VMware Security Advisory 2014-0008 - VMware has updated vSphere third party libraries.
961f1fa58ab6b80903bbc3ac882d262194e375452629d457597ffbc1b2b2c93c
HP Security Bulletin HPSBMU03075 - A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on Windows and Linux. This vulnerability could be exploited remotely to allow arbitrary code execution. Revision 1 of this advisory.
045e91742bf0a51854d6e5c29dec360e40077d54bb40679404151c3b61dec485
Cisco Security Advisory - A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafted SSH packet. An attacker could exploit this vulnerability by sending a crafted packet to the SSH server running on the Cisco IMC of an affected device, which could result in the Cisco IMC becoming unresponsive. The operating system running on the blade will be unaffected. Cisco has released free software updates that address this vulnerability.
3f247458f5de3f93abd4ed9c538945e9d37f45d46ccead5e184b48fc8aa2c4c7
HP Security Bulletin HPSBST03106 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array System running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.
6891a70dfa7d48dde4bae12899b26516b067ffccc859961ca28b52e4c6c9c942
Debian Linux Security Advisory 3021-1 - Multiple security issues have been found in file, a tool to determine a file type. These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash.
115bf94ed1ae10d5933506efacb195641342c54b763f1ee67edf43028f3516c2
Ubuntu Security Notice 2343-1 - Tyson Smith and Jesse Schwartzentruber discovered that NSS contained a race condition when performing certificate validation. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
49306aadb794c2b489013336e93c2da224228735ef3f3bda3d06f7c656dfdae6
Debian Linux Security Advisory 3021-2 - This update corrects DSA 3021-1, which introduced a regression in the detection of a some "Composite Document Files" (CDF), marking them look as corrupted, with the error: "Can't expand summary_info".
d8bc3a976a77d945fa9729274dcb77beef67b36b7e76cce28961d31ec075b64d
Debian Linux Security Advisory 3022-1 - Two vulnerabilities have been discovered in cURL, an URL transfer library. They can be use to leak cookie information.
5c7afe71736f0b0541d990e07c5812c715b4de0cb69860da5982335e93295eab
Debian Linux Security Advisory 3020-1 - During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user's environment. This could lead to program malfunction or allow a local user to escalate privileges to the root user due to a programming error.
35f75e3e676cc36fd363cb90a7635889f195d3d10b2f4a7885833ebd0cb47cc8
Red Hat Security Advisory 2014-1173-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-21, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
82eb0208711b7cdea78181be2b4903736f3d9617389e5850b54bab2b6fcdec61
Red Hat Security Advisory 2014-1172-01 - The procmail program is used for local mail delivery. In addition to just delivering mail, procmail can be used for automatic filtering, presorting, and other mail handling jobs. A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail. All procmail users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
dd9d7e5491f3b4e1e82321feba769af71e75c8968902e4b898b38d9b46ad56f7
Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
b417399551892d9f1c461d372a319a3669c34f99ca2a6b21c185e1ab67930915
Red Hat Security Advisory 2014-1170-01 - This advisory contains instructions on how to resolve one security issue in the Elasticsearch component in Fuse ESB Enterprise and Fuse MQ Enterprise 7.1.0.
cda8a55812eca23934b2ebd4c0cfda1feb81d8ddd544746c00205873c1e7ddd0
Red Hat Security Advisory 2014-1171-01 - This advisory contains instructions on how to resolve one security issue in the Elasticsearch component in Fuse ESB Enterprise and Fuse MQ Enterprise 7.1.0.
7de6d8f79c743d6c37c8104e7cee5b3a934147a40c2f09b0aac27afd5d2f12e8
Ubuntu Security Notice 2344-1 - It was discovered that the Fileinfo component in php5 contains an integer overflow. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via a crafted CDF file. It was discovered that the php_parserr function contains multiple buffer overflows. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via crafted DNS records.
03372400c70b371cdf5ed00c4c33da42ee3f6e763d7c09635eb62ec8542b43bc
Red Hat Security Advisory 2014-1168-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface.
1be37b2188323742fc027667a63f88039cdc650a7fd1a4ae10d8c70579adb720
Red Hat Security Advisory 2014-1167-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface.
f4cef6046c510265613db29bd8c542c592cf332bb9e20ce25867d4caa0282acd
OroCRM suffers from a persistent cross site scripting vulnerability.
84996ee9bc53114b04b4bfff8064bb94359d641af5420bd761a209d98f948364