Sierra Library Services Platform version 1.2_3 suffers from cross site scripting, user enumeration, and HTTP parameter pollution vulnerabilities.
a6b55b2f25753f6aa79f465b7dad177fd8822701d788d595cf90f0a72f217779
Gentoo Linux Security Advisory 201408-12 - Multiple vulnerabilities have been discovered in Apache HTTP Server, the worse of which could lead to execution of arbitrary code or a Denial of Service condition. Versions less than 2.2.27-r4 are affected.
74c770647893db7bdefa7fe626d5e7a9771e8d4cd1ddee8a7bd68e3e8bb6436e
Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.
603e59db98b503d98e09222be7ae1aa6e92e8c93410b7df813b8dd5222e058f1
Gentoo Linux Security Advisory 201408-10 - A vulnerability in Libgcrypt could allow a remote attacker to extract ElGamal private key information. Versions less than 1.5.4 are affected.
dc140fe843d5ab6ab9a5998f40aeb6364054dfe18d31c18f4b8b0f7836c3a02e
Gentoo Linux Security Advisory 201408-9 - Multiple vulnerabilities have been discovered in GNU Libtasn1, the worse of which can allow a context-dependent attacker to cause a Denial of Service condition. Versions less than 3.6 are affected.
9eb259c7ad52db023b5746739662027753337b7e5aa8cf8018a3c533be9cfb5b
Gentoo Linux Security Advisory 201408-8 - A vulnerability in file could result in Denial of Service. Versions less than 5.15 are affected.
0142ad27148e5ac6699d382c815155e6f2bc50d4ef090fea10e1dcdb1eff30b8
Ubuntu Security Notice 2328-1 - Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. Various other issues were also addressed.
ba67695dc9b003222520566f863135bb43e18212d94c36bfac54afb17dbc0f23
Red Hat Security Advisory 2014-1110-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.
546be34b84eb08e6ac3baa3ac0e66b3bfb9668ca3a749ee7e0b2cf5eb2d3a2e3
Gentoo Linux Security Advisory 201408-14 - A vulnerability in stunnel might allow remote attackers to gain access to private key information. Versions less than 5.02 are affected.
d86bc9ea6dc2a2497305fc97390f67a9668550351c8f73a702c11287b7c2e7cf
Gentoo Linux Security Advisory 201408-13 - Multiple vulnerabilities have been found in Jinja2, allowing local attackers to escalate their privileges. Versions less than 2.7.3 are affected.
45f5f1798920b592c6c3fbfb7e03ae46684a6d440f2f5afdd03f111a7ff058f6
Aerohive Hive Manager (Stand-alone and Cloud) versions greater than and equal to 6.1R3 and HiveOS version 6.1R3 suffer from bypass, code execution, cross site scripting, file disclosure, local file inclusion, arbitrary file upload, missing passphrase, and password disclosure vulnerabilities.
cda32b36ba6f19559448f8007c162ba158f4b31d35722a7b7f4a3f40b5f0e800
Debian Linux Security Advisory 3014-1 - Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests.
5e351a1d139585fb9520a9884e38270f9aa23af5afaf97f0010e61ce08fc9064
Red Hat Security Advisory 2014-1103-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.
184a842d7a169d9032e982dd7804cbf9c1439b4ed8e0214ae3b6c70cd5f0dfde
Debian Linux Security Advisory 3013-1 - Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code.
08ee1cc3f772b3107bc3b05694ec1d5a52965bb043eb604501975e46017a5876
Ubuntu Security Notice 2327-1 - Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.
916e29698c752224a8cbb7a9c77d542b4db061a30ba237e61be04fcc7764a84f
This bulletin summary notes that MS14-045 has undergone a major revision increment as of August 27, 2014.
81b4c6695e127a3c88b4a69d1dce7b9431e665641f9a479bb33ffaf52b7885f8
ManageEngine EventLog Analyzer version 7.2.2 suffers from multiple reflective cross site scripting vulnerabilities.
0bf36f68da768952108b58e9e72774b2bf741922f4c175919319cf299d4fe76d
Debian Linux Security Advisory 3012-1 - Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution.
1fda609b5a3bc772a28814203d914f8516efd24910c2e122c8383a3dc3d5a4dd
Red Hat Security Advisory 2014-1102-01 - Ruby on Rails is a model-view-controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record's create_with method failed to properly check attributes passed to it. A remote attacker could possibly use this flaw to bypass the strong parameter protection and modify arbitrary model attributes via mass assignment if an application using Active Record called create_with with untrusted values. All ror40-rubygem-activerecord users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
2cd25f0dba5c66d9dc2d6f4a7e6c235747fedffc056844c7ef6d7252249588e3
Red Hat Security Advisory 2014-1101-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets. A local, unprivileged user could use this flaw to crash the system.
c91898517a883dd6f082a85ce083d572bdff42dd7fb6a67daf132005f8cc8545
Encore Discovery Solution version 4.3 suffers from an open redirect vulnerability. It also passes the session token in the URL.
e0920eb1e2d0150ca74c5e507a7c2eac753594fae2d4c3fb55d5150e27fe6b15
Red Hat Security Advisory 2014-1098-01 - HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. This issue was discovered by Florian Weimer of Red Hat Product Security.
7df65a02bbc1bc5f61cae3e68e09fedb553701534ae4f7610be73e42d295d8b9
RSA IMG systems configured with NovellIM as the authentication source may be subject to a potential authentication bypass vulnerability due to the fact that no password is required to authenticate legitimate users. A malicious user with knowledge of a valid user name can leverage this vulnerability to perform operations with the privileges of the authenticated user and potentially cause audit-attribution problems.
7ed9817568420c9f158ee2e729151f691c893508ded59e56407c1ee1eb06110d
HP Security Bulletin HPSBMU03076 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 2 of this advisory.
74c6011fdf049e842deed96044d5db0c591aa6e4838740959a4510208f32ffef
Debian Linux Security Advisory 3011-1 - It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.
c093fa7246682f73827de1c6b9f5ff7e4aee631748170883f9576b67e222827d