Ubuntu Security Notice 2259-1 - Salva discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.
4fb5093864365c1809ce0fbfe91f7fb846b76d82177e2f2d13873e3cdaf599b2
Ubuntu Security Notice 2260-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. Various other issues were also addressed.
a4a39b070b3c2638637a0a3a42c4348f420eadd2c2d14b44a27b4ddd0bcfd35c
Gentoo Linux Security Advisory 201406-28 - Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.8.7 are affected.
a7dfc0ad8bcd2a1522857cab1a97683ee996889cfb13167b2801ba61ff9de83f
Gentoo Linux Security Advisory 201406-31 - Multiple vulnerabilities have been found in Konqueror, the worst of which may allow execution of arbitrary code. Versions less than 4.9.3-r1 are affected.
1636f80f16d96860865cc10c6c36fa432ab92847a621b4576d877dd92920fa80
Debian Linux Security Advisory 2968-1 - Jean-Rene Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop.
98f994e455ffe9e827e3cdac132ac260a69f23cd0b844b512787858cbce46187
Gentoo Linux Security Advisory 201406-30 - A vulnerability has been found in sudo allowing a local attacker to gain elevated privileges. Versions less than 1.8.5 are affected.
cab36e1715276e014e86008e83baf9b2196d6035b61ecca23891bc04e1afc11d
Ubuntu Security Notice 2264-1 - Salva discovered an information leak in the Linux kernel's media-device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.
920a2a06a3de9eacbb25f2d917e0dffafeaf7b29e48f7e24cae1845f7c2c673e
LinkedIn suffered from a cross site request forgery vulnerability.
8e1a2fb106e3b781251ccf3ce81d2d5a89ef8abfb000cab08a05481218d5a170
This Metasploit module exploits a code execution flaw in HP AutoPass License Server. It abuses two weaknesses in order to get its objective. First, the AutoPass application doesn't enforce authentication in the CommunicationServlet component. On the other hand, it's possible to abuse a directory traversal when uploading files thorough the same component, allowing to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP AutoPass License Server 8.01 as installed with HP Service Virtualization 3.50.
dd2fd87c80023443848e47bf145fc594ce2617436c0759a85eb64c8248dbcdb7
This Metasploit module abuses a process creation policy in the Internet Explorer Sandbox which allows to escape the Enhanced Protected Mode and execute code with Medium Integrity. The problem exists in the .NET Deployment Service (dfsvc.exe), which can be run as Medium Integrity Level. Further interaction with the component allows to escape the Enhanced Protected Mode and execute arbitrary code with Medium Integrity.
566f2c34ce894a344de48e60acdf38825db4478f6732a3bdd3039b0e32d1cda3
This Metasploit module exploits a vulnerability in Internet Explorer Sandbox which allows to escape the Enhanced Protected Mode and execute code with Medium Integrity. The vulnerability exists in the IESetProtectedModeRegKeyOnly function from the ieframe.dll component, which can be abused to force medium integrity IE to user influenced keys. By using registry symlinks it's possible force IE to add a policy entry in the registry and finally bypass Enhanced Protected Mode.
c9f9dc448204fe8efbcb3d05352d9e8dff208d0ff120536098d4e6f8b8305895
Gentoo Linux Security Advisory 201406-29 - A vulnerability in spice-gtk could allow local attackers to gain escalated privileges. Versions less than 0.14 are affected.
b9413874188c23654847ff370a14d42def91b36b4d09058318892334cd2315fa
Gentoo Linux Security Advisory 201406-27 - A race condition in polkit could allow a local attacker to gain escalated privileges. Versions less than 3.14.1 are affected.
e25d75df9ade95871973ee8eb13ecdc5976b44c82d22212c6566220987e42d0e
The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root.
01a64b6c75c2c538d377c20d172e63cd36ed7553c62d8c8bc2aab7496757c955
Mailspect Control Panel version 4.0.5 suffers from remote code execution, arbitrary file read, and cross site scripting vulnerabilities.
93840f05f3284db346ab563d9c92844b1815684ffd7b76a7df35d6f2fd20dc78
HP Enterprise Maps version 1.00 suffers from an authenticated XXE injection vulnerability.
49cac9392e67761747314562b60d157df35c9cc117dcad5865d91f95214595b0
WordPress Simple Share Buttons Adder plugin version 4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
9b7e8bd26dee08baac6ace569d5e3efc78505ee6d9b668bbb0577bd8be00f138
Red Hat Security Advisory 2014-0799-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an open source services framework, which is a part of Red Hat JBoss Enterprise Application Platform. It was found that the SecurityTokenService, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.
0cd0550f77116d1c59d4591c717a83ad8cdbcaa969bb3bbe9aee718c1d4bb50b
Red Hat Security Advisory 2014-0798-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an open source services framework, which is a part of Red Hat JBoss Enterprise Application Platform. It was found that the SecurityTokenService, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.
4027894893d78fcf6d51613b6eb6547eb5ddfe1627ca792ea319f27908c5bf31
Red Hat Security Advisory 2014-0797-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an open source services framework, which is a part of Red Hat JBoss Enterprise Application Platform. It was found that the SecurityTokenService, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.
05ee0efa8fd93561e6b04aa8dba65e5e2d2acb7ec219068a7f15f089b82cc7b0
Gentoo Linux Security Advisory 201406-26 - Multiple vulnerabilities have been found Django, the worst of which may allow a remote attacker to execute code. Versions less than 1.6.5 are affected.
404e02910f0bba73ffd124d38235026d2d6b71b9979c90bfa6cd369b3b9e7d66
Ubuntu Security Notice 2257-1 - Christof Schmitt discovered that Samba incorrectly initialized a certain response field when vfs shadow copy was enabled. A remote authenticated attacker could use this issue to possibly obtain sensitive information. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. It was discovered that the Samba internal DNS server incorrectly handled QR fields when processing incoming DNS messages. A remote attacker could use this issue to cause Samba to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
ee495aec8ec133e39c6bb8c1541534dba3717b1f8a19b4fd91f988c20373902f
Ubuntu Security Notice 2258-1 - Jean-Rene Reinhard, Olivier Levillain and Florian Maury discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were tricked into processing a specially-crafted message, GnuPG could consume resources, resulting in a denial of service.
64ebbb4d63462023d548da35764df9fab01791f66fe49abd999b1c7d07f42781
Red Hat Security Advisory 2014-0800-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. Various other issues were also addressed.
68b3fb1fb5d2a50a6aabb2fe63feed3bc724bdba866925293b9ec244d4b96131
Red Hat Security Advisory 2014-0801-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free function) arbitrary kernel memory. It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement.
2d58046f306af9f0cc7dc7fd8e3bfda1967d5aa9658a9b13b62046678768bee4