Feed aggregator

Bugtraq: APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

Security Focus Latest Security Advisories - December 19, 2014 - 9:45am
APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3
Categories:

Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability

BugTraq Latest Security Advisories - December 19, 2014 - 9:43am

Posted by Vulnerability Lab on Dec 19

Document Title:
===============
Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1385

Release Date:
=============
2014-12-19

Vulnerability Laboratory ID (VL-ID):
====================================
1385

Common Vulnerability Scoring System:
====================================
6.4

Product & Service Introduction:...
Categories:

iBackup v10.0.0.45 - Privilege Escalation Vulnerability

BugTraq Latest Security Advisories - December 19, 2014 - 9:33am

Posted by Vulnerability Lab on Dec 19

Document Title:
===============
iBackup v10.0.0.45 - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1382

Release Date:
=============
2014-12-18

Vulnerability Laboratory ID (VL-ID):
====================================
1382

Common Vulnerability Scoring System:
====================================
6.2

Product & Service Introduction:...
Categories:

SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor

BugTraq Latest Security Advisories - December 19, 2014 - 9:23am

Posted by SEC Consult Vulnerability Lab on Dec 19

SEC Consult Vulnerability Lab Security Advisory < 20141219-0 >
=======================================================================
title: XSS & Memory Disclosure
product: NetIQ eDirectory NDS iMonitor
vulnerable version: 8.8 SP8, 8.8 SP7
fixed version: 8.8 SP8 HF 4,
fix available for versions 8.8 SP7 (8.8.7.4 HF 4,
8.8.7.6 HF 3)
CVE number:...
Categories:

Bugtraq: [oCERT-2014-012] JasPer input sanitization errors

Security Focus Latest Security Advisories - December 19, 2014 - 8:30am
[oCERT-2014-012] JasPer input sanitization errors
Categories:

Bugtraq: SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager

Security Focus Latest Security Advisories - December 19, 2014 - 8:30am
SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager
Categories:

Bugtraq: SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted

Security Focus Latest Security Advisories - December 19, 2014 - 8:30am
SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted
Categories:

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

BugTraq Latest Security Advisories - December 19, 2014 - 7:19am

Posted by Apple Product Security on Dec 19

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

Xcode 6.2 beta 3 is now available and addresses the following:

Git
Available for: OS X Mavericks v10.9.4 or later
Impact: Synching with a malicious git repository may allow
unexpected files to be added to the .git folder
Description: The checks involved in disallowed paths did not account
for case insensitivity or unicode characters. This issue was
addressed by adding additional checks.
CVE-ID...
Categories:

Bugtraq: iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 7:15am
iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability
Categories:

Bugtraq: Apple iOS v8.x - Message Context & Privacy Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 7:15am
Apple iOS v8.x - Message Context & Privacy Vulnerability
Categories:

Bugtraq: Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 7:15am
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability
Categories:

Bugtraq: E-Journal CMS (ID) - Multiple Web Vulnerabilities

Security Focus Latest Security Advisories - December 19, 2014 - 7:15am
E-Journal CMS (ID) - Multiple Web Vulnerabilities
Categories:

[oCERT-2014-012] JasPer input sanitization errors

BugTraq Latest Security Advisories - December 19, 2014 - 7:10am

Posted by Andrea Barisani on Dec 19

#2014-012 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by a double-free vulnerability in function
jas_iccattrval_destroy() as well as a heap-based buffer overflow in function
jp2_decode().

A specially crafted jp2 file, can be used to trigger the vulnerabilities.

Affected version:

JasPer <= 1.900.1

Fixed version:

JasPer, N/A

Credit:...
Categories:

SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted

BugTraq Latest Security Advisories - December 19, 2014 - 7:00am

Posted by SEC Consult Vulnerability Lab on Dec 19

SEC Consult Vulnerability Lab Security Advisory < 20141218-1 >
=======================================================================
title: OS Command Execution
product: GParted - Gnome Partition Editor
vulnerable version: <=0.14.1
fixed version: >=0.15.0,
<=0.14.1 with fix for CVE-2014-7208 applied
CVE number: CVE-2014-7208
impact: medium...
Categories:

SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager

BugTraq Latest Security Advisories - December 19, 2014 - 6:51am

Posted by SEC Consult Vulnerability Lab on Dec 19

SEC Consult Vulnerability Lab Security Advisory < 20141218-2 >
=======================================================================
title: Multiple high risk vulnerabilities
product: NetIQ Access Manager
vulnerable version: 4.0 SP1
fixed version: 4.0 SP1 Hot Fix 3
CVE number: CVE-2014-5214, CVE-2014-5215, CVE-2014-5216,
CVE-2014-5217
impact: High...
Categories:

next-20141219: linux-next

Linux Kernel Updates - December 19, 2014 - 3:43am
Version:next-20141219 (linux-next) Released:2014-12-19

Vuln: Linux Kernel 'trace_syscalls.c' Multiple Local Denial of Service Vulnerabilities

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
Linux Kernel 'trace_syscalls.c' Multiple Local Denial of Service Vulnerabilities
Categories:

Vuln: GNU Automake Insecure Directory Permissions Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
GNU Automake Insecure Directory Permissions Vulnerability
Categories:

Vuln: Libpng Library Unknown Chunk Handler Vulnerability

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
Libpng Library Unknown Chunk Handler Vulnerability
Categories:

Vuln: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities

Security Focus Latest Security Advisories - December 19, 2014 - 12:00am
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
Categories: