Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
b3dd02a5dcd2ffe14d9a37956f92779d4427edf7905c0bba9b1e3901b9c5a83b
EMC Avamar server contains a vulnerability that may allow remote Avamar client user to retrieve sensitive account credentials from affected Avamar server using Java API calls. No authentication to Avamar server is required for this potential attack. Exposed information includes MCUser and GSAN account passwords of all grid systems that are being monitored in EMC Avamar Enterprise Manager. EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x up to and including 7.0.2-43 are affected.
24d8d814ea8b6331d98ee101748e0eb8f4305b743a3d2fab02a2af437b2537cb
EMC ADS/AVE Password hardening package uses the DES-based traditional Unix crypt scheme that may be susceptible to brute force and dictionary attacks if the hashes are obtained by an adversary. The hardening package is an optional package and installed separately. Affected includes EMC Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE) running Avamar 6.0.x, 6.1.x, and 7.0.x running with optional Password hardening package earlier than version 2.0.0.4.
7050f48ab77ce658a8e7df1088c51dae344960d6024f8242dfab187ac1a9293e
A vulnerability exists in the EMC NetWorker Module for MEDITECH when used with EMC RecoverPoint that could potentially allow exposure of sensitive information. EMC NetWorker Module for MEDITECH (NMMEDI) version 3.0 builds 87-90 are affected.
5f4139262a1a31b0adcc4f93e8715e05c783ad6848d8f28ed67463fb2709f1c6
Apple Security Advisory 2014-10-22-1 - QuickTime 7.7.6 is now available and addresses memory corruption and buffer overflow vulnerabilities.
96b113d74efb9d4b578a222d5eecf43dc007cc8c5a2d45ae9a1ba20221ceafe3
Mandriva Linux Security Advisory 2014-203 - OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE. When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. The updated packages have been upgraded to the 1.0.0o version where these security flaws has been fixed.
462c872ebcc385be756aa0fb753b94bba6e8c81eea179a7094bc9780baab1264
Mandriva Linux Security Advisory 2014-204 - A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. The updated packages have been patched to correct this issue.
803875a2dbb9ccffd654dd8a2dde7e9896cb99ff61f57498fb11b72d2d2e4b95
Mandriva Linux Security Advisory 2014-202 - A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially-crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code. The updated php packages have been upgraded to the 5.5.18 version resolve this security flaw. Additionally, php-apc has been rebuilt against the updated php packages.
ad8e8a85ad33b1705481a4a7f816f764d9448250adbf844914a52d7f501c0bc7
Mandriva Linux Security Advisory 2014-209 - Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk. The updated packages provides a solution for these security issues.
89ada4715362388984529bf817915d8424e6bd940d71e8b056eab22a0cbab21b
Mandriva Linux Security Advisory 2014-208 - In phpMyAdmin before 4.2.10.1, with a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries.
23e7d6010b099d082d9b1d47def0ba31868335be610260380734d7d8e1f491eb
Mandriva Linux Security Advisory 2014-207 - A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttls_required is set.
a317ee00d1c5ead5d69019056469278a1ae8d6971022cc4d4682619b8b130715
Mandriva Linux Security Advisory 2014-206 - A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop.
e6b081cb5525d17c9aa1921e7e54dd56beafed6968ce2d0a7ab0e14dd373d1b5
Mandriva Linux Security Advisory 2014-205 - A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.
41c0ce842fa436a99105fa93c7f6ee89798757ba9363750bbb92eb41d89a0574
Slackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.
f465530a54da7d5a528f544b46d30ac71a8e33c13da9a2e12a12020d9888fad7
Slackware Security Advisory - New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
5cbe6f4c509145ab2cca11c0b6d42108ea1c7b3a6b2eb3f143083978c7b37df2
Debian Linux Security Advisory 3055-1 - Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client.
71a6874b3dc2259d8c5a453197bf19480a1798e328e3a60d8282fef8ae738580
MyBB MyBBlog plugin version 1.0 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
1578e5289a6b5a76e304563e9345edf564380d58be23670d28152abc4de59330