Category Archives: Security

Security

Fedora

Fedora 19 Security Update: facter-1.6.18-5.fc19

Resolved Bugs
1101346 – CVE-2014-3248 puppet: Ruby modules could be loaded from the current working directory
1107891 – CVE-2014-3248 facter: puppet: Ruby modules could be loaded from the current working directory [fedora-19]<br
Patch facter 1.6 series for Bug 1107891 – CVE-2014-3248
See http://puppetlabs.com/security/cve/cve-2014-3248 for more
information from upstream.

Full Disclosure

CSP Bypass on Android prior to 4.4

Posted by E Boogie on Oct 12

I’ve found a Content Security Policy bypass similar and related to the
same origin policy bypass in CVE-2014-6041.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6041

I’ve tested this on an Android 4.3 tablet running a bunch of different
browsers, including Inbrowser, Firefox, and the default Android
browser on an emulator for Android 4.3.1.

HTML PoC:

<input type=button value=”test” onclick=”…

NVD

CVE-2014-5328

Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API service request message.

NVD

CVE-2014-5327

Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI.

Apple

APPLE-SA-2013-11-14-1 iOS 7.0.4

From: Apple Product Security
Reply to list


APPLE-SA-2013-11-14-1 iOS 7.0.4

iOS 7.0.4 is now available and addresses the following:

App Store
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  App and In-App purchases may be completed with insufficient
authorization [...]