This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
a1195ed55db945252d5a1730d4a2a2a5c1c9a6aa01ef2e5af750a962623d9027Ubuntu Security Notice 2096-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.
3642a965005a189450ebb9a7da63b4405f4feb956e8633f63544fba0c47da057Debian Linux Security Advisory 2849-1 - Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user.
e4374fce83aed240b963cb7cda80af3bb13e0f47110d7536c46a7b643757f807Ubuntu Security Notice 2095-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.
ca8a6e458cf823bb6dbd65dc2b895cf52f5e38bd8da50a892074bcbfa99a76b9Joomla JomSocial component version 2.6 remote PHP code execution exploit.
ea1422d55f32ea2f21fe3bfa98a8a970fd3b75fcef135c089e38f1464c28a72bTopicsViewer version 3.0 Beta 1 suffers from multiple remote SQL injection vulnerabilities.
48dee20e05e6227d7032a46cb6020f6d577fcadffa33738daaabfd47613727f5Ubuntu Security Notice 2094-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.
faa4dd51c8b2fc6a08a0eacbf4b60dad67d7f8c44bca960b5e7b6ee945035133Linux 3.4+ recvmmsg x32 compat proof of concept exploit.
5662db3459ebcd5e6569adefd8e89c500d6c4b915e1d0af5b4ab442214e7b017Jobsite Logo suffers from cross site scripting and remote SQL injection vulnerabilities.
f5b281fa23163ff33cd4204b0ebdddfa490fec4c9fcb6e65a4b8ada7918abb2cBooking Calendar PHP suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
960acaa17357d30d3a772a036e2375e6767ea24edc21a4bd4950e8b6f6323648Eventy Online Scheduler version 1.8 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
adc6db576bd5a7faa15c3609f25e879996a7872f76654e872bb6c611a44d8a5bWordPress Contact Form 7 versions 3.5.3 and below suffer from a remote shell upload vulnerability.
a9b2be4594160bcca7766b6d73934f9f3c1a86a30c2cc6b9f5ee48d581468d96Newtontree IT Services suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d1207b580f63cb7e7eabc1d92f90e1a63599ba5e12d2adb4191941c87e6ceac5Ubuntu Security Notice 2092-1 - Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.
a805b7c2b775979752f92df1d19d0c1c355c2e1f45538b4ccadf8116e6353ce4Ubuntu Security Notice 2093-1 - Martin Kletzander discovered that libvirt incorrectly handled reading memory tunables from LXC guests. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. Dario Faggioli discovered that libvirt incorrectly handled the libxl driver. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. Various other issues were also addressed.
032ca50e203209008802c8c3ca9a824cd426e58b63c9f66f362b20a90858c799Red Hat Security Advisory 2014-0124-01 - Apache Camel is a versatile open-source integration framework based on known Enterprise Integration Patterns. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header that would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.
6b5de573b4efbf33e08e0dd89c9ba0e4332d534ab60be7b5382c9263c949b033Red Hat Security Advisory 2014-0113-01 - The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was discovered in the way the LDAP backend in keystone handled the removal of a role. A user could unintentionally be granted a role if the role being removed had not been previously granted to that user. Note that only OpenStack Identity setups using an LDAP backend were affected. All openstack-keystone users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
4ed18adab99d93bc8ef3094e04168b8b3fbc0330b8728fb4595ecc73eb7dca15Red Hat Security Advisory 2014-0112-01 - The openstack-nova packages provide OpenStack Compute, which provides services for provisioning, managing, and using virtual machine instances. It was discovered that enabling "qpid_protocol = ssl" in the nova.conf file did not result in nova using SSL to communicate to Qpid. If Qpid was not configured to enforce SSL this could lead to sensitive information being sent unencrypted over the communication channel. A flaw was found in the way OpenStack Compute controlled the size of disk images. An authenticated remote user could use malicious compressed qcow2 disk images to consume large amounts of disk space, potentially causing a denial of service on the OpenStack Compute nodes.
a9c329772cd7af8395cafb1ec06bc13482d54fac734c4e696e1724b928aaabec
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed