Debian Linux Security Advisory 2963-1 - Multiple vulnerabilities were found in Solr, an open source enterprise search server based on Lucene, resulting in information disclosure or code execution.
3226bb057733365b0ea15b5668653bc6949b848105b6f6682ec03fe9ea85782bDebian Linux Security Advisory 2962-1 - Abhiskek Arya discovered an out of bounds write in the cvt_t() function of the NetScape Portable Runtime Library which could result in the execution of arbitrary code.
8ae3868fe8152a96118f4b1e810a8b6126eb04436554c9e5c1037d8e4a07a310HP Security Bulletin HPSBMU03048 - A potential security vulnerability has been identified with HP Executive Scorecard. The vulnerability could be exploited remotely to allow remote code execution and directory traversal. Revision 1 of this advisory.
213e14c884fc213da0fdb80f32a44b94ce6dd87743ec5983bcf3445557d1422eHP Security Bulletin HPSBUX03046 SSRT101590 2 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access. Revision 2 of this advisory.
82b711db58c11d9acdbe01d1244f27e7cce6fb0f760c5bd171d01059147203d5Ubisoft Rayman Legends version 1.2.103716 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a memset() boundary error in the processing of incoming data thru raw socket connections on TCP port 1001, which can be exploited to cause a stack based buffer overflow by sending a long string of bytes on the second connection. Successful exploitation could allow execution of arbitrary code on the affected node.
71391cda216f22eb5ea2ceed3fe0654826cc8437d19457f4b2403e070cbbf860Ubuntu Security Notice 2247-1 - Darragh O'Reilly discovered that OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. Bernhard M. Wiedemann and Pedraig Brady discovered that OpenStack Nova did not properly verify the virtual size of a QCOW2 images. A remote authenticated attacker could exploit this to create a denial of service via disk consumption. This issue did not affect Ubuntu 14.04 LTS. Various other issues were also addressed.
c061c326f8e2fd51cf3da4f0196f40f3e8ce883bba777d9e41fe4665ea5c141aUbuntu Security Notice 2246-1 - Jakub Wilk discovered that APT did not correctly validate signatures when downloading source packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered source packages.
02149d90e10050b8b15bd3bf795cc65698917322da68d3c7a2d6fb0cd74529c6ZTE WXV10 W300 suffers from suffers from backup disclosure, cross site request forgery, denial of service, and file disclosure vulnerabilities.
3b6602fb3def8dbbee56c271ace4a69b13e376896e28039dcb7457677213450eBarracudaDrive version 6.7.2 suffers from cross site scripting vulnerabilities in the administrative panel.
5c6c8a50ef195216ce00593e8168ec1c27fc28b8f6fa774cc26bd199c3f20acbZabbix versions 1.8.x through 2.2.x suffer from an XML external entity attack vulnerability.
58c8a52d7fba50ef0b5bff2b0868272d62ff90398c6d604f69d6a653058e7dcdClam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
d3006747abcf750f395a8bfa8267ab314c7b63196c4b41e7717948aaaafa3e1cThis Metasploit module abuses several directory traversal flaws in Rocket Servergraph Admin Center for Tivoli Storage Manager. The issues exist in the fileRequestor servlet, allowing a remote attacker to write arbitrary files and execute commands with administrative privileges. This Metasploit module has been tested successfully on Rocket ServerGraph 1.2 over Windows 2008 R2 64 bits, Windows 7 SP1 32 bits and Ubuntu 12.04 64 bits.
6e5d60b2a820df1fa23141aca83b453d17a395a8fac173dda8ddc42205721c6fUbuntu Security Notice 2214-3 - USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a number of regressions. This update fixes the problem. Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. Various other issues were also addressed.
b8ca3b18f9831d34c0464420a76c23b14a760faa58fe6f074b4b06d29b558801Debian Linux Security Advisory 2961-1 - It was discovered that PHP, a general-purpose scripting language commonly used for web application development, is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.
946b22608c26f85311d93ae2c51a26d572a981793976824e42be9b3507f437beDebian Linux Security Advisory 2950-2 - This update updates the upstream fix for CVE-2014-0224 to address problems with CCS which could result in problems with the Postgres database.
f151f5f5f15dae8af04e0f433f6ad6ef33c50c6d4e2928146538a0f0cb46b400Gentoo Linux Security Advisory 201406-17 - Multiple vulnerabilities have been found in Adobe Flash Player, worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.378 are affected.
63b09a8eb3d0f4e8d7b16baa8c238f63b29aa9870472b974cfe306e898b67d31
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed