Ubuntu Security Notice 1904-2 - USN-1904-1 fixed vulnerabilities in libxml2. The update caused a regression for certain users. This update fixes the problem. It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. Various other issues were also addressed.
73ee61050460c5c1a204774c868ab1fa47667ad17da81dbf917de23f5248cb36Debian Linux Security Advisory 2723-1 - It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely.
5eb4558096f018f55bb641d30881cb44792c27980ef9cb7a5fa7ed75885fbf0bRed Hat Security Advisory 2013-1090-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
a3b4688f851d6898ccaab5569bbee67a2fe383fc6cbdc119e712e6320810a647Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4113.
d5d4e47648f1ebfb86bdfd934a4fae3bdbdeabda22ebceca0621c2a1c9d2ae04MiniDLNA versions prior to 1.1.0 suffer from heap-based buffer overflow and remote SQL injection vulnerabilities.
e7d1ebafa357dc3be45f9cf26f26f66c2a057c0cc51364b9154c4436a393da48Voice Logger suffers from a remote SQL injection vulnerability that allows for authentication bypass as well as an arbitrary file download vulnerability.
6dd5934f028b093d5d8bd5693b5f0b0569da00f3dbba65651175bba34bfcf673HP Security Bulletin HPSBGN02882 - A potential security vulnerability has been identified with HP Database and Middleware Automation (DMA) using SSL (Secure Sockets Layer). The vulnerability could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.
1c8aa47f9f2e09465ab06f9945672671893feca383420e5a612c31b0e69875aaHP Security Bulletin HPSBMU02870 SSRT101012 2 - A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in unauthorized access. Revision 2 of this advisory.
a39e1e5022520740186ade11e6be3b34711c0b0948c29a2d7d5e7a42c5297b20The Samsung Galaxy S3 and S4 phones come with a pre-loaded application that allows for spoofing and creation of arbitrary SMS content.
de5e8b452ffe3b39a1cf8ac1351ee8616bf67fdf04eb175ac2a45a481240863dApache Struts versions prior to 2.3.15.1 suffer from code execution and open redirection vulnerabilities.
cfb047b4ebb0d3b89917486fe66d84f07ca4bcc5bdfe377bf3b3ee90d011ce92Red Hat Security Advisory 2013-1081-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
f9129cb7b162f33a50d0586fe43b9ef540311ae9b94fa4fadf255a67472c0415Red Hat Security Advisory 2013-1080-01 - Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4 kernel. These custom kernel packages include support for network namespaces, this support is required to facilitate advanced OpenStack Networking deployments. A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service.
1f6ec7f2b1348b3f77f691853c0661c2b6d8c71c0c15a9154155add5bdc0cc30Kate's Video Toolkit version 7.0 crash proof of concept denial of service exploit that creates a malicious WAV file.
67c470f887d0a666ab1d02341218d7300a3a1cc134aa2a732d995763227cb5d4Ubuntu Security Notice 1907-2 - USN-1907-1 fixed vulnerabilities in OpenJDK 7. Due to upstream changes, IcedTea Web needed an update to work with the new OpenJDK 7. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. CVE-2013-2458) Various other issues were also addressed.
ee7c3dad063c66f3fcb29977ac335a9fccb8ed9c785c0f351c718cd376bc5370Light Audio Mixer version 1.0.12 crash proof of concept denial of service exploit that creates a malicious WAV file.
c877efbdaffb2739770c88b26e45cb0a2f408187958b6199cd15d8ca84cea187Ubuntu Security Notice 1907-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
1ad3edd6b52fc4bda88c057fb372ea41602e2d9426e0d7249af965f82f420ff6Ubuntu Security Notice 1906-1 - Yorick Koster discovered that File Roller incorrectly sanitized paths. If a user were tricked into extracting a specially-crafted archive, an attacker could create and overwrite files outside of the extraction directory.
583492944776fbd0fbf5cc8cbacdc74c2df30d412ffaaa166afb48b3960e0321rpcbind CALLIT procedure UDP denial of service proof of concept exploit.
b1f8e8ac62cc8aa90feb364db73662e95355e499461aacc4babe70c99e31dd2dUbuntu Security Notice 1905-1 - It was discovered that PHP incorrectly handled the xml_parse_into_struct function. If a PHP application parsed untrusted XML, an attacker could use this flaw with a specially-crafted XML document to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code. It was discovered that PHP incorrectly handled the jdtojewish function. An attacker could use this flaw to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.
ca764260def9fed8a82b043ed86476cd75c73a0e28f0a9a7dc0438cb6d7963b2Red Hat Security Advisory 2013-1076-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0636 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS.
e514c34f443c7c63e0a1cb1c40019ce86c10b07bf91c91138fe0259c0e5141acRed Hat Security Advisory 2013-1083-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was found in the way Keystone handled LDAP based authentication. If Keystone was configured to use LDAP authentication, and the LDAP server was configured to allow anonymous binds, anyone able to connect to a given service using Keystone could connect as any user, including the admin, without supplying a password.
f7335f06806387494c444983aa45f063b423edb34d8f85e771e34b0897104964Red Hat Security Advisory 2013-1051-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service.
a8237bc5b0d4bf99427f678d7db474dc77cb9ba7060a71275ad8e94debf18eb2netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.
be656505a745b41a05dc5fcf746b167dbb7dce761520725f93f79d222c6e5357The Joomla Googlemaps plugin suffers from cross site scripting, path disclosure, denial of service, and XML injection vulnerabilities.
165dc70f4d8846397f4d21ce1f9794a33e98cb8d13ea08baf7996288d00ca669
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed