Debian Linux Security Advisory 3106-1 – Jose Duart of the Google Security Team discovered a double free flaw (CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138) in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
Monthly Archives: December 2014
Debian Security Advisory 3107-1
Debian Linux Security Advisory 3107-1 – Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service.
Dangerous NTP Hole Ruins Your Christmas Lunch
Multi-Million Dollar Russian Banking Scam Uncovered
STAY AWAY: Popular Tor Exit Relays Look Raided
Hack Attack Causes Massive Damage At Steel Works
CVE-2014-8896 (infosphere_master_data_management_collaborative_server, infosphere_master_data_management_server_for_product_information_management)
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management – Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator’s credentials and consequently gain privileges via unspecified vectors.
CVE-2014-8897 (infosphere_master_data_management_collaborative_server, infosphere_master_data_management_server_for_product_information_management)
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management – Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-8898 (infosphere_master_data_management_collaborative_server, infosphere_master_data_management_server_for_product_information_management)
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management – Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-8899 (infosphere_master_data_management_collaborative_server, infosphere_master_data_management_server_for_product_information_management)
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management – Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.