Feed aggregator

Vuln: ISC BIND NSEC3 Signed Zones Queries Handling Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 16, 2014 - 11:00pm
ISC BIND NSEC3 Signed Zones Queries Handling Remote Denial of Service Vulnerability
Categories:

Vuln: ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 16, 2014 - 11:00pm
ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
Categories:

Vuln: Apple iOS and TV CVE-2014-4419 Unspecified Security Vulnerability

Security Focus Latest Security Advisories - October 16, 2014 - 11:00pm
Apple iOS and TV CVE-2014-4419 Unspecified Security Vulnerability
Categories:

Vuln: Apple TV/Mac OS X/iOS CVE-2014-4388 Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - October 16, 2014 - 11:00pm
Apple TV/Mac OS X/iOS CVE-2014-4388 Remote Code Execution Vulnerability
Categories:

Vuln: Apple iPhone/iPad/iPod touch Prior to iOS 7 Safari History Information Disclosure Vulnerability

Security Focus Latest Security Advisories - October 16, 2014 - 11:00pm
Apple iPhone/iPad/iPod touch Prior to iOS 7 Safari History Information Disclosure Vulnerability
Categories:

Vuln: OpenSSL DTLS CVE-2014-3510 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 16, 2014 - 11:00pm
OpenSSL DTLS CVE-2014-3510 Remote Denial of Service Vulnerability
Categories:

Vuln: OpenSSL CVE-2014-3508 Information Disclosure Vulnerability

Security Focus Latest Security Advisories - October 16, 2014 - 11:00pm
OpenSSL CVE-2014-3508 Information Disclosure Vulnerability
Categories:

next-20141017: linux-next

Linux Kernel Updates - October 16, 2014 - 10:29pm
Version:next-20141017 (linux-next) Released:2014-10-17

[SECURITY] [DSA 3052-1] wpa security update

BugTraq Latest Security Advisories - October 16, 2014 - 6:11am

Posted by Michael Gilbert on Oct 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3052-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
October 15, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wpa
CVE ID : CVE-2014-3686
Debian Bug : 765352...
Categories:

[security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)

BugTraq Latest Security Advisories - October 16, 2014 - 6:01am

Posted by security-alert on Oct 16

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04472444

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04472444
Version: 1

HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications
Broker), Remote Cross-site Scripting (XSS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

Bugtraq: Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

Security Focus Latest Security Advisories - October 16, 2014 - 6:00am
Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
Categories:

Bugtraq: Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability

Security Focus Latest Security Advisories - October 16, 2014 - 6:00am
Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability
Categories:

Bugtraq: Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software

Security Focus Latest Security Advisories - October 16, 2014 - 6:00am
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software
Categories:

Bugtraq: Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability

Security Focus Latest Security Advisories - October 16, 2014 - 6:00am
Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
Categories:

[security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution

BugTraq Latest Security Advisories - October 16, 2014 - 5:53am

Posted by security-alert on Oct 16

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04471538

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04471538
Version: 1

HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell,
Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[slackware-security] openssl (SSA:2014-288-01)

BugTraq Latest Security Advisories - October 16, 2014 - 5:43am

Posted by Slackware Security Team on Oct 16

[slackware-security] openssl (SSA:2014-288-01)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded.
(* Security fix *)
patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded.
This update fixes several security...
Categories:

Bypassing blacklists based on IPy

BugTraq Latest Security Advisories - October 16, 2014 - 5:33am

Posted by Nicolas Grégoire on Oct 16

IPy is a Python "class and tools for handling of IPv4 and IPv6 addresses
and networks" (https://github.com/haypo/python-ipy). This library is
sometimes used to implement blacklists forbidding internal, private or
loopback addresses.

Using octal encoding (supported by urllib2), it is possible to bypass
checks based on the result of the iptype() function. For example, IP
address '0177.0000.0000.0001' is considered as...
Categories:

[SECURITY] [DSA 3051-1] drupal7 security update

BugTraq Latest Security Advisories - October 16, 2014 - 5:26am

Posted by Moritz Muehlenhoff on Oct 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3051-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 15, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : CVE-2014-3704

Stefan Horst...
Categories:

Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

BugTraq Latest Security Advisories - October 16, 2014 - 5:18am

Posted by Cisco Systems Product Security Incident Response Team on Oct 16

Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

Advisory ID: cisco-sa-20141015-poodle

Revision 1.0

For Public Release 2014 October 15 17:30 UTC (GMT)

+---------------------------------------------------------------------

Summary
+======

On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) protocol when
using a block cipher in Cipher...
Categories:

Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability

BugTraq Latest Security Advisories - October 16, 2014 - 5:07am

Posted by Stefan Horst on Oct 16

SektionEins GmbH
www.sektioneins.de

-= Security Advisory =-

Advisory: Drupal - pre-auth SQL Injection Vulnerability
Release Date: 2014/10/15
Last Modified: 2014/10/15
Author: Stefan Horst [stefan.horst[at]sektioneins.de]
Application: Drupal >= 7.0 <= 7.31
Severity: Full SQL injection, which results in total control and code execution of Website.
Risk: Highly Critical...
Categories: