I. ADVISORY
CVE-2014-3427 CRLF Injection in Yealink VoIP Phones
CVE-2014-3428 XSS vulnerabilities in Yealink VoIP Phones
Date published: 06/12/2014
Vendor Contacted: 05/08/2014
II. BACKGROUND
Yealink is a manufacturer of VoIP and Video products. To
minimize noise read more at:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] mozilla-thunderbird (SSA:2014-163-01)
New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2957-1 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
June 12, 2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2958-1 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
June 12, 2014
Asterisk Project Security Advisory - AST-2014-005
ProductAsterisk
SummaryRemote Crash in PJSIP Channel Driver's
Publish/Subscribe Framework
Asterisk Project Security Advisory - AST-2014-007
Product Asterisk
Summary Exhaustion of Allowed Concurrent HTTP Connections
Nature of Advisory Denial Of Service
Asterisk Project Security Advisory - AST-2014-008
ProductAsterisk
SummaryDenial of Service in PJSIP Channel Driver
Subscriptions
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04263038
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04263038
Version: 4
HPSBST03016
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
CVE-2014-0228: Apache Hive Authorization vulnerability
Severity: Moderate
Vendor: The Apache Software Foundation
Versions affected: Apache Hive 0.13.0
Users affected: Users who have enabled SQL standards based authorization mode.
Description:
Asterisk Project Security Advisory - AST-2014-006
Product Asterisk
Summary Asterisk Manager User Unauthorized Shell Access
Nature of Advisory Permission Escalation
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04336637
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04336637
Version: 1
HPSBUX03046
CVE-2013-2251: Apache Continuum affected by Remote Command Execution
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Continuum 1.3.1 to Continuum 1.4.1
Description:
Apache Continuum is affected by a vulnerability in the version of the Struts
library being used,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:124
http://www.mandriva.com/en/support/security/
13 matches
Mail list logo