Feed aggregator

Bugtraq: Oracle Corporation MyOracle - Persistent Vulnerability

Security Focus Latest Security Advisories - September 19, 2014 - 7:15am
Oracle Corporation MyOracle - Persistent Vulnerability
Categories:

Bugtraq: Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

Security Focus Latest Security Advisories - September 19, 2014 - 7:15am
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
Categories:

Bugtraq: APPLE-SA-2014-09-17-7 Xcode 6.0.1

Security Focus Latest Security Advisories - September 19, 2014 - 7:15am
APPLE-SA-2014-09-17-7 Xcode 6.0.1
Categories:

Bugtraq: Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

Security Focus Latest Security Advisories - September 19, 2014 - 7:15am
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
Categories:

[SECURITY] [DSA 3025-2] apt regression update

BugTraq Latest Security Advisories - September 19, 2014 - 7:00am

Posted by Salvatore Bonaccorso on Sep 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3025-2 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
September 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : apt
Debian Bug : 762079

The previous update for apt,...
Categories:

AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations

BugTraq Latest Security Advisories - September 19, 2014 - 6:52am

Posted by Asterisk Security Team on Sep 19

Asterisk Project Security Advisory - AST-2014-010

Product Asterisk
Summary Remote crash when handling out of call message in
certain dialplan configurations
Nature of Advisory Remotely triggered crash of Asterisk
Susceptibility Remote authenticated sessions...
Categories:

AST-2014-009: Remote crash based on malformed SIP subscription requests

BugTraq Latest Security Advisories - September 19, 2014 - 6:43am

Posted by Asterisk Security Team on Sep 19

Asterisk Project Security Advisory - AST-2014-009

Product Asterisk
Summary Remote crash based on malformed SIP subscription
requests
Nature of Advisory Remotely triggered crash of Asterisk
Susceptibility Remote authenticated sessions...
Categories:

CVE ID Syntax Change - Deadline Approaching

BugTraq Latest Security Advisories - September 19, 2014 - 6:33am

Posted by Christey, Steven M. on Sep 19

As we approach the end of 2014, CVE identifiers are getting closer and
closer to the magic CVE-2014-9999 mark, which means that MITRE will be
issuing a 5-digit CVE ID within a matter of months, in accordance with
the new syntax that was selected in 2013 (basically using 5, 6, or
even more digits as needed). Some people are still unaware that this
change has happened or have been slow to implement it.

Once a CVE identifier is issued using the...
Categories:

APPLE-SA-2014-09-17-7 Xcode 6.0.1

BugTraq Latest Security Advisories - September 19, 2014 - 6:21am

Posted by Apple Product Security on Sep 19

APPLE-SA-2014-09-17-7 Xcode 6.0.1

Xcode 6.0.1 is now available and addresses the following:

subversion
Available for: OS X Mavericks v10.9.4 or later
Impact: A malicious attacker may be able to cause Subversion
to terminate unexpectedly
Description: A denial of service issue existed in Subversion when
SVNListParentPath was enabled. This issue was addressed by updating
Subversion to version 1.7.17.
CVE-ID
CVE-2014-0032

Xcode 6.0.1 may be...
Categories:

Oracle Corporation MyOracle - Persistent Vulnerability

BugTraq Latest Security Advisories - September 19, 2014 - 6:12am

Posted by Vulnerability Lab on Sep 19

Document Title:
===============
Oracle Corporation MyOracle - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1261

Oracle Security ID (Team Tracking ID): admin () vulnerability-lab com-001:2014

http://vulnerability-db.com/magazine/articles/2014/09/17/oracle-corporation-fixed-vulnerability-myoracle-online-service-application

Release Date:
=============
2014-09-17...
Categories:

Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

BugTraq Latest Security Advisories - September 19, 2014 - 6:01am

Posted by VSR Advisories on Sep 19

VSR Security Advisory
http://www.vsecurity.com/

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
Release Date: 2014-09-17
Application: Apple iOS Foundation Framework
Apple OS X Foundation Framework
Versions: iOS 7.0, 7.1, OS X 10.9 - 10.9.4
Severity: High
Author:...
Categories:

Bugtraq: APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1

Security Focus Latest Security Advisories - September 19, 2014 - 6:00am
APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1
Categories:

Bugtraq: CVE ID Syntax Change - Deadline Approaching

Security Focus Latest Security Advisories - September 19, 2014 - 6:00am
CVE ID Syntax Change - Deadline Approaching
Categories:

Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

BugTraq Latest Security Advisories - September 19, 2014 - 5:53am

Posted by VSR Advisories on Sep 19

hope that it will help promote public safety. This advisory comes with
absolutely NO WARRANTY; not even the implied warranty of merchantability or
fitness for a particular purpose. Neither Virtual Security Research, LLC nor
the author accepts any liability for any direct, indirect, or consequential
loss or damage arising from use of, or reliance on, this information.

See the VSR disclosure policy for more information on our responsible...
Categories:

APPLE-SA-2014-09-17-6 OS X Server 2.2.3

BugTraq Latest Security Advisories - September 19, 2014 - 5:41am

Posted by Apple Product Security on Sep 19

APPLE-SA-2014-09-17-6 OS X Server 2.2.3

OS X Server 2.2.3 is now available and addresses the following:

CoreCollaboration
Available for: OS X Mountain Lion v10.8.5
Impact: A remote attacker may be able to execute arbitrary SQL
queries
Description: A SQL injection issue existed in Wiki Server. This
issue was addressed through additional validation of SQL queries.
CVE-ID
CVE-2014-4424 : Sajjad Pourali (sajjad () securation com) of CERT of...
Categories:

APPLE-SA-2014-09-17-5 OS X Server 3.2.1

BugTraq Latest Security Advisories - September 19, 2014 - 5:32am

Posted by Apple Product Security on Sep 19

APPLE-SA-2014-09-17-5 OS X Server 3.2.1

OS X Server 3.2.1 is now available and addresses the following:

CoreCollaboration
Available for: OS X Mavericks v10.9.5 or later
Impact: A remote attacker may be able to execute arbitrary SQL
queries
Description: A SQL injection issue existed in Wiki Server. This
issue was addressed through additional validation of SQL queries.
CVE-ID
CVE-2014-4424 : Sajjad Pourali (sajjad () securation com) of CERT of...
Categories:

APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004

BugTraq Latest Security Advisories - September 19, 2014 - 5:24am

Posted by Apple Product Security on Sep 19

APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update
2014-004

OS X Mavericks 10.9.5 and Security Update 2014-004 are now available
and address the following:

apache_mod_php
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: Multiple vulnerabilities in PHP 5.4.24
Description: Multiple vulnerabilities existed in PHP 5.4.24, the
most serious of which may have led to arbitrary code execution. This
update addresses the issues by...
Categories:

APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1

BugTraq Latest Security Advisories - September 19, 2014 - 5:14am

Posted by Apple Product Security on Sep 19

APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1

Safari 6.2 and Safari 7.1 are now available and address the
following:

Safari
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: An attacker with a privileged network position may intercept
user credentials
Description: Saved passwords were autofilled on http sites, on https
sites with broken trust, and in iframes. This issue was addressed by
restricting password autofill...
Categories:

CVE ID Syntax Change - Deadline Approaching

BugTraq Latest Security Advisories - September 19, 2014 - 5:05am

Posted by Christey, Steven M. on Sep 19

As we approach the end of 2014, CVE identifiers are getting closer and
closer to the magic CVE-2014-9999 mark, which means that MITRE will be
issuing a 5-digit CVE ID within a matter of months, in accordance with
the new syntax that was selected in 2013 (basically using 5, 6, or
even more digits as needed). Some people are still unaware that this
change has happened or have been slow to implement it.

Once a CVE identifier is issued using the...
Categories:

[SECURITY] [DSA 3028-1] icedove security update

BugTraq Latest Security Advisories - September 19, 2014 - 4:56am

Posted by Moritz Muehlenhoff on Sep 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3028-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
September 17, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2014-1562 CVE-2014-1567...
Categories: