[CERT-daily] Tageszusammenfassung - Dienstag 23-07-2013

Daily end-of-shift report team at cert.at
Tue Jul 23 18:17:56 CEST 2013 

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 22-07-2013 18:00 − Dienstag 23-07-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** QEMU Guest Agent Unquoted Search Path Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
A vulnerability was reported in QEMU. A local user on the guest operating system can obtain elevated privileges on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1028814




*** libvirt qemuAgentGetVCPUs() function privilege escalation ***
---------------------------------------------
libvirt could allow a local attacker to gain elevated privileges on the system, caused by a double-free error within the qemuAgentGetVCPUs() function in qemu/qemu_agent.c file . An attacker could exploit this vulnerability to gain elevated privileges on the system.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85890




*** Cisco Aironet Memory Corruption Error Lets Remote Users Deny Service ***
---------------------------------------------
A vulnerability was reported in Cisco Aironet. A remote user can cause denial of service conditions.
---------------------------------------------
http://www.securitytracker.com/id/1028818




*** Cisco Unified Operations Manager Input Validation Flaw Permits Cross-Site Scripting Attacks ***
---------------------------------------------
A vulnerability was reported in Cisco Unified Operations Manager. A remote user can conduct cross-site scripting attacks.
---------------------------------------------
http://www.securitytracker.com/id/1028819




*** Hoster OVH gehackt: "Wir waren nicht paranoid genug" ***
---------------------------------------------
Die französische Hosting-Firma OVH hat einen Angriff auf ihre internen Systeme registriert. Kunden werden dazu aufgerufen ihre Passwörter zu ändern. Es könnten über 400.000 Personen betroffen sein.
---------------------------------------------
http://www.heise.de/security/meldung/Hoster-OVH-gehackt-Wir-waren-nicht-paranoid-genug-1921721.html




*** Symantec Encryption Management Server Email Attachments Script Insertion Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Symantec Encryption Management Server, which can be exploited by malicious users to conduct script insertion attacks.
---------------------------------------------
https://secunia.com/advisories/54214




*** [remote] - Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection ***
---------------------------------------------
This module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
---------------------------------------------
http://www.exploit-db.com/exploits/27045

More information about the Daily mailing list