Security: Wrong security context loaded when using SAML2 STS Login Module

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...

Security: Wrong security context loaded when using SAML2 STS Login Module

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...

UBUNTU-CVE-2014-9322

arch/x86/kernel/entry64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment SS segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)

This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 bnc887530 - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : -...

Activity stream on JAC contains updates from another user

Jira prompted me to change my time zone, and brought me to a profile that seems to be for a completely different user who happens to share my first name and last initial. See attached screen shot. Going directly to https://secretlocation.atlassian.net/secure/ViewProfile.jspa shows me the proper...

Activity stream on JAC contains updates from another user

Jira prompted me to change my time zone, and brought me to a profile that seems to be for a completely different user who happens to share my first name and last initial. See attached screen shot. Going directly to https://secretlocation.atlassian.net/secure/ViewProfile.jspa shows me the proper...

libcurl information leakage

Cookie can be leaked to wrong site...

openSUSE Security Update : apache2-mod_fcgid (openSUSE-SU-2011:0884-1)

A possible stack overflow in apache2-modfcgid due to wrong pointer arithmetic has been fixed. CVE-2010-3872 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

CVE-2014-3956

The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program...

SuSE 11.3 Security Update : curl (SAT Patch Number 9133)

This curl update fixes the following security issues : - wrong re-use of connections. CVE-2014-0138. bnc868627 - IP address wildcard certificate validation. CVE-2014-0139. bnc868629 - --insecure option inappropriately enforcing security safeguard. bnc870444 %NASLMINLEVEL 70300 C Tenable Network...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-6795. Reason: This candidate is a duplicate of CVE-2013-6795. A typo in an external publication caused this ID to be associated with the wrong vulnerability. Notes: All CVE users should reference CVE-2013-6795 instead of this...

[SECURITY] [DSA 2902-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2902-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 13, 2014 http://www.debian.org/security/faq -...

CURL-CVE-2014-0138 wrong reuse of connections

libcurl can in some circumstances reuse the wrong connection when asked to do transfers using other protocols than HTTP and FTP. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

Icinga -- buffer overflow in classic web interface

The Icinga Team reports: Wrong strlen check against MAXINPUTBUFFER without taking '\0' into account...

SuSE 11.2 / 11.3 Security Update : curl (SAT Patch Numbers 8796 / 8797)

This update fixes the re-use of wrong HTTP NTLM connections in libcurl. CVE-2014-0015 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc...

CVE-2013-5596

The cycle collection CC implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial ...

Evolution / libcamel messages encryption vulnerabilities

Under some conditions messages are encrypted with wrong key...

UBUNTU-CVE-2013-4300

The scmcheckcreds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing...

Google Mail - Mail Encoding & Filter Validation Vulnerability

Document Title: =============== Google Mail - Mail Encoding & Filter Validation Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1051 View: http://www.youtube.com/watch?v=ZQJPgLQ1wcU Release Date: ============= 2013-08-15 Vulnerability Laboratory ID VL-ID:...

Google Mail - Mail Encoding & Filter Validation Vulnerability

Document Title: =============== Google Mail - Mail Encoding & Filter Validation Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1051 View: http://www.youtube.com/watch?v=ZQJPgLQ1wcU Release Date: ============= 2013-08-15 Vulnerability Laboratory ID VL-ID:...