Mandriva Linux Security Advisory 2014-188 - Updated wireshark packages fix security vulnerabilities related to RTP dissector crash, MEGACO dissector infinite loop, Netflow dissector crash, RTSP dissector crash, SES dissector crash, and sniffer file parser crash.
cc1d84ccf2d7f1872dc08a4d251047211b14fab272f2c2cb9827dd2e396ee6e3Debian Linux Security Advisory 3034-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
79de4320568e4b16d46f128066d3ed5727d30dad9b7432d769bae6befc4bbbaaDebian Linux Security Advisory 3033-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
3bb8562cd39dc6b69437ddb1dc2332a8799a87972d5e22e62be562ece65a14e8Mandriva Linux Security Advisory 2014-186 - A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
dd22cfcf0af7e59f09c6b9d501bda0a7b9030bdd6dc16f7d18f439d3bc864382Mandriva Linux Security Advisory 2014-184 - A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the -OQ option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.
0b242c6a63963c589cac2cd1587058f329b89e372158fe7418d20410f8f2ef2fZyXEL Prestig P-660HNU-T1v2 suffers from a remote credential disclosure vulnerability.
a11b0844b499c1a56ff865d40ff31c2d6190bd5310c1872b46386cd82ef5acd9Due to a processing issue with environment variables it is possible to leverage bash for command execution through various methodologies.
10416de1b992e9a1adc732bd402d4760e0a76f5de17bf16ba8456967dcec154bBash specially-crafted environment variable code injection proof of concept exploit that inserts the malicious payload into a User-Agent header and looks for a 500 response on a web server.
1273ee8212b97a8ecaf568588e84bc96f969eba4ff5386e89d28e7453e106454CMS AutoWeb version 3.0 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
279b5425a6bff2252c116322d11992c4e67a38e00cc18241d49877aabe59a709Gentoo Linux Security Advisory 201409-9 - A parsing flaw related to functions and environments in Bash could allow attackers to inject code. Versions less than 4.2_p48 are affected.
8551811d553ddfdec75a15ba67cdecb9c82f0b7c97bfce099ffa5852dc723278Ubuntu Security Notice 2360-1 - Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.
8df063b3cb939db382d3432ee23c8bcd73caea7a3cd58b252812d1a99c657ea8Ubuntu Security Notice 2360-2 - USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Various other issues were also addressed.
a55a4962a577d8dcb5a441b370937491b9b9fdb5894344155edfb3661a1dfc26Ubuntu Security Notice 2361-1 - Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.
0b164d83886f94da9bbceb2e461fb57b8928713d9bbb2d8fe7894da0839e1b98Red Hat Security Advisory 2014-1298-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.3.1 serves as a replacement for Red Hat JBoss Data Grid 6.3.0. It includes various bug fixes which are detailed in the Red Hat JBoss Data Grid 6.3.1 Release Notes.
77f8e8848f2af3253866e59b1a1259b83b7cd5ff39919c125a52301951c12da7Red Hat Security Advisory 2014-1297-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory.
e6a52a5860b1db89bab94e8df4cebd26369bf1a6fe701deae6b86897b2ad96c0Ubuntu Security Notice 2362-1 - Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments.
38879f99144687f30726884eb5642eea192bbd07a6ce0db592a56ffdc7e29b5bWS10 Data Server version 1.83 SCADA buffer overflow proof of concept exploit.
a227c39064e66149b2e0e4bb39e15019fc146303af1110afbb8c02a974620e7d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed