Feed aggregator

AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability

BugTraq Latest Security Advisories - April 23, 2014 - 7:30am

Posted by Vulnerability Lab on Apr 23

Document Title:
===============
AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1258

Release Date:
=============
2014-04-22

Vulnerability Laboratory ID (VL-ID):
====================================
1258

Common Vulnerability Scoring System:
====================================
8.7

Product & Service Introduction:...
Categories:

CVE-2014-2383 - Arbitrary file read in dompdf

BugTraq Latest Security Advisories - April 23, 2014 - 7:20am

Posted by Portcullis Advisories on Apr 23

Vulnerability title: Arbitrary file read in dompdf
CVE: CVE-2014-2383
Vendor: dompdf
Product: dompdf
Affected version: v0.6.0
Fixed version: v0.6.1 (partial fix)
Reported by: Alejo Murillo Moyas

Details:
An arbitrary file read vulnerability is present on dompdf.php file that
allows remote or local attackers to read local files using a special
crafted argument. This vulnerability requires the configuration flag
DOMPDF_ENABLE_PHP to be enabled...
Categories:

3.12.18: longterm

Linux Kernel Updates - April 23, 2014 - 7:19am
Version:3.12.18 (longterm) Released:2014-04-23 Source:linux-3.12.18.tar.xz PGP Signature:linux-3.12.18.tar.sign Patch:patch-3.12.18.xz (Incremental) ChangeLog:ChangeLog-3.12.18

Bugtraq: SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances

Security Focus Latest Security Advisories - April 23, 2014 - 7:15am
SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances
Categories:

CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive

BugTraq Latest Security Advisories - April 23, 2014 - 7:12am

Posted by Portcullis Advisories on Apr 23

Vulnerability title: Unauthenticated access to sensitive information and
functionality in Livetecs Timelive
CVE: CVE-2014-1217
Vendor: Livetecs
Product: Timelive
Affected version: 6.2.71
Fixed version: 6.2.8
Reported by: Richard Hatch

Details:
It was possible to access a URL that allowed unauthenticated access
to sensitive configuration change functionality, and also revealed the
database connection
string (including authentication credentials)...
Categories:

SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances

BugTraq Latest Security Advisories - April 23, 2014 - 6:16am

Posted by SEC Consult Vulnerability Lab on Apr 23

SEC Consult Vulnerability Lab Security Advisory < 20140423-0 >
=======================================================================
title: Path Traversal/Remote Code Execution
product: WD Arkeia Virtual Appliance (AVA)
vulnerable version: All Arkeia Network Backup releases (ASA/APA/AVA) since 7.0.3.
fixed version: 10.2.9
CVE number: CVE-2014-2846
impact: critical
homepage:...
Categories:

[SECURITY] [DSA 2808-2] openjpeg regression update

BugTraq Latest Security Advisories - April 23, 2014 - 6:07am

Posted by Raphael Geissert on Apr 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-2808-2 security () debian org
http://www.debian.org/security/ Raphael Geissert
April 22, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjpeg

A regression in the decoding of chroma-subsampled...
Categories:

Bugtraq: [security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information

Security Focus Latest Security Advisories - April 23, 2014 - 6:00am
[security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information
Categories:

Bugtraq: [security bulletin] HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information

Security Focus Latest Security Advisories - April 23, 2014 - 6:00am
[security bulletin] HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information
Categories:

Bugtraq: [security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information

Security Focus Latest Security Advisories - April 23, 2014 - 6:00am
[security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information
Categories:

Bugtraq: APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

Security Focus Latest Security Advisories - April 23, 2014 - 6:00am
APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3
Categories:

[security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information

BugTraq Latest Security Advisories - April 23, 2014 - 5:56am

Posted by security-alert on Apr 23

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04260385

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04260385
Version: 1

HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running
OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[security bulletin] HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information

BugTraq Latest Security Advisories - April 23, 2014 - 5:43am

Posted by security-alert on Apr 23

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04261644

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04261644
Version: 1

HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of
Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-04-22
Last...
Categories:

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

BugTraq Latest Security Advisories - April 23, 2014 - 5:33am

Posted by Apple Product Security on Apr 23

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

AirPort Base Station Firmware Update 7.7.3 is now available and
addresses the following:

Available for:
AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in a privileged network position may obtain
memory contents
Description: An out-of-bounds read issue existed in the OpenSSL
library when handling TLS heartbeat extension packets. An...
Categories:

[security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information

BugTraq Latest Security Advisories - April 23, 2014 - 5:23am

Posted by security-alert on Apr 23

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04260637

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04260637
Version: 1

HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library
LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted...
Categories:

Bugtraq: APPLE-SA-2014-04-22-3 Apple TV 6.1.1

Security Focus Latest Security Advisories - April 23, 2014 - 4:45am
APPLE-SA-2014-04-22-3 Apple TV 6.1.1
Categories:

Bugtraq: APPLE-SA-2014-04-22-2 iOS 7.1.1

Security Focus Latest Security Advisories - April 23, 2014 - 4:45am
APPLE-SA-2014-04-22-2 iOS 7.1.1
Categories:

Bugtraq: APPLE-SA-2014-04-22-1 Security Update 2014-002

Security Focus Latest Security Advisories - April 23, 2014 - 4:45am
APPLE-SA-2014-04-22-1 Security Update 2014-002
Categories:

Bugtraq: [SECURITY] [DSA 2911-1] icedove security update

Security Focus Latest Security Advisories - April 23, 2014 - 4:45am
[SECURITY] [DSA 2911-1] icedove security update
Categories:

next-20140423: linux-next

Linux Kernel Updates - April 22, 2014 - 11:42pm
Version:next-20140423 (linux-next) Released:2014-04-23