HP Service Manager / HP ServiceCenter multiple security vulnerabilities

Code execution, privilege escalation, information leakage, XSS...

RUCKUS ADVISORY ID 10282013 - User authentication bypass vulnerability in Ruckus Access Point's administrative web interface

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RUCKUS ADVISORY ID 10282013 Customer release date: Oct 28, 2013 Public release date: Nov 28, 2013 TITLE User authentication bypass vulnerability in Ruckus Access Point's administrative web interface SUMMARY An user authentication bypass vulnerability...

[SECURITY] [DSA 2803-1] quagga security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2803-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 26, 2013 http://www.debian.org/security/faq -...

quagga security vulnerabilities

OSPF parsing buffer overflow, BGP DoS...

RUCKUS ADVISORY ID 111113-2: Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers

RUCKUS ADVISORY ID 111113-2 Customer release date: Sep 9, 2013 Public release date: Nov 11, 2013 TITLE Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers SUMMARY A persistent cross site scripting vulnerability has been...

Ruckus protection bypass

It's possible to relay ssh connections without authentication, Web interface authentication bypass, crossite scripting...

nbd privilege escalation

Invalid access control lists processing...

glibc security vulnerabilities

Integer overflows in pvalloc, valloc, posixmemalign/memalign/alignedalloc, invalid PTRMANGLE implementation, getaddrinfo stack overflow, strcolll.c integer overflow and buffer overflow...

Sup-mail commands injection

It's possible to inject commands via filename and Content-Type...

[SECURITY] [DSA 2805-1] sup-mail security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2805-1 [email protected] http://www.debian.org/security/ Luciano Bello November 27, 2013 http://www.debian.org/security/faq -...

RUCKUS ADVISORY ID 111113-1: Authenticated code injection vulnerability in ZoneDirector administrative web interface

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RUCKUS ADVISORY ID 111113-1 Customer release date: Sep 9, 2013 Public release date: Nov 11, 2013 TITLE Authenticated code injection vulnerability in ZoneDirector administrative web interface SUMMARY A vulnerability has been discovered in ZoneDirector...

[USN-2035-1] Ruby vulnerabilities

========================================================================== Ubuntu Security Notice USN-2035-1 November 27, 2013 ruby1.8, ruby1.9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

nginx protection bypass

It's possible to bypass restrictions with "poisoned NUL bute"...

XADV-2013003 Linux Kernel fbdev Driver arcfb_write() Overflow

+----------------------------------------------------------------+ | XADV-2013003 Linux Kernel fbdev Driver arcfbwrite Overflow | +----------------------------------------------------------------+ Vulnerable versions: - linux kernel 3.12 = - linux kernel 2.6.x Testbed: linux kernel 2.6.18 Type:...

XADV-2013007 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow

+--------------------------------------------------------------------+ | XADV-2013007 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow | +--------------------------------------------------------------------+ Vulnerable versions: - linux kernel 2.6.18 = Testbed: ubuntu Type: Local Impact: Mediu...

ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities

ESA-2013-077.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities EMC Identifier: ESA-2013-077 CVE Identifier: CVE-2013-3288, CVE-2009-3555 Severity Rating: See below for individual scores and refer to vendor advisories for...

memcached DoS

Crash on network packet parsing...

XADV-2013006 FreeBSD <= 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs

XADV-2013006 FreeBSD = 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs 1. Overview The qlxge Driver is Qlogic 10Gb Ethernet Driver for Qlogic 8100 Series CNA Adapter 1. The qlxgbe for the QLogic 8300 series of the same ethernet driver. The qlxge/qlxgbe Driver in freebsd = 10...

OpenSSH memory corruption

Memory corruption in AES-GCM implementation...

[SECURITY] [DSA 2802-1] nginx security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2802-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq -...

[USN-2034-1] OpenStack Keystone vulnerability

========================================================================== Ubuntu Security Notice USN-2034-1 November 25, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

MIT Kerberos 5 KDC DoS

NULL pointer dereference on some configurations...

XADV-2013005 FreeBSD 10 <= nand Driver IOCTL Kernel Memory Leak Bug

XADV-2013005 FreeBSD 10 = nand Driver IOCTL Kernel Memory Leak Bug 1. Overview The nand driver in freebsd = 10 has a vulnerability to leak arbitrary kernel memory to the userspace. It's occured at nandioctl kernel function and because no proper initialize the allocated kernel memory. It's the...

Unauthorized console access on Satechi travel router v1.5

Satechi makes a travel router that broadcasts a protected wifi network that can be configured connect to either a wired or wireless network on it’s public wan interface. It runs a customized dd-wrt build from version 2.4 The router is configurable via a web interface available within its protecte...

Satechi Travel Router unauthorized access

Unauthorized access via WAN interface...

Instagram Photo Upload and Flattr Money Redirection Vulnerability

Affected app: Instagram Android/iOS Affected versions: 4.0.2, 4.1.2 and 4.2.7, probably also earlier versions affected. Summary Last year and earlier this year some vulnerabilities in Instagram Android/iOS were discovered, which give an attacker the ability to like and delete photos in the name o...

Samba protection bypass

Restrictions bypass if alternative data streams are allowed...

[ MDVSA-2013:276 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:276 http://www.mandriva.com/en/support/security/ Package : curl Date : November 21, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated curl packages fix security...

FreeBSD Security Advisory FreeBSD-SA-13:14.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:14.openssh Security Advisory The FreeBSD Project Topic: OpenSSH AES-GCM memory corruption vulnerability Category: contrib Module: openssh Announced: 2013-11-19...

Instagram application security vulnerabilities

Protection bypass...

[ MDVSA-2013:274 ] libjpeg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:274 http://www.mandriva.com/en/support/security/ Package : libjpeg Date : November 21, 2013 Affected: Enterprise Server 5.0 Problem Description: Updated libjpeg packages fix security vulnerabilities: A...

[ MDVSA-2013:272 ] poppler

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:272 http://www.mandriva.com/en/support/security/ Package : poppler Date : November 21, 2013 Affected: Business Server 1.0 Problem Description: Updated poppler packages fix security vulnerabilities: Poppler i...

Mozilla nss security vulnerabilities

Buffer overflows, integer overflows, cryptographic vulnerabilities...

XADV-2013008 Linux Kernel 3.11.7 <= sk_attach_filter Kernel Heap Corruption

+-------------------------------------------------------------------------------+ | XADV-2013008 Linux Kernel 3.11.7 = skattachfilter Kernel Heap Corruption | +-------------------------------------------------------------------------------+ Vulnerable versions: - linux kernel 3.11.7 = Testbed:...

[ MDVSA-2013:275 ] krb5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:275 http://www.mandriva.com/en/support/security/ Package : krb5 Date : November 21, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated krb5 package fixes security...

FreeBSD security vulnerabilities

Kernel memory leaks in different drivers...

poppler security vulnerabilities

Buffer overflow, format string vulnerability...

[ MDVSA-2013:280 ] memcached

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:280 http://www.mandriva.com/en/support/security/ Package : memcached Date : November 22, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability was found and corrected...

EMC RSA Data Protection Manager Appliance security vulnerabilities

TLS session renegotiation vulnerability, crossite scripting...

Google Chrome / Chromium multiple security vulnerabilities

Multiple memory corruptions, address bar spoofing, TLS renegatiation vulnerability...

RackSpace Windows Agent update spoofing

Binaries digital signature is not checked...

[SECURITY] [DSA 2801-1] libhttp-body-perl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2801-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 21, 2013 http://www.debian.org/security/faq -...

CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater

A vulnerability in the Rackspace Windows Agent and Updater was discovered that allows for modified Agent binaries to be remotely uploaded without authentication to Rackspace Cloud Server guest instances. Modified Agent binaries are processed as an update for the Agent and arbitrary code can then ...

[ MDVSA-2013:278 ] samba

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:278 http://www.mandriva.com/en/support/security/ Package : samba Date : November 21, 2013 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in samba: Samba 3.x...

HTTP::Body code execution

Unsafe temporary files creation...

[SECURITY] [DSA 2797-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2797-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 16, 2013 http://www.debian.org/security/faq -...

Linux kernel security vulnerabilities

DoS conditions, information leakage, tuntap interface privilege escalation, bt8xx driver privilege escalation, IPv6 ICTP, UDP offload, ipip memory corruptions...

[USN-2012-1] Light Display Manager vulnerability

========================================================================== Ubuntu Security Notice USN-2012-1 November 06, 2013 lightdm vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Cisco TelePresence VX Clinical Assistant unauthorized access

admin password is reset on every reboot...

[USN-2026-1] libvirt vulnerability

========================================================================== Ubuntu Security Notice USN-2026-1 November 11, 2013 libvirt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...