Ubuntu Security Notice 2360-1 - Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.
8df063b3cb939db382d3432ee23c8bcd73caea7a3cd58b252812d1a99c657ea8
Ubuntu Security Notice 2360-2 - USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Various other issues were also addressed.
a55a4962a577d8dcb5a441b370937491b9b9fdb5894344155edfb3661a1dfc26
Ubuntu Security Notice 2361-1 - Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.
0b164d83886f94da9bbceb2e461fb57b8928713d9bbb2d8fe7894da0839e1b98
Red Hat Security Advisory 2014-1298-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.3.1 serves as a replacement for Red Hat JBoss Data Grid 6.3.0. It includes various bug fixes which are detailed in the Red Hat JBoss Data Grid 6.3.1 Release Notes.
77f8e8848f2af3253866e59b1a1259b83b7cd5ff39919c125a52301951c12da7
Red Hat Security Advisory 2014-1297-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory.
e6a52a5860b1db89bab94e8df4cebd26369bf1a6fe701deae6b86897b2ad96c0
Ubuntu Security Notice 2362-1 - Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments.
38879f99144687f30726884eb5642eea192bbd07a6ce0db592a56ffdc7e29b5b
WS10 Data Server version 1.83 SCADA buffer overflow proof of concept exploit.
a227c39064e66149b2e0e4bb39e15019fc146303af1110afbb8c02a974620e7d
5pmweb.com suffers from a cross site scripting vulnerability.
44c1d53849693014d71a3e5d067e1538fe075a9353af17787fab810787c01387
insight.ly suffers from a cross site scripting vulnerability.
7ccce86db3bea6965352f61c8695bcf45a7677abaa9756f4f9de035bd34465c9
This Metasploit module exploits a flaw within the Device Manager (rrobtd.exe). When parsing the 0x75 command, the process does not properly filter user supplied input allowing for arbitrary command injection. This Metasploit module has been tested successfully on EMC AlphaStor 4.0 build 116 with Windows 2003 SP2 and Windows 2008 R2.
3e993a7e854efa86fb910cf5ae6005aed96bf8fef7a6b5ff28fe00ff12003031
This Metasploit module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This Metasploit module has been tested successfully on Windows XP SP3 with IE6 and Windows 7 SP1 with IE8 and IE 9.
2c87a396ae651d2548218234d6c075460d07bc9f8c985df84efe8276828e073e
It was found out that the application parser for SSH integrated in Suricata version 2.0.3 contains a flaw that might lead to an out-of-bounds access. For this reason a denial of service towards the Suricata monitoring software might be possible using crafted packets on the monitoring interface.
d9284970b7ebf84d7392e3f60e31b6673917978d712e1c5c6bc2048f65607f49
X2Engine CRM version 4.2.1 suffers from a cross site scripting vulnerability.
1553980341872faee49549bbfd60e4d56207ceb47517d124f9a6b20c48de9053
HttpFileServer version 2.3c suffers from multiple cross site scripting vulnerabilities.
2feb5ccca4ab293462a18355f56ef10135b82ba084f052bcbb31f14e195f9380
iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.
bc5e551ec5cf45782409f2f12f6dece5a828b5d3c81d2edc5ed907caa35aacc7
ipset_list is a wrapper script for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. Optionally, the output can be colorized.
64c062a17bef439d8105af12feae275a0e62d5b5549cb02f23b64c861a3692cb
Red Hat Security Advisory 2014-1287-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
8df62525698bc6668060cc1b9b749fa9c3199a924d832bd499f7418d34dec723
Red Hat Security Advisory 2014-1290-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.3 serves as a replacement for Red Hat JBoss BRMS 6.0.2, and includes bug fixes and enhancements.
4f80131519fa532b2d939ededaed4995c7db19a53b730aec5e8cbebbbe84d586
Red Hat Security Advisory 2014-1291-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.0.3 serves as a replacement for Red Hat JBoss BPM Suite 6.0.2, and includes bug fixes and enhancements.
ba67e16970bb0a46123e301e1f81f50c25821c0c92da96b2a81c3531ecce7e24
Red Hat Security Advisory 2014-1286-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
b9b89d3bdf0d6dc5f868e4f4c0ca0b9c9b012be09000bcdd1cd915e646e3dbbe
Red Hat Security Advisory 2014-1284-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems—such as multiple databases, XML files, and even Hadoop systems—appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.
7d9fe8f6f9c1f706a40f9442301f7e2f501859c472fa8d32b017decb12eaea2f
Red Hat Security Advisory 2014-1285-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
10498041de84d4229d7b188aa858004477c478740f6176bd1e10893834c1c32b
Red Hat Security Advisory 2014-1294-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
367558e0af4bea38e2153ee9ee9c6ce9ff57eb72553269ce1c96319107027e35
Red Hat Security Advisory 2014-1295-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
0ab1587f987ce692a6ed8a870be5c168ea32c5c83293ed22e852410b266a93f8
Red Hat Security Advisory 2014-1293-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
11602d72b531b9a3376befaf2f40d6b9bc9bb40b1d354a5986c1541d7c56f5cd