Gentoo Linux Security Advisory 201402-9 - A buffer overflow in Apache mod_fcgid might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.3.9 are affected.
35695061e8356a815e05b17659d3f0ef2c15bde8d31916f0edb15fc200e0f871Ubuntu Security Notice 2102-1 - Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
0112eed2fceaf13b2542d6600afaeb7f15912d2d310028a88473ed6d7bf8838eUbuntu Security Notice 2101-1 - Yves Younan and Ryan Pentney discovered that libgadu incorrectly handled certain Gadu-Gadu HTTP messages. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code.
cbae030e0cbd358622c8b4a851571baadde15615378dddd36d471e7a3b2da79cRed Hat Security Advisory 2014-0151-01 - The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the ability to work in the background while the user is logged out, recursive retrieval of directories, file name wildcard matching or updating files in dependency on file timestamp comparison. It was discovered that wget used a file name provided by the server when saving a downloaded file. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client.
717dbc82ea79c91d9538b6f147db7b2dd6acd325272744b0caa4401f82b731caRed Hat Security Advisory 2014-0149-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application.
ab1869eb40905173521dfa2bc8d078041565cdaee5692e209da56b9fa3326e69Red Hat Security Advisory 2014-0148-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. A cross-site scripting flaw was found in the way the Red Hat Satellite web interface performed sanitization of notes for registered systems. A remote authenticated Red Hat Satellite user could create a malicious note that, when viewed by a victim, could execute arbitrary web script with the privileges of the user viewing that note. Multiple cross-site scripting flaws were found in the Red Hat Satellite web interface. A remote attacker could provide a specially crafted link that, when visited by an authenticated Red Hat Satellite user, would lead to arbitrary web script execution in the context of the user's web interface session.
abe07ba4ba9dde3cf539102b9d388b950c61ff87c6feb5a80ba002ac5fdb7438Red Hat Security Advisory 2014-0150-01 - Red Hat Satellite Proxy provides a package-caching mechanism that reduces the bandwidth requirements for Red Hat Satellite and enables custom package deployment. Red Hat Satellite Proxy customers are able to cache RPM packages, such as are provided by Errata Updates from Red Hat, or custom RPM packages generated by their organization, on an internal, centrally-located server. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application.
669c9c9c11aecff1cc8081c8a4033c22fd3a1f755e68e73dbf6986a6047a5bbbDebian Linux Security Advisory 2859-1 - Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client.
9971f9da94a4936515401222fcd0875e78d7f966b207bff95b9b9cc49e110436Debian Linux Security Advisory 2858-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security checks or information disclosure. This update also addresses security issues in the bundled version of the NSS crypto library.
3a4bb06a518cf1e26337e7a1c86410d103df0d9d3d8f00585f44f06686d82ab2Gentoo Linux Security Advisory 201402-14 - Two vulnerabilities in International Components for Unicode might allow remote attackers to cause a Denial of Service condition. Versions less than 51.2-r1 are affected.
744ac5103f42dbff6136ccb34fcb61afdf4ff62a63a6ae0a3489d8696932193eSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
70f0b6dd7ac5cf7f435787ca2e82de4d26cfaaca6e485a12641a0aa2d1871656Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
98e14b573c879bdaf39b4d5b93a02c259a3d0ee1ae46baa642f0b4143efeb269Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
4c8b3ced9ee75df995e66bf273dc2b0f93c62d6474d16e8123bd6f45f2456a3eDebian Linux Security Advisory 2857-1 - It was discovered by the Spring development team that the fix for the XML External Entity (XXE) Injection (CVE-2013-4152) in the Spring Framework was incomplete.
9c12097cfb875c61fce6e20b552e7f5f7b025cc8d7ef5982a220e834a33b1796Debian Linux Security Advisory 2856-1 - It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition.
508b610d2ad42fb81e138ded4b4c75e63ceab3efaa85a14f2cfa933a2d6d1e37Gentoo Linux Security Advisory 201402-13 - A vulnerability in DjVu could result in execution of arbitrary code or Denial of Service. Versions less than 3.5.25.3 are affected.
2c35d3bf0c65f314abdf03236087f2b339f6695448e8f2099e1dea49db3eb703Gentoo Linux Security Advisory 201402-12 - PAM S/Key does not clear provided credentials from memory, allowing local attackers to gain access to cleartext credentials. Versions less than 1.1.5-r5 are affected.
7c0afc3a057f6e07098668827c45a403660f800b01683098d071b6e2121d91adGentoo Linux Security Advisory 201402-11 - An integer overflow in Links might allow remote attackers to cause a Denial of Service condition. Versions less than 2.8-r1 are affected.
e0f16f1d992ca273db9270b00d7cdff513aa3ff9bd251376d452fd5d87096badGentoo Linux Security Advisory 201402-10 - An insecure temporary file usage has been reported in PulseAudio, possibly allowing symlink attacks. Versions less than 0.9.22 are affected.
72bb7817cd424b00898ccbf1acab0cbd8a27f3dcc7bdef81ade11ba12d1cb151The aim of this paper is to discuss the principles behind Passive Radio-Frequency Identification and the principles behind the exploitation, as well as the practical methods that can be used to exploit RFID.
12cc83d3d665a140a5d70e47c3e2c7768fa96a49ecb277e63ccd09fc9a1adfe5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed