BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 38 min 28 sec ago

APPLE-SA-2014-10-20-1 iOS 8.1

October 20, 2014 - 3:41pm

Posted by Apple Product Security on Oct 20

APPLE-SA-2014-10-20-1 iOS 8.1

iOS 8.1 is now available and addresses the following:

Bluetooth
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious Bluetooth input device may bypass pairing
Description: Unencrypted connections were permitted from Human
Interface Device-class Bluetooth Low Energy accessories. If an iOS
device had paired with such an accessory, an attacker could spoof...
Categories:

APPLE-SA-2014-10-20-2 Apple TV 7.0.1

October 20, 2014 - 3:32pm

Posted by Apple Product Security on Oct 20

APPLE-SA-2014-10-20-2 Apple TV 7.0.1

Apple TV 7.0.1 is now available and addresses the following:

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A malicious Bluetooth input device may bypass pairing
Description: Unencrypted connections were permitted from Human
Interface Device-class Bluetooth Low Energy accessories. If a device
had paired with such an accessory, an attacker could spoof the
legitimate accessory to...
Categories:

AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability

October 20, 2014 - 3:22pm

Posted by Asterisk Security Team on Oct 20

Asterisk Project Security Advisory - AST-2014-011

Product Asterisk
Summary Asterisk Susceptibility to POODLE Vulnerability
Nature of Advisory Unauthorized Data Disclosure
Susceptibility Remote Unauthenticated Sessions
Severity Medium...
Categories:

[security bulletin] HPSBMU03126 rev.2 - HP Operations Manager/Operations Agent, Remote Cross-site Scripting (XSS)

October 20, 2014 - 3:12pm

Posted by security-alert on Oct 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04472444

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04472444
Version: 2

HPSBMU03126 rev.2 - HP Operations Manager/Operations Agent, Remote Cross-site
Scripting (XSS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[SECURITY] [DSA 3054-1] mysql-5.5 security update

October 20, 2014 - 3:04pm

Posted by Salvatore Bonaccorso on Oct 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3054-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
October 20, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mysql-5.5
CVE ID : CVE-2012-5615 CVE-2014-4274...
Categories:

[security bulletin] HPSBHF03145 rev.1 - HP Integrity Superdome X and HP Converged System 900 for SAP HANA running Bash Shell, Remote Code Execution

October 20, 2014 - 2:55pm

Posted by security-alert on Oct 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04479505

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04479505
Version: 1

HPSBHF03145 rev.1 - HP Integrity Superdome X and HP Converged System 900 for
SAP HANA running Bash Shell, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[security bulletin] HPSBST03097 rev.1 - HP Command View for Tape Libraries (CVTL) running OpenSSL, Remote Unauthorized Access or Disclosure of Information

October 20, 2014 - 2:46pm

Posted by security-alert on Oct 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04404764

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04404764
Version: 1

HPSBST03097 rev.1 - HP Command View for Tape Libraries (CVTL) running
OpenSSL, Remote Unauthorized Access or Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as...
Categories:

[security bulletin] HPSBHF03146 rev.1 - HP Integrity SD2 CB900s i4 & i2 Server running Bash Shell, Remote Code Execution

October 20, 2014 - 2:37pm

Posted by security-alert on Oct 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04479601

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04479601
Version: 1

HPSBHF03146 rev.1 - HP Integrity SD2 CB900s i4 & i2 Server running Bash
Shell, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

[security bulletin] HPSBGN03141 rev.1 - HP Automation Insight running Bash Shell, Remote Code Execution

October 20, 2014 - 2:28pm

Posted by security-alert on Oct 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04479398

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04479398
Version: 1

HPSBGN03141 rev.1 - HP Automation Insight running Bash Shell, Remote Code
Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-10-17
Last...
Categories:

[security bulletin] HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash Shell, Remote Code Execution

October 20, 2014 - 2:19pm

Posted by security-alert on Oct 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04479402

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04479402
Version: 1

HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash
Shell, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[security bulletin] HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell, Remote Code Execution

October 20, 2014 - 2:09pm

Posted by security-alert on Oct 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04478866

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04478866
Version: 1

HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell,
Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[security bulletin] HPSBST03131 rev.1 - HP StoreOnce Backup Systems running Bash Shell, Remote Code Execution

October 20, 2014 - 2:00pm

Posted by security-alert on Oct 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04477872

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04477872
Version: 1

HPSBST03131 rev.1 - HP StoreOnce Backup Systems running Bash Shell, Remote
Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-10-16...
Categories:

[security bulletin] HPSBMU03144 rev.1 - HP Operation Agent Virtual Appliance, Bash Shell, Remote Code Execution

October 20, 2014 - 1:52pm

Posted by security-alert on Oct 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04479492

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04479492
Version: 1

HPSBMU03144 rev.1 - HP Operation Agent Virtual Appliance, Bash Shell, Remote
Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-10-16...
Categories:

[security bulletin] HPSBMU03143 rev.1 - HP Virtualization Performance Viewer, Bash Shell, Remote Code Execution

October 20, 2014 - 1:43pm

Posted by security-alert on Oct 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04479536

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04479536
Version: 1

HPSBMU03143 rev.1 - HP Virtualization Performance Viewer, Bash Shell, Remote
Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-10-16...
Categories:

[security bulletin] HPSBHF03084 rev.2 - HP PCs with UEFI Firmware, Execution of Arbitrary Code

October 20, 2014 - 1:32pm

Posted by security-alert on Oct 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04393276

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04393276
Version: 2

HPSBHF03084 rev.2 - HP PCs with UEFI Firmware, Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-08-06
Last Updated:...
Categories:

[SECURITY] [DSA 3050-1] iceweasel security update

October 20, 2014 - 9:33am

Posted by Moritz Muehlenhoff on Oct 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3050-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 15, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2014-1574 CVE-2014-1576...
Categories:

Re: LiveZilla 5.3.0.7 Security Issue

October 20, 2014 - 9:24am

Posted by Henri Salo on Oct 20

CVE OpenSource Request HOWTO can be located at:

http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

As "Live!Zilla" product is open-source you can request CVE in public
oss-security mailing list:

http://oss-security.openwall.org/wiki/
http://www.openwall.com/lists/oss-security/

You should include following details to your request if available:

- Software and vendor name
- Type of vulnerability
- Link to vulnerable...
Categories:

Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF)

October 20, 2014 - 9:12am

Posted by simo on Oct 20

Title: Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF)
Author: Simo Ben youssef
Contact: Simo_at_Morxploit_com
Discovered: September 1 2014
Published: October 17 2014
MorXploit Research
http://www.MorXploit.com
Software: Elastix
Version: Elastix 2.4.0 Stable
Vendor url: http://elastix.org/
Vulnerable file: modules/backup_restore/index.php

Description:

1- Remote Command Execution

modules/backup_restore/index.php suffers...
Categories: