Re: [oss-security] CVE-2014-6271: remote code execution through bash

Florian Weimer: Chet Ramey, the GNU bash upstream maintainer, will soon release official upstream patches. http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-017 http://ftp.gnu.org/pub/gnu/bash/bash-3.1-patches/bash31-018 http://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052...

Aztech routers multiple security vulnerabilities

DoS, unauthorized access, information leakage...

Apple Safari / Webkit multiple security vulnerabilities

Unsafe passwords autofill, unsafe cache handling, multiple memory corruptions...

AST-2014-009: Remote crash based on malformed SIP subscription requests

Asterisk Project Security Advisory - AST-2014-009 Product Asterisk Summary Remote crash based on malformed SIP subscription requests Nature of Advisory Remotely triggered crash of Asterisk Susceptibility Remote authenticated sessions Severity Major Exploits Known No Reported On 30 July, 2014...

ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities

ESA-2014-091.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities EMC Identifier: ESA-2014-091 CVE Identifier: CVE-2014-4621, CVE-2014-4622 Severity Rating: CVSS v2 Base Score: See below for individual scores f...

Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity XXE Flaw Release Date: 2014-09-17 Application: Apple iOS...

[SECURITY] [DSA 3027-1] libav security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3027-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 17, 2014 http://www.debian.org/security/faq -...

libav / ffmpeg memory corruption

Memory corruption on FFV1 decoding...

AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations

Asterisk Project Security Advisory - AST-2014-010 Product Asterisk Summary Remote crash when handling out of call message in certain dialplan configurations Nature of Advisory Remotely triggered crash of Asterisk Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Report...

Multiple Vulnerabilities with Aztech Modem Routers

PRODUCT DESCRIPTION The Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN 1T1R Shipped with Globe Telec...

Asterisk security vulnerabilities

Few DoS conditions...

FreeBSD Security Advisory FreeBSD-SA-14:19.tcp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:19.tcp Security Advisory The FreeBSD Project Topic: Denial of Service in TCP packet processing Category: core Module: inet Announced: 2014-09-16 Credits:...

FreeBSD tcp DoS

It's possible to tear down connection without knowing sequence number...

Apple iOS multiple security vulnerabilities

Weak authentication, unauthorized access, information leakage, race conditions, protection bypass, memory corruptions on different formats parsing, XXE...

APPLE-SA-2014-09-17-2 Apple TV 7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-2 Apple TV 7 Apple TV 7 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi...

Apple TV multiple security vulnerabilities

Weak authentication, unauthorized access, information leakage, race conditions, protection bypass, memory corruptions on different formats parsing...

APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1 Safari 6.2 and Safari 7.1 are now available and address the following: Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: An attacker with a privileged network position may...

APPLE-SA-2014-09-17-5 OS X Server 3.2.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-5 OS X Server 3.2.1 OS X Server 3.2.1 is now available and addresses the following: CoreCollaboration Available for: OS X Mavericks v10.9.5 or later Impact: A remote attacker may be able to execute arbitrary SQL queries Description...

APPLE-SA-2014-09-17-6 OS X Server 2.2.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-6 OS X Server 2.2.3 OS X Server 2.2.3 is now available and addresses the following: CoreCollaboration Available for: OS X Mountain Lion v10.8.5 Impact: A remote attacker may be able to execute arbitrary SQL queries Description: A S...

APPLE-SA-2014-09-17-1 iOS 8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-1 iOS 8 iOS 8 is now available and addresses the following: 802.1X Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: An attacker can obtain WiFi credentials Description: An attacker...

[USN-2348-1] APT vulnerabilities

========================================================================== Ubuntu Security Notice USN-2348-1 September 16, 2014 apt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004 OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following: apachemodphp Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple...

Apple Mac OS X / OS X Server multiple security vulnerabilities

Privilege escalation, multiple memory corruptions on different formats parsing, information leakage, DoS, protection bypass, multiple vulnerabilities in 3rd parties components...

[SECURITY] [DSA 3026-1] dbus security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3026-1 [email protected] http://www.debian.org/security/ Florian Weimer September 16, 2014 http://www.debian.org/security/faq -...

Microsoft Windows multiple security vulnerabilities

Windows Media Center use-after-free, drivers privilege escalation, .Net restriction bypass and DoS, LRPC restriction bypass, Windows Installer service privilege escalation, Internet Explorer multiple security vulnerabilities, Task Scheduler privilege escalation...

PHP security vulnerabilities

Fileinfo and phpparserr buffer overflows. GD poisoned NULL byte vulnerability...

procmail buffer overflow

Buffer overflow on mail headers parsing...

Microsoft SharePoint Server privilege escalation

Code execution in another user's context...

Apache Tomcat security vulnerabilities

Code execution, DoS...

HP Network Node Manager I code execution

No description provided...

Microsoft OneNote memory corruption

Memory corruption on OneNote files parsing...

Microsoft Lync multiple security vulnerabilities

Information disclosure, DoS...

[security bulletin] HPSBMU03075 rev.1 - HP Network Node Manager I (NNMi) for Windows and Linux, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04378450 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04378450 Version: 1 HPSBMU03075 rev....

[SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4444 Remote Code Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 7.0.0 to 7.0.39 Description: In very limited circumstances, it was possible for an attacker to upload a malicious JSP t...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Memory corruptions, local files access...

apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error

Title: Client-based DoS for Apache Tomcat on sending cookie with value out of 0x80 - 0xff scope. Author: Elar Lang @elarlang https://www.linkedin.com/in/elarlang Date: 02. January 2014 / 05. September 2014 Vendor: Apache Product: Tomcat Affected versions at least: 7.0.26 7.0.39 7.0.40 Timeline: 1...

[USN-2339-1] GnuPG vulnerability

========================================================================== Ubuntu Security Notice USN-2339-1 September 03, 2014 gnupg vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

GnuPG / libcrypt information leakage

ElGamal subkeys can be leaked via side-channel...

[USN-2344-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2344-1 September 10, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[SECURITY] [DSA 3020-1] acpi-support security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3020-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 10, 2014 http://www.debian.org/security/faq -...

acpi-support privilege escalation

Race conditions, memory corruption...

Microsoft SQL Server multiple security vulnerabilities

XSS, stack overrun...

Uninit memory disclosure via truncated images in Firefox

Yello, The recent release of Firefox 32 fixes another interesting image parsing issue found by afl 1: following a refactoring of memory management code, the past few versions of the browser ended up using uninitialized memory for certain types of truncated images, which is easily measurable with ...

[USN-2340-1] procmail vulnerability

========================================================================== Ubuntu Security Notice USN-2340-1 September 04, 2014 procmail vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

[SECURITY] [DSA 3022-1] curl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3022-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez September 10, 2014 http://www.debian.org/security/faq -...

libcurl information leakage

Cookie can be leaked to wrong site...

Cisco Unified Computing System E DoS

SSH DoS in built in management controller...

IBM WebSphere Application Server XSS

Integrated Solutions Console crossite scripting...

ppp privilege escalation

Access to privileged options is possible...

IBM WebSphere Application Server (WAS) Integrated Solutions Console Login Page username Parameter Reflected XSS Security Vulnerability

INFO: Class: Input Validation Error CVE: Remote: Yes Local: No Published: Aug 27 2014 12:00AM Updated: Aug 27 2014 12:00AM Credit: G. S. McNamara, CGI Federal Emerging Technologies Security Practice ETSP Vulnerable: IBM WebSphere Application Server WAS Integrated Solutions Console 7.0.0.19...