Linux Kernel KVM ‘virt/kvm/iommu.c’ Denial of Service Vulnerability
Category Archives: Security
Security
Vuln: Linux Kernel CVE-2014-5045 Local Privilege Escalation Vulnerability
Linux Kernel CVE-2014-5045 Local Privilege Escalation Vulnerability
DSA-3049 wireshark – security update
Multiple vulnerabilities were discovered in the dissectors/parsers for
RTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial
of service.
DNS Reverse Lookup Shellshock
DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability.
CESA-2014:1397 Important CentOS 7 rsyslogSecurity Update
CentOS Errata and Security Advisory 2014:1397 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1397.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 948575ad1feeb02cbe239668584e1b84268e3bec81215d02d5d06cea0b8f533c rsyslog-7.4.7-7.el7_0.x86_64.rpm c7e99647faec3af85a3d174a7aeac248a1d8d2c80410b6676049fe221188265a rsyslog-crypto-7.4.7-7.el7_0.x86_64.rpm 66be2ec9a2b8d0fa79960c38866ef7562ac59cde6717853eac0e140e320ffba0 rsyslog-doc-7.4.7-7.el7_0.x86_64.rpm 9a74dfc032f6946fa9bca1a8c7af4188c2a937ce04831ace8bb12bf84bd9e32c rsyslog-elasticsearch-7.4.7-7.el7_0.x86_64.rpm 805fb5b2aebd9a88028e496d49695918b8f4b5dc6d07b23babb4619b1c09a8b0 rsyslog-gnutls-7.4.7-7.el7_0.x86_64.rpm ef6c468d97fd791b0313a0755f8403355c5437b89aacf2a23c3e8e71d64883e8 rsyslog-gssapi-7.4.7-7.el7_0.x86_64.rpm 3ea324bf1b7274030b08eaf298345e31f462879ee2379756a32f13f505a59c97 rsyslog-libdbi-7.4.7-7.el7_0.x86_64.rpm 45ddb5e5d772077101b12edaea5282a6d17bdfb2b2bfd62c2f404fcf0782cdcd rsyslog-mmaudit-7.4.7-7.el7_0.x86_64.rpm 207a69be5ab3237c5fe6eba4811b6cadf6d7cd3a91af02cac1f2153c66257c9c rsyslog-mmjsonparse-7.4.7-7.el7_0.x86_64.rpm dfcff07a291887e0666402cf33a76399270dcb8f9ea1fbbf752951425207ff20 rsyslog-mmnormalize-7.4.7-7.el7_0.x86_64.rpm eedb2881ec82be8560681310fc6a7d67b6bbd6556bf45bf3a58b53b38c681f77 rsyslog-mmsnmptrapd-7.4.7-7.el7_0.x86_64.rpm 6fabf1ceff6963dfc1fd0f9f379c25e33ca913776270e9cd067414ca92470738 rsyslog-mysql-7.4.7-7.el7_0.x86_64.rpm d1e5dceec4084daa457a39cd2e60526ae5be249b695344a21be7ed8dea0add65 rsyslog-pgsql-7.4.7-7.el7_0.x86_64.rpm 5732b9cd681a759410d93815d77c42f039bb087907be8164055a7d5680039966 rsyslog-relp-7.4.7-7.el7_0.x86_64.rpm 57411118ac2fa283b397c3be55d7f21a222292656f14d656271ceaeaee494d28 rsyslog-snmp-7.4.7-7.el7_0.x86_64.rpm 771e03bb4a37817aa4e417f47a689b0712c115b4263d7df1079dee3376080028 rsyslog-udpspoof-7.4.7-7.el7_0.x86_64.rpm Source: 250ed2cfdecd54d606fe2a8c9139c7e0f634bf4a6d3fc2f32b1a198191fe5573 rsyslog-7.4.7-7.el7_0.src.rpm
Red Hat Security Advisory 2014-1400-01
Red Hat Security Advisory 2014-1400-01 – Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.
Red Hat Security Advisory 2014-1399-01
Red Hat Security Advisory 2014-1399-01 – Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.
Red Hat Security Advisory 2014-1398-01
Red Hat Security Advisory 2014-1398-01 – Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.
Red Hat Security Advisory 2014-1397-01
Red Hat Security Advisory 2014-1397-01 – The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon.
CVE-2014-2023 – Tapatalk for vBulletin 4.x – multiple blind sql injection (pre-auth)
Posted by oststrom (public) on Oct 13
Hash: SHA1
*Preliminary VulnNote*
CVE-2014-2023 – Tapatalk for vbulletin 4.x – multiple blind sql injection
(pre-auth)
============================================================================
========
Overview
——–
date : 10/12/2014
cvss : 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) base
cwe : 89
vendor : Tapatalk Inc
product : Tapatalk for vBulletin 4.x
versions affected: latest (to…