Snowfox CMS version 1.0 suffers from an open redirection vulnerability.
Monthly Archives: November 2014
USN-2411-1: mountall vulnerability
Ubuntu Security Notice USN-2411-1
18th November, 2014
mountall vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
Summary
mountall could mount certain filesystems with the wrong permissions.
Software description
- mountall
– filesystem mounting tool
Details
Saurav Sengupta discovered that mountall incorrectly handled umask when
calling the mount utility, resulting in certain filesystems possibly being
mounted with incorrect permissions.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
mountall
2.54ubuntu0.14.10.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
Apple Security Advisory 2014-11-17-2
Apple Security Advisory 2014-11-17-2 – OS X 10.10.1 is now available and addresses a privacy issue, arbitrary code execution, and various other security issues.
Apple Security Advisory 2014-11-17-1
Apple Security Advisory 2014-11-17-1 – iOS 8.1.1 is now available and addresses code execution and various other security flaws.
tcpdump 4.6.2 AOVD Unreliable Output
It was found out that malformed network traffic (AOVD-based) can lead to an abnormal behavior if verbose output of tcpdump monitoring the network is used. Affected versions are 3.8 through 4.6.2.
tcpdump 4.6.2 Geonet Denial Of Service
tcpdump versions 4.5.0 through 4.6.2 suffers from a denial of service vulnerability when handling a malformed Geonet payload.
tcpdump 4.6.2 OSLR Denial Of Service
tcpdump versions 3.9.6 through 4.6.2 suffers from a denial of service vulnerability when handling a malformed OLSR payload.
Vuln: Oracle Java SE CVE-2014-6512 IP Address Spoofing Vulnerability
Oracle Java SE CVE-2014-6512 IP Address Spoofing Vulnerability
Vuln: Oracle Java SE CVE-2014-6457 Remote Security Vulnerability
Oracle Java SE CVE-2014-6457 Remote Security Vulnerability
Vuln: IBM Java SDK CVE-2014-3065 Local Arbitrary Code Execution Vulnerability
IBM Java SDK CVE-2014-3065 Local Arbitrary Code Execution Vulnerability