9ec4a9FreeBSD Security Advisory - The bsnmpd(8) daemon is prone to a stack-based buffer-overflow when it has received a specifically crafted GETBULK PDU request.
351d8fb78b9b65fa1c1b3fa7aa44fd6aea60e5ffb76d66cf7adff1a3a4be8a3eRed Hat Security Advisory 2014-0027-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
15425be109ffb343bbfa132d01e00c82e3d7dd3b6dc1ee6d38438bb9d9c79311Red Hat Security Advisory 2014-0026-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
7ce7722a786811cc9fd25703a94b2466957f87a55820b192300e001de18281ebRed Hat Security Advisory 2014-0029-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.2.0 serves as a replacement for Red Hat JBoss Data Grid 6.1.0. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.2.0 Release Notes.
7722ac9b8d1472e20430051056e03e4d1e7c7b5612da1613cc03b70b9c2bd362The fix for the XXE injection vulnerability in Spring's framework was incomplete when addressing the issue outlined in CVE-2013-4152. Versions affected include Spring MVC 3.0.0 to 3.2.4 and Spring MVC 4.0.0.M1 to 4.0.0.RC1.
173314b9e0698f8b4a1f988549c3ab83bb9af713cd2cc7374742743449dc9f25SmarterMail Enterprise and Standard versions 11.x and below suffer from a persistent cross site scripting vulnerability.
2ed7fdcafc2c32f5180ce94a972dd1a299b8ef19a252dc6474a6b3e1d1d65458XAMPP version 3.2.1 suffers from a cross site scripting vulnerability.
7e4de4aa57bfb79c844e7b693a14cc3809880e3e4222a8e2b4765d28905bc3cfQ-Pulse version 0.6 suffers from a cross site scripting vulnerability.
aeddee49f18b63a3ba201fb1edece17f1012a2441aad502132c7694694ce86dbVacation Rental Script version 3.0 suffers from file disclosure, cross site request forgery, and cross site scripting vulnerabilities.
0a5e63d846266b7f8ce568eb5fb1d48f4ca2ea10715cc7d83810fba312734bda
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed