Feed aggregator

Vuln: OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability

OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
Categories:

Bugtraq: CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.

Security Focus Latest Security Advisories - July 21, 2014 - 10:30am
CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.
Categories:

[SECURITY] [DSA 2983-1] drupal7 security update

BugTraq Latest Security Advisories - July 21, 2014 - 10:29am

Posted by Moritz Muehlenhoff on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2983-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 20, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : not yet available

Multiple...
Categories:

[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update

BugTraq Latest Security Advisories - July 21, 2014 - 10:21am

Posted by Moritz Muehlenhoff on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2982-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 19, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-activerecord-3.2
CVE ID : CVE-2014-3482...
Categories:

KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation

BugTraq Latest Security Advisories - July 21, 2014 - 10:09am

Posted by KoreLogic Disclosures on Jul 21

Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-003
Publication Date: 2014.07.18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt

1. Vulnerability Details

Affected Vendor: Microsoft
Affected Product: MQ Access Control
Affected Versions: 5.1.0.1110
Platform: Microsoft Windows XP SP3
CWE Classification: CWE-123: Write-what-where Condition...
Categories:

KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation

BugTraq Latest Security Advisories - July 21, 2014 - 9:59am

Posted by KoreLogic Disclosures on Jul 21

Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-002
Publication Date: 2014-07-18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt

1. Vulnerability Details

Affected Vendor: Microsoft
Affected Product: Bluetooth Personal Area Networking
Affected Versions: 5.1.2600.5512
Platform: Microsoft Windows XP SP3
CWE Classification: CWE-123:...
Categories:

CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.

BugTraq Latest Security Advisories - July 21, 2014 - 9:51am

Posted by Jordan Sissel on Jul 21

Vendor: Elasticsearch
Product: Logstash
CVE: CVE-2014-4326
Affected versions: Logstash 1.0.14 through 1.4.1

Recommendations: All affected users should upgrade to Logstash 1.4.2.
We also provide patch instructions for Logstash 1.3.x at the bottom of
this note.

The vulnerability impacts deployments that use either the zabbix or
the nagios_nsca outputs. In these cases, an attacker with an ability
to send crafted events to any source of data for...
Categories:

[SECURITY] [DSA 2981-1] polarssl security update

BugTraq Latest Security Advisories - July 21, 2014 - 9:41am

Posted by Salvatore Bonaccorso on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2981-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : polarssl
CVE ID : CVE-2014-4911
Debian Bug :...
Categories:

CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure

BugTraq Latest Security Advisories - July 21, 2014 - 9:32am

Posted by i amroot on Jul 21

Product: Nessus
Vendor: Tenable Network Security‎
Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 (potentially lower)
Vendor Notified Date: June 24, 2014
Vendor Resolved Date: June 25, 2014
Release Date: July 18, 2014
Risk: Medium
Authentication: Not Required
Remote: Yes

Description:
A parameter tampering vulnerability exists in Nessus 5.2.7 and potentially below that allows remote attackers to
retrieve potentially sensitive information from the...
Categories:

Bugtraq: ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability

ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability
Categories:

Bugtraq: Microsoft MSN HBE - Blind SQL Injection Vulnerability

Microsoft MSN HBE - Blind SQL Injection Vulnerability
Categories:

Bugtraq: Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703)

Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703)
Categories:

Bugtraq: [SECURITY] [DSA 2980-1] openjdk-6 security update

[SECURITY] [DSA 2980-1] openjdk-6 security update
Categories:

next-20140721: linux-next

Linux Kernel Updates - July 21, 2014 - 3:57am
Version:next-20140721 (linux-next) Released:2014-07-21

3.16-rc6: mainline

Linux Kernel Updates - July 20, 2014 - 11:04pm
Version:3.16-rc6 (mainline) Released:2014-07-21 Source:linux-3.16-rc6.tar.xz PGP Signature:linux-3.16-rc6.tar.sign Patch:patch-3.16-rc6.xz

Vuln: OpenVAS Manager CVE-2013-6765 Authentication Bypass Vulnerability

Security Focus Latest Security Advisories - July 20, 2014 - 11:00pm
OpenVAS Manager CVE-2013-6765 Authentication Bypass Vulnerability
Categories:

Vuln: RETIRED: Linux Kernel 'net/l2tp/l2tp_ppp.c' Multiple Local Privilege Escalation Vulnerabilities

Security Focus Latest Security Advisories - July 20, 2014 - 11:00pm
RETIRED: Linux Kernel 'net/l2tp/l2tp_ppp.c' Multiple Local Privilege Escalation Vulnerabilities
Categories:

Vuln: Oracle Java SE CVE-2014-2483 Remote Security Vulnerability

Security Focus Latest Security Advisories - July 20, 2014 - 11:00pm
Oracle Java SE CVE-2014-2483 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-4227 Remote Security Vulnerability

Security Focus Latest Security Advisories - July 20, 2014 - 11:00pm
Oracle Java SE CVE-2014-4227 Remote Security Vulnerability
Categories:

Vuln: IBM Sametime Meeting Server Arbitrary File Upload Vulnerability

Security Focus Latest Security Advisories - July 20, 2014 - 11:00pm
IBM Sametime Meeting Server Arbitrary File Upload Vulnerability
Categories: