PT-2014-2029 · Microsoft · Windows 8 +9

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 Description: The issue is related to errors in code generation...

FreeBSD : mozilla -- multiple vulnerabilities (9c1495ac-8d8c-4789-a0f3-8ca6b476619c)

The Mozilla Project reports : MFSA 2014-74 Miscellaneous memory safety hazards rv:33.0 / rv:31.2 MFSA 2014-75 Buffer overflow during CSS manipulation MFSA 2014-76 Web Audio memory corruption issues with custom waveforms MFSA 2014-78 Further uninitialized memory use during GIF MFSA 2014-79...

[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-020: SAP Business Objects Denial of Service via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to completely shut down the SAP Business...

[Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-031: SAP Business Objects Information Disclosure via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to obtain information about the syst...

Microsoft Windows OLE Remote Code Execution (MS14-060; CVE-2014-4114; CVE-2014-6352)

A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...

Microsoft Internet Explorer Title attribute Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-020: SAP Business Objects Information Disclosure 1. Impact on Business ===================== A malicious user can discover information relating to valid users using a vulnerable Business Objects Enterprise instance. This...

[SECURITY] Fedora 19 Update: perl-Data-Dumper-2.154-1.fc19

Given a list of scalars or reference variables, writes out their contents in perl syntax. The references can also be objects. The content of each variable is output in a single Perl statement. Handles self-referential structures correctly...

PT-2014-5283 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco ASA Software versions 8.2 through 8.25.50 Cisco ASA Software versions 8.3 through 8.32.41 Cisco ASA Software versions 8.4 through 8.47.22 Cisco ASA Software versions 8.6 through 8.61.13 Cisco ASA Software versions 9.0 through 9.04.23...

PYSEC-2014-34

uidcatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL...

PYSEC-2014-43

atdownload.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs Files and Images stored on custom content types via a crafted URL...

CVE-2012-5492

Plone uid_catalog.py vulnerability: affects Plone before 4.2.3 and 4.3 before beta 1; remote attacker can obtain metadata about hidden objects via a crafted URL. Mitigation is to upgrade to Plone 4.2.3+ (or 4.3 beta1+ per advisories).

CVE-2012-5492

uidcatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL...

[SECURITY] Fedora 20 Update: kstars-4.14.1-1.fc20

KStars is a Desktop Planetarium. It provides an accurate graphical simulation of the night sky, from any location on Earth, at any date and time. The display includes up to 100 million stars, 13,000 deep-sky object s, all 8 planets, the Sun and Moon, and thousands of comets and asteroids...

[SECURITY] Fedora 20 Update: libkolab-0.5.2-1.fc20

The libkolab library is an advanced library to handle Kolab objects...

[SECURITY] Fedora 20 Update: perl-Email-Address-1.905-1.fc20

This class implements a regex-based RFC 2822 parser that locates email addresses in strings and returns a list of Email::Address objects found. Alternatively you may construct objects manually. The goal of this software is to be correct, and very very fast...

[SECURITY] Fedora 20 Update: rubygem-activerecord-4.0.0-5.fc20

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

[SECURITY] Fedora 19 Update: perl-Email-Address-1.905-1.fc19

This class implements a regex-based RFC 2822 parser that locates email addresses in strings and returns a list of Email::Address objects found. Alternatively you may construct objects manually. The goal of this software is to be correct, and very very fast...

Denial Of Service (DoS)

node is vulnerable to denial of service. Improper processing of a V8 garbage collection from a V8 interrupt allows remote attackers to cause high memory consumption leading to a denial of service condition via deep JSON objects which allows the interrupt to mask an overflow of the program stack...

Gallery Objects <= 0.4 - SQL Injection

The gallery-objects WordPress plugin was affected by a SQL Injection security vulnerability...