47153 matches found
[SECURITY] [DSA 2981-1] polarssl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2981-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso July 18, 2014 http://www.debian.org/security/faq -...
PolarSSL DoS
DoS on GCM cypher...
[security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04369484 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04369484 Version: 1 HPSBHF02913 rev....
[USN-2293-1] CUPS vulnerability
========================================================================== Ubuntu Security Notice USN-2293-1 July 21, 2014 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-002 Publication Date: 2014-07-18 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt 1. Vulnerability Details Affected Vendor: Microsoft Affected Product: Bluetooth...
[security bulletin] HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04281279 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04281279 Version: 1 HPSBST03039 rev....
Cisco Wireless Residential Gateway code execution
Code execution via web interface...
[USN-2279-1] Transmission vulnerability
========================================================================== Ubuntu Security Notice USN-2279-1 July 16, 2014 transmission vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
DoS via fail2ban
Invalid logs parsing allows to ban arbitrary hosts...
HP Storage Data Protector code execution
No description provided...
Citrix NetScaler security vulnerabilities
Information leak, XSS...
Barracuda Networks Message Archiver 650 code execution
Code execution via web interface...
OpenVPN Access Server CSRF
XML-RPC interface CSRF...
Bitdefender GravityZone multiple security vulnerabilities
Unauthorized access, authentication bypass...
ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability
ESA-2014-074.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability EMC Identifier: ESA-2014-074 CVE Identifier: CVE-2014-2519 Severity Rating: CVSS v2 Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P Affected products: • EMC...
Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703)
Document Title: =============== Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 https://www.barracuda.com/support/knowledgebase/501600000013lXe Barracuda Networks...
SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-1 ======================================================================= title: Remote Code Execution via CSRF product: OpenVPN Access Server "Desktop Client" vulnerable version: all fixed...
[SECURITY] [DSA 2979-1] fail2ban security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2979-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 17, 2014 http://www.debian.org/security/faq -...
perl LWP::Protocol::https certificates check vulnerability
Certificate check is completely disabled if hostname check was disabled...
EMC RecoverPoint Appliance restrictions bypass
Access to arbitrary ports is not restricted...
SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-2 ======================================================================= title: Multiple vulnerabilities product: Citrix NetScaler Application Delivery Controller Citrix NetScaler Gateway...
SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-3 ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: 5.1.11.432 fixed version:...
[USN-2292-1] LWP::Protocol::https vulnerability
========================================================================== Ubuntu Security Notice USN-2292-1 July 17, 2014 liblwp-protocol-https-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014)
VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass Pwn2Own 2014 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as...
VUPEN Security Research - Microsoft Windows "DirectShow" Privilege Escalation Vulnerability (Pwn2Own 2014)
VUPEN Security Research - Microsoft Windows "DirectShow" Local Privilege Escalation Vulnerability Pwn2Own 2014 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user...
transmission memory corruption
Memory corruption on bittorrent packets parsing...
Oracle / Sun / PeopleSoft / MySQL applications security vulnerabilities
Over 100 vulnerabilities in different applications are fixed in quarterly update...
VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog()" Sandbox Bypass (Pwn2Own 2014)
VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog" Protected Mode Sandbox Bypass Pwn2Own 2014 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and...
Microsoft Windows multiple security vulnerabilities
RDP weak encryption, TCP DoS, XML libraries information leakage, graphics libraries memory corruptions, Windows Journal memory corruptions, virtual keyboard privilege escalation, ADF privilege escalation, DirectoShow privilege escalation, Microsoft Service Bus DoS, multiple Internet Explorer...
KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
Title: Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-001 Publication Date: 07.15.2014 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-001.txt 1. Vulnerability Details Affected Vendor: Oracle Affected Product: VirtualBox...
VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014)
VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption Pwn2Own 2014 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the...
[security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04373818 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04373818 Version: 1 HPSBMU03072...
Linux kernel multiple security vulnerabilities
Kernel memory content leak via mediaenumentities and rdmcp IOCTL, DoS, privilege escalations...
[USN-2289-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2289-1 July 17, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
[oss-security] CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets
CVE-2014-4943 is a flaw in the Linux kernel allowing an unprivileged user to escalate to kernel privilege when CONFIGPPPOL2TP is enabled. If built as a module, a work-around to limit this to just the root user would be to add this to /etc/modprobe.conf: alias pppox-proto-1 off blacklist l2tpppp...
FreeBSD Security Advisory FreeBSD-SA-14:17.kmem
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:17.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in control messages and SCTP notifications Category: core Module: kern, sctp...
FreeBSD information leakage
SCTP calls information leakage...
[oss-security] CVE request: python: _json module is vulnerable to arbitrary process memory read
Hello, It was reported 1 that Python built-in json module have a flaw insufficient bounds checking, which allows a local user to read current process' arbitrary memory. From initial bug report 1: ... The sole prerequisites of this attack are that the attacker is able to control or influence the t...
Microsoft Lync information leakage
Cross application scripting...
file / PHP multiple security vulnerabilities
Memroy corruptions, DoS, information leakage...
[USN-2276-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2276-1 July 09, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
Microsoft Word memory corruption
Memory corruption on embedded fonts parsing...
[oss-security] CVE ID Request for Python CGIHTTPServer File Disclosure
Hi, I would like to request a CVE ID for a file disclosure vulnerability in the Python CGIHTTPServer class. Current details are available in the Python bug tracker: http://bugs.python.org/issue21766 Kind Regards Till -- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49...
[oss-security] LMS-2014-07-07-1: python-lz4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello All, Please find the bug report for python-lz4 attached below. Steeve Morin @steeve, the maintainer of the python-lz4 package, has been great to work with. He worked quickly to get the package up to date by this morning. Thanks, Don A. Bailey...
glibc protection bypass
It may be possible to bypass some restriction because of incorrect .. seqence processing in locale related functions...
[ MDVSA-2014:129 ] ffmpeg
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:129 http://www.mandriva.com/en/support/security/ Package : ffmpeg Date : July 9, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in ffmpeg:...
ffmpeg / libav multiple security vulnerabilities
Integer overflows, memory corruptions, buffer overflows, etc...
[SECURITY] [DSA 2976-1] eglibc security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2976-1 [email protected] http://www.debian.org/security/ Florian Weimer July 10, 2014 http://www.debian.org/security/faq -...
python security vulnerabilities
json information leak, CGIHTTPServer unauthroized files access and code execution, lz4 integer overflow...
[oss-security] CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem
Description of the problem: For a TCP-style socket, while processing the COOKIEECHO chunk in sctpsfdo51Dce, after it has passed a series of sanity check, a new association would be created in sctpunpackcookie, but afterwards, some processing maybe failed, and sctpassociationfree will be called to...