Mandriva Linux Security Advisory 2014-231 - Icecast did not properly handle the launching of scripts on connect or disconnect of sources. This could result in sensitive information from these scripts leaking to clients.
869d8835249b0bad75dd9dcc9c0d9d0bab22dd39b5771ff84b36c0092d5d8ddfRed Hat Security Advisory 2014-1914-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.
64e3d44e9dbab89e160adf73238ebdb29bdeec72fc06bbc51f513a53b785ec91Mandriva Linux Security Advisory 2014-230 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.
e78db882e943ee9b4f1b7075ddaa971883bca45bf173bf02afe691b652970d70Red Hat Security Advisory 2014-1913-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.
d34b054a1a09c5c71830a7fcd1d0e8f4e17c481c432a2ca499f384346ad1bb95Ubuntu Security Notice 2423-1 - Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Damien Millescamp discovered that ClamAV incorrectly handled certain PE files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
d6092dd8150ce52077c247cd9ef37e9c7460b34082e92cd732c24dd6bdcedf14Red Hat Security Advisory 2014-1912-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.
605c3f723bbfea05479a3515ed6e3f17674fe0a63446d76ac3980b8b44b410b6Red Hat Security Advisory 2014-1911-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. The CVE-2014-8090 issue was discovered by Red Hat Product Security.
f40e101efebd630758efe522c9936ca1eb07b705ae9818d1a01084211278397cDebian Linux Security Advisory 3077-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
62c0314467aa2c9895f33a70b2c2b807f397a7842f9458256402276ac4e2ab97HP Security Bulletin HPSBGN03202 - A potential security vulnerability has been identified with HP CMS: Configuration Manager running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
11d8f74f3d234703927a352f928edc3ce65648f18012e6152aa5b809e5c5d27eMandriva Linux Security Advisory 2014-229 - A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC client. A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes when using the file transfer message feature. Additionally libvncserver has been built against the new system minilzo library which is also being provided with this advisory.
59582641be6253489b02c2a056d9dc2e9d78bc1f386ccc42b6724b2908a98685A specially-crafted sniffit configuration file can be leveraged to execute code as root.
0e5fe0fcd83bf75ca01e02b696edc874fa9921b6318df3ad0fddb1136bf2a3ebThe India Times site suffers from multiple cross site scripting vulnerabilities.
27ec2357a0f195cb6415de9ecdba19bb9890d2d4f6cbd1342c38d2f4dcf4dd04WordPress Ad-Manager version 1.1.2 suffers from an open redirection vulnerability.
481e53868adfd461ba5cde08f15d349c49cb6d5d3b80e29c05bf4b37ff39b763Springshare LibCal version 2.0 suffers from a cross site scripting vulnerability.
4c0fe54916f30cdf49c6c044a53f873e35b2d1c4e776981a9ad714a82f7cc20fWeather Channel's weather.com suffers from multiple cross site scripting vulnerabilities.
4659c08736f1b4bac545584b83972e574cc06de7ed4a970775fe6adbe922aacd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed