|
|
Colapse all |
Post message
CVE-2014-2383 - Arbitrary file read in dompdf 2014-04-23 Portcullis Advisories (advisories portcullis-security com) CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive 2014-04-23 Portcullis Advisories (advisories portcullis-security com) Vulnerability title: Unauthenticated access to sensitive information and functionality in Livetecs Timelive CVE: CVE-2014-1217 Vendor: Livetecs Product: Timelive Affected version: 6.2.71 Fixed version: 6.2.8 Reported by: Richard Hatch Details: It was possible to access a URL that allowed unauthenti [ more ] [ reply ] SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances 2014-04-23 SEC Consult Vulnerability Lab (research sec-consult com) [SECURITY] [DSA 2808-2] openjpeg regression update 2014-04-22 Raphael Geissert (geissert debian org) [security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information 2014-04-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04260385 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04260385 Version: 1 HPSBMU03013 re [ more ] [ reply ] [security bulletin] HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information 2014-04-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04261644 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04261644 Version: 1 HPSBST03015 re [ more ] [ reply ] APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 2014-04-22 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An a [ more ] [ reply ] [security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information 2014-04-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04260637 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04260637 Version: 1 HPSBST03000 re [ more ] [ reply ] APPLE-SA-2014-04-22-2 iOS 7.1.1 2014-04-22 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network pos [ more ] [ reply ] APPLE-SA-2014-04-22-3 Apple TV 6.1.1 2014-04-22 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple TV 6.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker in a privileged network position can obtain web site credentials Descript [ more ] [ reply ] APPLE-SA-2014-04-22-1 Security Update 2014-002 2014-04-22 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-1 Security Update 2014-002 Security Update 2014-002 is now available and addresses the following: CFNetwork HTTPProtocol Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9. [ more ] [ reply ] [security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information 2014-04-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04260505 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04260505 Version: 1 HPSBMU03018 r [ more ] [ reply ] [security bulletin] HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information 2014-04-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04260456 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04260456 Version: 1 HPSBMU03017 r [ more ] [ reply ] [security bulletin] HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running OpenSSL, Remote Disclosure of Information 2014-04-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04260353 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04260353 Version: 1 HPSBMU03019 r [ more ] [ reply ] [slackware-security] php (SSA:2014-111-02) 2014-04-21 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2014-111-02) New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4. [ more ] [ reply ] [slackware-security] libyaml (SSA:2014-111-01) 2014-04-21 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libyaml (SSA:2014-111-01) New libyaml packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patc [ more ] [ reply ] [SECURITY] [DSA 2901-3] wordpress regression update 2014-04-21 Salvatore Bonaccorso (carnil debian org) Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl 2014-04-19 craig arendt stratumsecurity com Product description: ============ MODX (originally MODx) is a free, open source content management system and web application framework for publishing content on the world wide web and intranets. ============ MODX Revolution Blind SQL Injection (CVE-2014-2736) ============ The application is vulne [ more ] [ reply ] Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2 2014-04-19 craig arendt stratumsecurity com Product description: ============ KnowledgeTree is document management system that makes it easy to secure, share, track and manage the documents and records. ============ KnowledgeTree Blind SQL Injection (CVE-2014-2737) ============ The application is vulnerable to blind SQL injection which is e [ more ] [ reply ] [security bulletin] HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information 2014-04-19 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04236062 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236062 Version: 2 HPSBMU02994 re [ more ] [ reply ] [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability 2014-04-19 Brett Porter (brett apache org) CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Archiva 1.3 to Continuum 1.3.6 - The unsupported versions Archiva 1.2 to 1.2.2 are also affected. Description: A request that included a specially craf [ more ] [ reply ] [security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL, Remote Disclosure of Information 2014-04-18 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04255796 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04255796 Version: 1 HPSBMU03012 re [ more ] [ reply ] [security bulletin] HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure 2014-04-18 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04236102 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236102 Version: 4 HPSBMU02995 re [ more ] [ reply ] [SECURITY] [DSA 2910-1] qemu-kvm security update 2014-04-18 Salvatore Bonaccorso (carnil debian org) [SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution 2014-04-19 Brett Porter (brett apache org) CVE-2013-2251: Apache Archiva Remote Command Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Archiva 1.3 to Continuum 1.3.6 - The unsupported versions Archiva 1.2 to 1.2.2 are also affected. Description: Apache Archiva is affected by a vulnerability in t [ more ] [ reply ] Remote Command Injection in Ruby Gem sfpagent 0.4.14 2014-04-18 Larry W. Cashdollar (larry0 me com) Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14 Date: 4/15/2014 Author: Larry W. Cashdollar, @_larry0 CVE: 2014-2888 Download: http://rubygems.org/gems/sfpagent Vulnerability The list variable generated from the user supplied JSON[body] input is passed directly to the system() shell [ more ] [ reply ] |
|
Privacy Statement |
CVE: CVE-2014-2383
Vendor: dompdf
Product: dompdf
Affected version: v0.6.0
Fixed version: v0.6.1 (partial fix)
Reported by: Alejo Murillo Moyas
Details:
An arbitrary file read vulnerability is present on dompdf.php file that
allows remote or local
[ more ] [ reply ]