RSA Adaptive Authentication (On-Premise) versions 6.0.2.1 to 7.1 P3 (inclusive) are potentially vulnerable to an authentication bypass vulnerability, if a device binding request is sent in an AAOP challenge SOAP call.
5b046b6dbb4533bb0536f52b6a2dc43f06850b45d7049bc942ecd1b088a8c051EMC Documentum Content Server may be vulnerable to an insecure direct object reference vulnerability where remote authenticated attackers with limited privileges may potentially obtain unauthorized read access or may be enabled to delete arbitrary files stored on the Content Server machine or network shares accessible from the Content Server machine. Affected versions include all EMC Documentum Content Server versions of 7.1, 7.0, 6.7 SP2, and all versions prior to 6.7 SP2.
16926c9bd06c93cbc8802c8b1aefb798a0ec10818ad1b65e388af2de79106df0ADSL2+ version 2.05.C29GV suffers from cross site scripting, open redirect, and command injection vulnerabilities.
147873a319df9b0953c07c5217e237c9a65d013db7322d35d15310c9d21e463eRed Hat Security Advisory 2014-1919-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy.
a4768a1ed845770137dfda480d18e5ff8ef4d9979506ee4ea4a8006dca8278dbRed Hat Security Advisory 2014-1947-01 - The rhevm-log-collector utility allows users to easily collect log files from all systems in their Red Hat Enterprise Virtualization environment. It was found that rhevm-log-collector called sosreport with the PostgreSQL database password passed as a command line parameter. A local attacker could read this password by monitoring a process listing. The password would also be written to a log file, which could potentially be read by a local attacker. This issue was discovered by David Jorm of Red Hat Product Security.
de9fddfbb62b2fa36743ad1557c45fb89c09485f0b921ac43afd16a90ff30054Red Hat Security Advisory 2014-1924-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy.
83e959c70c565dccbc7e1ea95e005cc6482fec9b63d8bf67ef80c4d0bf4b9a88Red Hat Security Advisory 2014-1948-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
3b71f5d6b169bc039bc007559a59b3e625be13b4e9f38be716c407b80a95e740Red Hat Security Advisory 2014-1941-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. This issue was discovered by Laszlo Ersek of Red Hat.
4166a063e862f52056ad9e930f6dff60af42d309f41742398b54086f642abc07Ubuntu Security Notice 2428-1 - Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Joe Vennix discovered a crash when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service. Various other issues were also addressed.
8505b81ac20cdc1ef60b089c97a91e3adac72def4c07e9d2c1aa4dbc2d3d9299Red Hat Security Advisory 2014-1943-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A denial of service flaw was found in the way the Linux kernel's XFS file system implementation ordered directory hashes under certain conditions. A local attacker could use this flaw to corrupt the file system by creating directories with colliding hash values, potentially resulting in a system crash. An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system.
cc3e05257532fc79a02085cdd50c6e4645efeb4e848a6378e35a998e47c4af51Ubuntu Security Notice 2431-1 - It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.
5bb4cde48cd484123416bef08c355511f51ff15ed833702a51b37c736b6a5dceSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
ffcc2d1179782c1daef5d9aca6d5d379798b341a9e605abc3ec6b62dbaf63920Debian Linux Security Advisory 3085-1 - Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure.
a1de1eab869a092126a50a694152d1fc84be0f81497bf7f05391744f9c88bc2cRed Hat Security Advisory 2014-1942-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.
eff8bdcdfdbc57c9b8dc7bb5d9f16f6b75e0744d9e7f707863a0127446560697Call For Papers for Positive Hack Days V which will take place May 26th through the 27th, 2015 in Moscow, Russia.
78af96d36a4c3cac4d9ea281f6e2ff1c5ed62e811616bdc83b8cc63afb7d0d6bYii framework's CmsInput extension versions 1.2 and prior suffer from an improper cross site scripting sanitation implementation.
ca8da68b1474bc4281b1f32954bc5774467cd5f06b1ea17ad128a0eaed3567b7Altitude uAgent - Altitude uCI version 7.5 suffers from a cross site scripting vulnerability.
56485ff6ab476cd20d7405c5429f14391c5f57fbaf9bc14536a89d6aa0ab388b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed