T-Mobile HOME NET Router LTE / Huawei B593u-12 version V100R001C54SP063 suffers from cross site request forgery, information disclosure, command injection, and directory traversal vulnerabilities.
5ecc71b535700461b5eb90e9396b789a771cb54638c84b968532e6e4e659d99e
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
98d300089ef30f1e701fbbb74de72ab40d5d30e4e2a3f8352b8f3b45b2f77ff5
NCH Software Express Burn Plus version 4.68 suffers from an EBP project file handling buffer overflow vulnerability.
f3faa2625935e2f4e9b885ea0654295bf010125e8765622056a10aaedc1302d1
DaumGame active-x control versions 1.1.0.5 and 1.1.0.4 suffer from a buffer overflow vulnerability. Proof of concept code included.
700de7f082a11cf764630d887c017c3cbc2790e1de57e8121f8094354020695e
Gentoo Linux Security Advisory 201401-21 - Multiple vulnerabilities have been found in Poppler, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 0.24.5 are affected.
4538dde98f8c92351e219322d8718e56257b5b9b40521930dd6b7eb79de8556e
Gentoo Linux Security Advisory 201401-20 - Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. Versions less than 0.8.8b are affected.
60e499dc878470aef030b4e84ae80fe629bbd4de79b08c73333effba0110f1fd
Gentoo Linux Security Advisory 201401-19 - A buffer overflow error in GMime might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.4.15 are affected.
7015ce34ec32841e3f2fb8df1c2fc061eaa55e1b2f1bde5478bf50c79f8b453b
Mandriva Linux Security Advisory 2014-014 - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted certificate that is not properly handled by the openssl_x509_parse function. The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service via a crafted interval specification. The updated php packages have been upgraded to the 5.5.8 version which is not vulnerable to these issues. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.8 and some has been upgraded to their latest versions.
8cf7940a193c870dfe4a5421f1538695dff4660b76dc24b692930776885f8223
Red Hat Security Advisory 2014-0038-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. A flaw was found in the way Red Hat Enterprise Virtualization Manager relayed SPICE connection information to remote-viewer when a native SPICE client invocation method was used. As a result, remote-viewer attempted an insecure connection first and only switched to a secure connection when requested by the SPICE server. An attacker able to intercept the SPICE connection could use this flaw to conduct man-in-the-middle attacks.
5df079ba6e849babda647aa9e89fe5a31f17c77cebc3fcbbac4b809f9baf9f42
Red Hat Security Advisory 2014-0041-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected.
b4c76518fefda3f3206630aed636919cd1cea85e9a2b797b898a47ee35f3368f
Gentoo Linux Security Advisory 201401-25 - A heap-based buffer overflow in ldns might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.6.11 are affected.
59fbdc141d2fc66746573e6bfe90b16f20bbdd0ab366687f32bbdce7c4be86ab
Gentoo Linux Security Advisory 201401-24 - A vulnerability in INN's STARTTLS implementation could allow a remote attacker to conduct a man-in-the-middle attack. Versions less than 2.5.3 are affected.
f6f048502cf3f99429097f71c3ea6443f38b357d2d436eaad1d83f308bc1e98a
Gentoo Linux Security Advisory 201401-23 - Multiple vulnerabilities have been found in sudo which could result in privilege escalation. Versions less than 1.8.6_p7 are affected.
dda81040cd1424b5d756e10f8887535266792aeb424207b4e2da032de4b6d974
Gentoo Linux Security Advisory 201401-22 - A vulnerability in Active Record could allow a remote attacker to inject SQL commands. Versions less than 2.3.14-r1 are affected.
5ae7b184f2b9a809ef440c33b3aec3891a6294f8e5e3b68863ece85918e7b2a7
America Online (AOL) suffers from cross site scripting and remote file inclusion vulnerabilities.
8a613994798545bcea472db93af4ceb0b66319269963bcb88f660250d728a92b