Cisco Security Advisory - Cisco Adaptive Security Appliance (ASA) Software is affected by denial of service, cross site scripting, and command injection vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.
cf3c5080adaffa717adb284196c0ff62f8e668868896ac65f152107b007d4dacHP Security Bulletin HPSBHF03136 - A potential security vulnerability has been identified with HP TippingPoint NGFW running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
6bdd949e8b4cb4636927e862953cb3d4f530ca4d57f3725e586957c6c273c3e8HP Security Bulletin HPSBMU03110 - Potential security vulnerabilities have been identified with HP Sprinter. The vulnerabilities could be exploited remotely to allow execution of code. Revision 1 of this advisory.
e2ee471d68383efb0de9e0c1863732838a36ad2f122f7b2a51804daaaec58544HP Security Bulletin HPSBMU03127 - A potential security vulnerability has been identified with HP Operations Manager for UNIX. The vulnerability can be exploited remotely to execute arbitrary code. Revision 1 of this advisory.
65203255a00f8da7d173cac0dd5ffd2eb971a521a585b50117778feaeffdb89bUbuntu Security Notice 2379-1 - Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. Various other issues were also addressed.
216aab1ac8b1c5f5fa320e1812013bd6082c5c0d0b1cd7b24acb25ab21d04946Ubuntu Security Notice 2374-1 - Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. Several bounds check flaws allowing for buffer overflows were discovered in the Linux kernel's Whiteheat USB serial driver. A physically proximate attacker could exploit these flaws to cause a denial of service (system crash) via a specially crafted device. Various other issues were also addressed.
b94aa93b2ae3e2e8fc27f5841674c392e667c20efe20794d379c3cfa227778ceUbuntu Security Notice 2378-1 - Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. Various other issues were also addressed.
aa7d6fa2cad88994360eaa91e59cb61f822dbcc59854491f5ca6070c59e4a697Ubuntu Security Notice 2376-1 - Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. Various other issues were also addressed.
0a99c5b40b9b6cf4d980a29d1585a7123af10c24bc7015c03dc905ed17b98aa5Ubuntu Security Notice 2377-1 - Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. Various other issues were also addressed.
b8c00e38fee18f4d2a51a08857286215903aaa48f01fac035ec8955398d238e5Ubuntu Security Notice 2375-1 - Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. Several bounds check flaws allowing for buffer overflows were discovered in the Linux kernel's Whiteheat USB serial driver. A physically proximate attacker could exploit these flaws to cause a denial of service (system crash) via a specially crafted device. Various other issues were also addressed.
bc61c6f9bfec79913e6f4cad4cd9134e734cc0d26076a88d9299b05ea0fd9992Red Hat Security Advisory 2014-1370-01 - Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.
f364ec0810f19e7bcbbc4a2bc73fca727fdd4f88ddf34c0366cca3c6a8b7abc3Ubuntu Security Notice 2381-1 - It was discovered that Rsyslog incorrectly handled invalid PRI values. An attacker could use this issue to send malformed messages to the Rsyslog server and cause it to stop responding, resulting in a denial of service and possibly message loss.
ef0650550269081de646357c095792813b24c790927fb53317ceafbb8d412f20Red Hat Security Advisory 2014-1369-01 - Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P6 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. The following security issues are addressed with this release: It was discovered that Apache Shiro authenticated users without specifying a user name or a password when used in conjunction with an LDAP back end that allowed unauthenticated binds.
00d12f729abfc5a93a42cf3c7636ef8dd00903272590f95b40eb2b33f752f7c7Ubuntu Security Notice 2380-1 - Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code. Please note that the previous Bash security update, USN-2364-1, includes a hardening measure that prevents these issues from being used in a Shellshock attack. Various other issues were also addressed.
8791425c635359bb13b6a4a403dd5e2900aebb6afed4869bed14e47f74436117Debian Linux Security Advisory 3048-1 - Guillem Jover discovered that the changelog retrieval functionality in apt-get used temporary files in an insecure way, allowing a local user to cause arbitrary files to be overwritten.
e560fbde31ef78372c5c58e5fb97d1b738f7c6c631ba5bb62b24ae1c4645919cDebian Linux Security Advisory 3047-1 - Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss.
5d4ed68255bfd84dc2a47d2f8636005fd1380871bf309ffd981db72790a94bbfWordPress EWWW Image Optimizer plugin version 2.0.1 suffers from a cross site scripting vulnerability.
4d0f7d06cb2e019c0ba7ee9ee4d59d35e99dc9f54692dccfac5cb4e7c8b5d9b4Aardvark Topsites PHP version 5.2 suffers from cross site scripting and local file inclusion vulnerabilities.
940d50ace752c918217ecd81375f23ada65a4665f733eae8033d9b8298efa90cThis Metasploit module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution.
bacb9cda0dca5ce55e62347a30c31a677409efc130e924388acca709285381ad
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed