Updated [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users

2014-01-13 Thread David Nalley
Issued: January 9, 2014 Updated: January 10, 2014 [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users Product: Apache CloudStack Vendor: Apache Software Foundation Vulnerability type: Information Disclosure Vulnerable Versions: Apache CloudStack 4.2.0 CVE References:

Updated [CVE-2013-6398] CloudStack Virtual Router stop/start modifies firewall rules allowing additional access

2014-01-13 Thread David Nalley
Issued: November 27, 2013 Updated: January 10, 2014 [CVE-2013-6398] CloudStack Virtual Router stop/start modifies firewall rules allowing additional access Product: Apache CloudStack Vendor: Apache Software Foundation Vulnerability type: Bypass Vulnerable Versions: Apache CloudStack 4.1.0,

[SECURITY] [DSA 2840-1] srtp security update

2014-01-13 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2840-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2014

[CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow

2014-01-13 Thread Pedro Ribeiro
Hi, I have discovered a buffer overflow vulnerability that allows remote code execution in an ActiveX control bundled by a manufacturer of video surveillance systems. The company is Lorex Technologies, a major video surveillance manufacturer that is very popular in the US and East Asia. Their

Cisco Security Advisory: Undocumented Test Interface in Cisco Small Business Devices

2014-01-13 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Undocumented Test Interface in Cisco Small Business Devices Advisory ID: cisco-sa-20140110-sbd Revision 1.0 For Public Release 2014 January 10 16:00 UTC (GMT) +- Summary

[SECURITY] [DSA 2841-1] movabletype-opensource security update

2014-01-13 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2841-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff January 11, 2014

CISTI'2014: List of Workshops

2014-01-13 Thread ML
** WORKSHOPS *** CISTI'2014 - 9th Iberian Conference on Information Systems and Technologies Barcelona, Spain, June 18 - 21, 2014

NETGEAR WNR1000v3 Password Recovery Vulnerability

2014-01-13 Thread c1ph04mail
Description: Newer firmware versions of the NETGEAR N150 WNR1000v3 wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability allows an attacker to recover the router's (plaintext) Administrator credentials and subsequently gain full access to the device.

[ MDVSA-2014:001 ] kernel

2014-01-13 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:001 http://www.mandriva.com/en/support/security/

[SECURITY] [DSA 2842-1] libspring-java security update

2014-01-13 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2842-1 secur...@debian.org http://www.debian.org/security/ Markus Koschany January 13, 2014