HP Security Bulletin HPSBUX02963 SSRT101297 2 - A potential security vulnerability has been identified with HP-UX's m4(1) macro processor command. The vulnerability could be exploited locally resulting in unauthorized access. Revision 2 of this advisory.
59c2099bd84ba67d08b22cdb56812971e7ee08d98025ea91319d22b2fd53b979Onapsis Security Advisory - An information disclosure exists in SAP Software Lifecycle Manager. SAP Solution Manager version 7.1 is affected.
66175ddf4ff1b483f9589574588c2c2d8333d5951f8f26a85a6a946dc17690beTRENDnet TEW-634GRU version 1.00.23 suffers from local file disclosure, router crash, and privilege escalation vulnerabilities.
38342dcf82a4e158add2c032f5e76a186438778accbb57fe5bb4c316489090c3NTP ntpd monlist query reflection denial of service exploit.
fc458431c984a824aac0863ef7422ed300c3dc830b42f819b52b5db6f76ba518McAfee ePolicy Owner (ePowner) version 0.1 is an exploit that can add an administrative user to McAfee ePolicy Orchestrator as well as execute arbitrary commands on versions 4.6.0 through 4.6.5.
0d651b0edd706e44bde243c2797b7f496490b9316136b12f61d3d2aa3d0e1523Symantec Endpoint Protection Manager version 12.1.2015.2015 SEH overflow proof of concept exploit.
8bee128e1781c61bead3c3b0efa4f85a7a42194ff51d0beaf8d2d0e973d01216HP Security Bulletin HPSBMU03022 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 1 of this advisory.
7c7a616ea0bc1d238574c012deee840077e6027ee20c991b2e71a95cc720bf18HP Security Bulletin HPSBMU03025 - A potential security vulnerability has been identified in HP Diagnostics running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
347c3c86c55fb210fc9799ac5fef38c3c769fb03d47928b50b4baa56fdb9121fHP Security Bulletin HPSBGN03010 2 - A potential security vulnerability has been identified in HP Software Server Automation running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.
5d03cfbf9506cfa5ffba29cb25add2ed339e9a76c30ccf4b7e8a326e25adf64bHP Security Bulletin HPSBMU02995 6 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol.
a16128da2b79c4167b73519c5aa603028d61b3670cd39f820ab4f7d536462f45Debian Linux Security Advisory 2917-1 - John Lightsey of the Debian Security Audit project discovered that the super package did not check for setuid failures, allowing local users to increase the privileges on kernel versions which do not guard against RLIMIT_NPROC attacks.
e0476131e071183f506462ecceda9739dfc04884d9904a2c1bdd34573468feaeDebian Linux Security Advisory 2916-1 - Alex Chapman discovered that a buffer overflow in processing "MMS over HTTP" messages could result in the execution of arbitrary code.
b98c02efa33ad151d06db39badeaf7597e398a418c2631e736133f390348bf39Debian Linux Security Advisory 2915-1 - Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package - leading to the creation of files outside the directory of the source being unpacked.
859d36f5c8dbbb0f25181d9f7ae180b3b816a16350c962858405417b686e0242Red Hat Security Advisory 2014-0441-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.
76d13db51b4045a6c0f2480a10421f2b9d3e34717be95ac5e1153a50ab90035bRed Hat Security Advisory 2014-0440-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.
8a92a7112ff8929cffa301f60b1e4e60c37e9603b197a23ec374b5be691ea107Red Hat Security Advisory 2014-0439-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A denial of service flaw was found in the way the Linux kernel's IPv6 implementation processed IPv6 router advertisement packets. An attacker able to send a large number of RA packets to a target system could potentially use this flaw to crash the target system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system.
2b623200e0a9ae6450a12d72a8175b17fe8b289abc75e214b50cd7e3b3ee735bDebian Linux Security Advisory 2913-1 - An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.
d394e08c70f78f10ec9cd82c86a33e9f0cbfa6cc31f0ca140dbf37e345337995Debian Linux Security Advisory 2914-1 - An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.
246d8804c5c7645744ef8f11ef9cd8acadbd918b3d44f0b1af1fb7a5b3520249Ubuntu Security Notice 2182-1 - Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net MAC addresses. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Various other issues were also addressed.
9700f1e369f6c75392ba440defb4087b4a9b1b71d9338c9338c67279882a6a1eUbuntu Security Notice 2183-1 - Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
8d3851678414f8bc3ad88106e10038b6b01d7a3dd84c9b1c2b73fac8076b184fCells Blog version 3.4 suffers from a cross site scripting vulnerability.
ac38eaafb762b8cd9ec3b83028d2896357b2d5a6ff887d5e608437f19de3ff8eTILT is a tool written in python that performs simple recon jobs against a given host.
7650ecfc159019f337cfedb9c433953f434bc3023e343c316fa0f81082d2e29aCalendarScript version 3.2.1 suffers from a remote password disclosure vulnerability. Note that this finding houses site-specific data.
2e13799d7288e78b76f6fa3dbafdf7e565429515f7fc0f98fd86950948824f2dAdem version 0.5.1 suffers from a local file inclusion vulnerability.
5490331b8db5b36ceac02b07263b7087277af584b62dbd78bccb2cfc1a49abbcKmplayer versions 3.8.0.122 and 3.8.0.123 suffer from a dll hijacking vulnerability.
4f4e9badb8f84d790e98982d772cc340148cbc9c1495f5667c8e623b4e81ca66
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed