Panda 2014 products suffer from a heap overflow vulnerability that allows for privilege escalation.
ee7570db291ac19c2cacdd5efdcf59e3ad74d5faf572b58900607b82cf340cd4ESET Windows Products versions 5.0 through 7.0 (Firewall Module Build 1183 (20140214) and earlier) suffer from a privilege escalation vulnerability.
dece2baa665e8eaa6eefd41fcb60bffa50108ef2c1df166fbc98dc57cbe85529check_mk versions prior to 1.2.4p4 and 1.2.5i4 suffer from code execution, write access, and cross site scripting vulnerabilities.
a00c8d0fe4e508233a535d46e84394410ce2c44a02229119c8b053b43de0f949HP Security Bulletin HPSBUX03095 SSRT101674 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access. Revision 1 of this advisory.
35ea6546fb12c44295439a0781aa60fc6a8b2a36280244b7445e4c518ed728ffHP Security Bulletin HPSBUX03092 SSRT101668 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
c475e47d56e402b9414d3d4787a5237a281a3f776dad71a9c75166d6b88b3ce1HP Security Bulletin HPSBUX03091 SSRT101667 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
a73ee293e490e0bc1321df066c53a0382b005d71d29f3d9b45085803e2a2f61cHP Security Bulletin HPSBMU03101 - A potential security vulnerability has been identified with HP Asset Manager and CloudSystem Chargeback running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information or unauthorized access. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by this OpenSSL vulnerability. Note: OpenSSL vulnerabilities, are found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.
5d131e19c74508e54a0fb0b1a8b26b636d5c559cc31f1fba60c84afc59abd798HP Security Bulletin HPSBMU03094 - A potential security vulnerability has been identified with HP Connect-IT running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information or unauthorized access. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by this OpenSSL vulnerability. Note: OpenSSL vulnerabilities, are found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.
156f676c821faa0780e9c47395871260abe84199c340cefaa2510d6f8b6742d1Red Hat Security Advisory 2014-1078-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A denial of service flaw was found in Neutron's handling of allowed address pairs. There was no enforced quota on the amount of allowed address pairs, possibly allowing a sufficiently authorized user to create such a large number of firewall rules as to impact performance, or potentially render a compute node unusable.
61eb55f7d058af9258b042448433e0cf6aa02fb99c11d532644292fb37b5765eUbuntu Security Notice 2319-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.
54f5da236016a9ec948c44fc37236d57d819e18c3273bea43ec3b53073de3efaRed Hat Security Advisory 2014-1082-01 - Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine with support for monitoring multiple JVM instances. The httpcomponents-client package provides an HTTP agent implementation that is used by Thermostat to visualize collected data in an HTTP-aware client application. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
bfae5fc3bb60d3716504aa9437504ce45b829444527176b89c73d86eb3a68576Debian Linux Security Advisory 3007-1 - Multiple security issues (cross-site scripting, missing input sanitising and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.
4f0e774ab42a6d70a94103e9e8f16df9a32a25d26c01b1a17ccf40a3b0bdc588Red Hat Security Advisory 2014-1083-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. Multiple use-after-free flaws and an integer overflow flaw were found in the way the Linux kernel's Advanced Linux Sound Architecture implementation handled user controls. A local, privileged user could use either of these flaws to crash the system.
25199bf469feb34a9e53eaf2a67aadf4f5d1928513f4233128fae0cbe57edc83Apache OFBiz versions 11.04.01 through 11.04.04 and 12.04.01 through 12.04.03 suffer from a cross site scripting vulnerability.
fc343b2e9b0b222af9ed2172c74986902a356c06c28a09a1384b4dbecc1d0f5eRSA Archer GRC Platform 5.5 SP1 contains fixes for multiple security vulnerabilities such as privilege escalation, unauthorized access, cross site request forgery, inclusion of functionality, and embedded component issues.
c5cc67563b9eb44815aef96fb982b29d83d634418743e2ceb8f768330e9e1a6bEMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities. Nicolas Gregoire provided the following PoC for the DQL injection: x'+UNION+ALL+SELECT+'z',user_os_name,user_name,default_folder+FROM+dm_user+ENABLE+(RETURN_TOP+10);
8519416c566585987d0c1b89564e5ddbeb78d80955a30917dd2386336520cb34EMC Documentum D2 contains a fix for a privilege escalation vulnerability that could be potentially exploited by malicious users to compromise the affected system. D2GetAdminTicketMethod and D2RefreshCacheMethod methods serve a superuser ticket to all requesting parties. A remote authenticated unprivileged user could potentially use these methods to request a superuser ticket and then use that ticket to escalate their privileges.
eb13a7c78f8146524ad5f310c49180d47fd88c3516da4b3e65ccb5913327a113Red Hat Security Advisory 2014-1076-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
4a3e5a1d3b5d3126257f308d67fc12e3821112ab46c5863333fd74aa06917520Red Hat Security Advisory 2014-1075-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
b35709ab7e9c9bdb86a3f0152027256f58d7211fa345248512524557c113b9bcEMC Documentum WebTop based products contain fixes for multiple cross-scripting vulnerabilities that could potentially be exploited by malicious users to inject arbitrary script via some query string parameters. This may lead to execution of malicious html requests or scripts in the context of an authenticated user. These issues are caused due to the vulnerable parameters ?startat? and ?entryId?.
b434568623c4c0e8cf4b56bd01b7005b5a5a3db80d070310d5419ca3eebed85eDocumentum WDK based clients may be vulnerable to multiple CSRF vulnerabilities. A malicious unauthenticated attacker can potentially leverage this vulnerability to trick authenticated users of the application to click on specially-crafted links that are embedded within an email, web page or other source and perform Docbase operations with that user privileges.
4df293103cd5f8c60c8784e2a3ef3a2ec090d9c792323de73f9429bdd73c182eUbuntu Security Notice 2232-4 - USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem.
67e0e8644e9b976275e227eeae25d58569e1a29be71eb344aa1092fdbe47be4dDebian Linux Security Advisory 3006-1 - Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service.
022c7dacd6753366685e6693c5aeb3e32a9dce17c24badf0fc135994da1dfee0Apache HttpComponents (prior to revision 4.3.5/4.0.2) may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used.
889514603cc555b13c01e72b05be1ebefa0cbf2ff89b15aa2ff8b3f9c2602bf1Red Hat Security Advisory 2014-1073-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain Names in Applications hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. In addition, the nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2, which provides a number of bug fixes and enhancements over the previous versions.
03bc1e998b88732356d3e9bf36b37a5c3c6517bf7c5512470a4b2b29f352b83a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed