Feed aggregator

Vuln: Oracle Java SE CVE-2014-4219 Remote Security Vulnerability

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
Oracle Java SE CVE-2014-4219 Remote Security Vulnerability
Categories:

[SECURITY] [DSA 2983-1] drupal7 security update

BugTraq Latest Security Advisories - July 21, 2014 - 10:29am

Posted by Moritz Muehlenhoff on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2983-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 20, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : not yet available

Multiple...
Categories:

[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update

BugTraq Latest Security Advisories - July 21, 2014 - 10:21am

Posted by Moritz Muehlenhoff on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2982-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 19, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-activerecord-3.2
CVE ID : CVE-2014-3482...
Categories:

KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation

BugTraq Latest Security Advisories - July 21, 2014 - 10:09am

Posted by KoreLogic Disclosures on Jul 21

Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-003
Publication Date: 2014.07.18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt

1. Vulnerability Details

Affected Vendor: Microsoft
Affected Product: MQ Access Control
Affected Versions: 5.1.0.1110
Platform: Microsoft Windows XP SP3
CWE Classification: CWE-123: Write-what-where Condition...
Categories:

KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation

BugTraq Latest Security Advisories - July 21, 2014 - 9:59am

Posted by KoreLogic Disclosures on Jul 21

Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-002
Publication Date: 2014-07-18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt

1. Vulnerability Details

Affected Vendor: Microsoft
Affected Product: Bluetooth Personal Area Networking
Affected Versions: 5.1.2600.5512
Platform: Microsoft Windows XP SP3
CWE Classification: CWE-123:...
Categories:

CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.

BugTraq Latest Security Advisories - July 21, 2014 - 9:51am

Posted by Jordan Sissel on Jul 21

Vendor: Elasticsearch
Product: Logstash
CVE: CVE-2014-4326
Affected versions: Logstash 1.0.14 through 1.4.1

Recommendations: All affected users should upgrade to Logstash 1.4.2.
We also provide patch instructions for Logstash 1.3.x at the bottom of
this note.

The vulnerability impacts deployments that use either the zabbix or
the nagios_nsca outputs. In these cases, an attacker with an ability
to send crafted events to any source of data for...
Categories:

[SECURITY] [DSA 2981-1] polarssl security update

BugTraq Latest Security Advisories - July 21, 2014 - 9:41am

Posted by Salvatore Bonaccorso on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2981-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : polarssl
CVE ID : CVE-2014-4911
Debian Bug :...
Categories:

CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure

BugTraq Latest Security Advisories - July 21, 2014 - 9:32am

Posted by i amroot on Jul 21

Product: Nessus
Vendor: Tenable Network Security‎
Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 (potentially lower)
Vendor Notified Date: June 24, 2014
Vendor Resolved Date: June 25, 2014
Release Date: July 18, 2014
Risk: Medium
Authentication: Not Required
Remote: Yes

Description:
A parameter tampering vulnerability exists in Nessus 5.2.7 and potentially below that allows remote attackers to
retrieve potentially sensitive information from the...
Categories: