47153 matches found
[USN-2362-1] Bash vulnerability
========================================================================== Ubuntu Security Notice USN-2362-1 September 24, 2014 bash vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Asterisk security vulnerabilities
Few DoS conditions...
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity XXE Flaw Release Date: 2014-09-17 Application: Apple iOS...
APPLE-SA-2014-09-17-1 iOS 8
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-1 iOS 8 iOS 8 is now available and addresses the following: 802.1X Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: An attacker can obtain WiFi credentials Description: An attacker...
libav / ffmpeg memory corruption
Memory corruption on FFV1 decoding...
AST-2014-009: Remote crash based on malformed SIP subscription requests
Asterisk Project Security Advisory - AST-2014-009 Product Asterisk Summary Remote crash based on malformed SIP subscription requests Nature of Advisory Remotely triggered crash of Asterisk Susceptibility Remote authenticated sessions Severity Major Exploits Known No Reported On 30 July, 2014...
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004 OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following: apachemodphp Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple...
Apple Safari / Webkit multiple security vulnerabilities
Unsafe passwords autofill, unsafe cache handling, multiple memory corruptions...
FreeBSD tcp DoS
It's possible to tear down connection without knowing sequence number...
Multiple Vulnerabilities with Aztech Modem Routers
PRODUCT DESCRIPTION The Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN 1T1R Shipped with Globe Telec...
FreeBSD Security Advisory FreeBSD-SA-14:19.tcp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:19.tcp Security Advisory The FreeBSD Project Topic: Denial of Service in TCP packet processing Category: core Module: inet Announced: 2014-09-16 Credits:...
Apple TV multiple security vulnerabilities
Weak authentication, unauthorized access, information leakage, race conditions, protection bypass, memory corruptions on different formats parsing...
[SECURITY] [DSA 3027-1] libav security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3027-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 17, 2014 http://www.debian.org/security/faq -...
APPLE-SA-2014-09-17-2 Apple TV 7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-2 Apple TV 7 Apple TV 7 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi...
[USN-2348-1] APT vulnerabilities
========================================================================== Ubuntu Security Notice USN-2348-1 September 16, 2014 apt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities
ESA-2014-091.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities EMC Identifier: ESA-2014-091 CVE Identifier: CVE-2014-4621, CVE-2014-4622 Severity Rating: CVSS v2 Base Score: See below for individual scores f...
[SECURITY] [DSA 3026-1] dbus security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3026-1 [email protected] http://www.debian.org/security/ Florian Weimer September 16, 2014 http://www.debian.org/security/faq -...
AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations
Asterisk Project Security Advisory - AST-2014-010 Product Asterisk Summary Remote crash when handling out of call message in certain dialplan configurations Nature of Advisory Remotely triggered crash of Asterisk Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Report...
APPLE-SA-2014-09-17-5 OS X Server 3.2.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-5 OS X Server 3.2.1 OS X Server 3.2.1 is now available and addresses the following: CoreCollaboration Available for: OS X Mavericks v10.9.5 or later Impact: A remote attacker may be able to execute arbitrary SQL queries Description...
Aztech routers multiple security vulnerabilities
DoS, unauthorized access, information leakage...
APPLE-SA-2014-09-17-6 OS X Server 2.2.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-6 OS X Server 2.2.3 OS X Server 2.2.3 is now available and addresses the following: CoreCollaboration Available for: OS X Mountain Lion v10.8.5 Impact: A remote attacker may be able to execute arbitrary SQL queries Description: A S...
Apple iOS multiple security vulnerabilities
Weak authentication, unauthorized access, information leakage, race conditions, protection bypass, memory corruptions on different formats parsing, XXE...
APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1 Safari 6.2 and Safari 7.1 are now available and address the following: Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: An attacker with a privileged network position may...
Apple Mac OS X / OS X Server multiple security vulnerabilities
Privilege escalation, multiple memory corruptions on different formats parsing, information leakage, DoS, protection bypass, multiple vulnerabilities in 3rd parties components...
Microsoft SharePoint Server privilege escalation
Code execution in another user's context...
Microsoft Lync multiple security vulnerabilities
Information disclosure, DoS...
[USN-2344-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2344-1 September 10, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error
Title: Client-based DoS for Apache Tomcat on sending cookie with value out of 0x80 - 0xff scope. Author: Elar Lang @elarlang https://www.linkedin.com/in/elarlang Date: 02. January 2014 / 05. September 2014 Vendor: Apache Product: Tomcat Affected versions at least: 7.0.26 7.0.39 7.0.40 Timeline: 1...
Uninit memory disclosure via truncated images in Firefox
Yello, The recent release of Firefox 32 fixes another interesting image parsing issue found by afl 1: following a refactoring of memory management code, the past few versions of the browser ended up using uninitialized memory for certain types of truncated images, which is easily measurable with ...
PHP security vulnerabilities
Fileinfo and phpparserr buffer overflows. GD poisoned NULL byte vulnerability...
Microsoft OneNote memory corruption
Memory corruption on OneNote files parsing...
[SECURITY] [DSA 3022-1] curl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3022-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez September 10, 2014 http://www.debian.org/security/faq -...
[USN-2339-1] GnuPG vulnerability
========================================================================== Ubuntu Security Notice USN-2339-1 September 03, 2014 gnupg vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[SECURITY] [DSA 3020-1] acpi-support security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3020-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 10, 2014 http://www.debian.org/security/faq -...
acpi-support privilege escalation
Race conditions, memory corruption...
procmail buffer overflow
Buffer overflow on mail headers parsing...
[SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4444 Remote Code Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 7.0.0 to 7.0.39 Description: In very limited circumstances, it was possible for an attacker to upload a malicious JSP t...
GnuPG / libcrypt information leakage
ElGamal subkeys can be leaked via side-channel...
HP Network Node Manager I code execution
No description provided...
Apache Tomcat security vulnerabilities
Code execution, DoS...
Microsoft SQL Server multiple security vulnerabilities
XSS, stack overrun...
[USN-2340-1] procmail vulnerability
========================================================================== Ubuntu Security Notice USN-2340-1 September 04, 2014 procmail vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
[security bulletin] HPSBMU03075 rev.1 - HP Network Node Manager I (NNMi) for Windows and Linux, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04378450 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04378450 Version: 1 HPSBMU03075 rev....
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Memory corruptions, local files access...
libcurl information leakage
Cookie can be leaked to wrong site...
Microsoft Windows multiple security vulnerabilities
Windows Media Center use-after-free, drivers privilege escalation, .Net restriction bypass and DoS, LRPC restriction bypass, Windows Installer service privilege escalation, Internet Explorer multiple security vulnerabilities, Task Scheduler privilege escalation...
Cisco Unified Computing System E DoS
SSH DoS in built in management controller...
IBM WebSphere Application Server XSS
Integrated Solutions Console crossite scripting...
[ MDVSA-2014:178 ] ppp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:178 http://www.mandriva.com/en/support/security/ Package : ppp Date : September 5, 2014 Affected: Business Server 1.0 Problem Description: Updated ppp packages fix security vulnerability: A vulnerability in...
IBM WebSphere Application Server (WAS) Integrated Solutions Console Login Page username Parameter Reflected XSS Security Vulnerability
INFO: Class: Input Validation Error CVE: Remote: Yes Local: No Published: Aug 27 2014 12:00AM Updated: Aug 27 2014 12:00AM Credit: G. S. McNamara, CGI Federal Emerging Technologies Security Practice ETSP Vulnerable: IBM WebSphere Application Server WAS Integrated Solutions Console 7.0.0.19...