Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
Monthly Archives: October 2014
CVE-2014-6555 (mariadb, mysql, solaris)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
Fedora 20 Security Update: sysklogd-1.5-18.fc20
Fedora 21 Security Update: sysklogd-1.5-18.fc21
Fedora 19 Security Update: sysklogd-1.5-18.fc19
Chase breach: Stolen personal info brings headaches too
On the one hand, the breach of JP Morgan Chase is not as bad as it could have been. But how do you measure relative “badness†of a breach?
The post Chase breach: Stolen personal info brings headaches too appeared first on We Live Security.
CVE-2014-3686
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
CVE-2014-7237
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
DSA-3053 openssl – security update
Several vulnerabilities have been found in OpenSSL, the Secure Sockets
Layer library and toolkit.