HP Security Bulletin HPSBGN03233 1 – Potential security vulnerabilities have been identified with HP OneView running OpenSSL and Bash Shell. These vulnerabilities (POODLE and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.
Monthly Archives: January 2015
Red Hat Security Advisory 2015-0044-01
Red Hat Security Advisory 2015-0044-01 – OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, ‘neutron’ replaces ‘quantum’ as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the ‘dns_nameservers’ parameter. By providing specially crafted ‘dns_nameservers’ values, an authenticated user could use this flaw to crash the neutron service.
OS X 10.10 Bluetooth TransferACLPacketToHW Crash Proof Of Concept
OS X 10.10 Bluetooth TransferACLPacketToHW crash denial of service proof of concept exploit.
OS X 10.10 Bluetooth BluetoothHCIChangeLocalName Crash Proof Of Concept
OS X 10.10 Bluetooth BluetoothHCIChangeLocalName crash denial of service proof of concept exploit.
OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey Crash Proof Of Concept
OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey crash denial of service proof of concept exploit.
Adobe Releases Security Updates for Flash Player
Original release date: January 13, 2015
Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could potentially allow an attacker to take control of the affected system.
Users and administrators are encouraged to review Adobe Security Bulletin APSB15-01 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
DSA-3127 iceweasel – security update
Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser: Multiple memory safety errors
and implementation errors may lead to the execution of arbitrary code,
information leaks or denial of service.
Vuln: binutils CVE-2014-8502 Heap Based Buffer Overflow Vulnerability
binutils CVE-2014-8502 Heap Based Buffer Overflow Vulnerability
Vuln: Git CVE-2014-9390 Arbitrary File Overwrite Vulnerability
Git CVE-2014-9390 Arbitrary File Overwrite Vulnerability
CVE-2015-0301
Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors.