Feed aggregator
Vuln: Oracle Java SE CVE-2014-4219 Remote Security Vulnerability
Oracle Java SE CVE-2014-4219 Remote Security Vulnerability
[SECURITY] [DSA 2983-1] drupal7 security update
Posted by Moritz Muehlenhoff on Jul 21
-------------------------------------------------------------------------Debian Security Advisory DSA-2983-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 20, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : drupal7
CVE ID : not yet available
Multiple...
[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update
Posted by Moritz Muehlenhoff on Jul 21
-------------------------------------------------------------------------Debian Security Advisory DSA-2982-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 19, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : ruby-activerecord-3.2
CVE ID : CVE-2014-3482...
KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Posted by KoreLogic Disclosures on Jul 21
Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege EscalationAdvisory ID: KL-001-2014-003
Publication Date: 2014.07.18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt
1. Vulnerability Details
Affected Vendor: Microsoft
Affected Product: MQ Access Control
Affected Versions: 5.1.0.1110
Platform: Microsoft Windows XP SP3
CWE Classification: CWE-123: Write-what-where Condition...
KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Posted by KoreLogic Disclosures on Jul 21
Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege EscalationAdvisory ID: KL-001-2014-002
Publication Date: 2014-07-18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt
1. Vulnerability Details
Affected Vendor: Microsoft
Affected Product: Bluetooth Personal Area Networking
Affected Versions: 5.1.2600.5512
Platform: Microsoft Windows XP SP3
CWE Classification: CWE-123:...
CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.
Posted by Jordan Sissel on Jul 21
Vendor: ElasticsearchProduct: Logstash
CVE: CVE-2014-4326
Affected versions: Logstash 1.0.14 through 1.4.1
Recommendations: All affected users should upgrade to Logstash 1.4.2.
We also provide patch instructions for Logstash 1.3.x at the bottom of
this note.
The vulnerability impacts deployments that use either the zabbix or
the nagios_nsca outputs. In these cases, an attacker with an ability
to send crafted events to any source of data for...
[SECURITY] [DSA 2981-1] polarssl security update
Posted by Salvatore Bonaccorso on Jul 21
-------------------------------------------------------------------------Debian Security Advisory DSA-2981-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : polarssl
CVE ID : CVE-2014-4911
Debian Bug :...
CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure
Posted by i amroot on Jul 21
Product: NessusVendor: Tenable Network Security
Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 (potentially lower)
Vendor Notified Date: June 24, 2014
Vendor Resolved Date: June 25, 2014
Release Date: July 18, 2014
Risk: Medium
Authentication: Not Required
Remote: Yes
Description:
A parameter tampering vulnerability exists in Nessus 5.2.7 and potentially below that allows remote attackers to
retrieve potentially sensitive information from the...
