BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 11 min ago

[ MDVSA-2014:217 ] clamav

November 20, 2014 - 6:23am

Posted by security on Nov 20

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:217
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : clamav
Date : November 20, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

ClamAV...
Categories:

[ MDVSA-2014:216 ] php-ZendFramework

November 20, 2014 - 5:04am

Posted by security on Nov 20

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:216
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php-ZendFramework
Date : November 20, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem...
Categories:

[CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow

November 19, 2014 - 1:45pm

Posted by CORE Advisories Team on Nov 19

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Advantech WebAccess Stack-based Buffer Overflow

1. *Advisory Information*

Title: Advantech WebAccess Stack-based Buffer Overflow
Advisory ID: CORE-2014-0010
Advisory URL:
http://www.coresecurity.com/advisories/advantech-webAccess-stack-based-buffer-overflow
Date published: 2014-11-19
Date of last update: 2014-11-19
Vendors contacted: Advantech
Release mode: Coordinated release...
Categories:

[CORE-2014-0008] - Advantech AdamView Buffer Overflow

November 19, 2014 - 1:35pm

Posted by CORE Advisories Team on Nov 19

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Advantech AdamView Buffer Overflow

1. *Advisory Information*

Title: Advantech AdamView Buffer Overflow
Advisory ID: CORE-2014-0008
Advisory URL:
http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow
Date published: 2014-11-19
Date of last update: 2014-11-19
Vendors contacted: Advantech
Release mode: User release

2. *Vulnerability Information*

Class:...
Categories:

[CORE-2014-0009] - Advantech EKI-6340 Command Injection

November 19, 2014 - 1:25pm

Posted by CORE Advisories Team on Nov 19

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Advantech EKI-6340 Command Injection

1. *Advisory Information*

Title: Advantech EKI-6340 Command Injection
Advisory ID: CORE-2014-0009
Advisory URL:
http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection
Date published: 2014-11-19
Date of last update: 2014-11-19
Vendors contacted: Advantech
Release mode: User release

2. *Vulnerability Information*

Class:...
Categories:

CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM

November 19, 2014 - 10:48am

Posted by Portcullis Advisories on Nov 19

Vulnerability title: Multiple SQL Injections in Dolibarr ERP & CRM
CVE: CVE-2014-7137
Vendor: Dolibarr ERP & CRM
Product: Dolibarr ERP & CRM
Affected version: 3.5.3
Fixed version: 3.6.1
Reported by: Jerzy Kramarz

Details:

SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could
allow an authenticated attacker to access information such as usernames and password hashes that...
Categories:

[SECURITY] [DSA 3074-2] php5 regression update

November 19, 2014 - 7:40am

Posted by Yves-Alexis Perez on Nov 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3074-2 security () debian org
http://www.debian.org/security/ Yves-Alexis Perez
November 19, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php5

The previous update for php5, DSA-3074-1, introduced...
Categories:

Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension

November 19, 2014 - 7:30am

Posted by High-Tech Bridge Security Research on Nov 19

Advisory ID: HTB23241
Product: Simple Email Form Joomla Extension
Vendor: Doug Bierer
Vulnerable Version(s): 1.8.5 and probably prior
Tested Version: 1.8.5
Advisory Publication: October 29, 2014 [without technical details]
Vendor Notification: October 29, 2014
Public Disclosure: November 19, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8539
Risk Level: Medium
CVSSv2 Base Score: 4.3...
Categories:

[ MDVSA-2014:215 ] gnutls

November 19, 2014 - 6:32am

Posted by security on Nov 19

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:215
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : gnutls
Date : November 19, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[SECURITY] [DSA 3074-1] php5 security update

November 18, 2014 - 11:54pm

Posted by Yves-Alexis Perez on Nov 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3074-1 security () debian org
http://www.debian.org/security/ Yves-Alexis Perez
November 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php5
CVE ID : CVE-2014-3710
Debian Bug : 68283...
Categories:

[ MDVSA-2014:213 ] curl

November 18, 2014 - 1:18pm

Posted by security on Nov 18

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:213
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : curl
Date : November 18, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:214 ] dbus

November 18, 2014 - 1:08pm

Posted by security on Nov 18

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:214
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : dbus
Date : November 18, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload

November 18, 2014 - 1:10am

Posted by Steffen Bauch on Nov 18

CVE-2014-8767 tcpdump denial of service in verbose mode using malformed
OLSR payload

1. Background

tcpdump is a powerful command-line packet analyzer. It allows the user
to intercept and display TCP/IP and other packets being transmitted or
received over a network to which the computer is attached.

2. Summary Information

It was found out that malformed network traffic (OLSR-based) can lead to
an application crash (denial of service) if...
Categories:

CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload

November 18, 2014 - 1:03am

Posted by Steffen Bauch on Nov 18

CVE-2014-8768 tcpdump denial of service in verbose mode using malformed
Geonet payload

1. Background

tcpdump is a powerful command-line packet analyzer. It allows the user
to intercept and display TCP/IP and other packets being transmitted or
received over a network to which the computer is attached.

2. Summary Information

It was found out that malformed network traffic (Geonet-based) can lead
to an application crash (denial of service)...
Categories:

CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload

November 18, 2014 - 12:54am

Posted by Steffen Bauch on Nov 18

CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload

1. Background

tcpdump is a powerful command-line packet analyzer. It allows the user
to intercept and display TCP/IP and other packets being transmitted or
received over a network to which the computer is attached.

2. Summary Information

It was found out that malformed network traffic (AOVD-based) can lead to
an abnormal behaviour if verbose output of tcpdump monitoring...
Categories:

[security bulletin] HPSBMU03183 rev.2 - HP Server Automation and Server Automation Virtual Appliance, running SSL, Remote Disclosure of Information

November 18, 2014 - 12:05am

Posted by security-alert on Nov 18

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04497090

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04497090
Version: 2

HPSBMU03183 rev.2 - HP Server Automation and Server Automation Virtual
Appliance, running SSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[security bulletin] HPSBMU03072 rev.3 - HP Data Protector, Remote Execution of Arbitrary Code

November 17, 2014 - 11:56pm

Posted by security-alert on Nov 18

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04373818

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04373818
Version: 3

HPSBMU03072 rev.3 - HP Data Protector, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-07-15
Last Updated:...
Categories:

APPLE-SA-2014-11-17-3 Apple TV 7.0.2

November 17, 2014 - 11:49pm

Posted by Apple Product Security on Nov 18

APPLE-SA-2014-11-17-3 Apple TV 7.0.2

Apple TV 7.0.2 is now available and addresses the following:

Apple TV
Available for: Apple TV 3rd generation and later
Impact: An attacker with a privileged network position may cause an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-4452...
Categories:

APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1

November 17, 2014 - 11:41pm

Posted by Apple Product Security on Nov 18

APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1

OS X 10.10.1 is now available and addresses the following:

CFNetwork
Available for: OS X Yosemite v10.10
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460

Spotlight...
Categories:

APPLE-SA-2014-11-17-1 iOS 8.1.1

November 17, 2014 - 11:34pm

Posted by Apple Product Security on Nov 18

APPLE-SA-2014-11-17-1 iOS 8.1.1

iOS 8.1.1 is now available and addresses the following:

CFNetwork
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior....
Categories: