The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
9d28afe3daa926c2a9ff32dc0be08f163b7f34e4e456f2263ae9b01c88244ebfVMware Security Advisory 2015-0003 - VMware product updates address critical information disclosure issue in JRE.
d2cac7510a812a9e5ad6ab1a17ebdd42a6cf219288ba22d4633ff0e2ce1f85e4Mandriva Linux Security Advisory 2015-188 - Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted.flac file. Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted.flac file. The updated packages provides a solution for these security issues.
05dfc86eaebf1ee000b74ab6147e7badb5c9d055f0731dc16979b307c384bac9Mandriva Linux Security Advisory 2015-187 - Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. Additionally the gtkglarea2 and gtkglext packages were missing and was required for graphviz to build, these packages are also being provided with this advisory.
94dd81e7f7093f530045667750dd5276b5b1945c8f0a3623466b7d64491119dcRed Hat Security Advisory 2015-0776-01 - Docker is a service providing container management on Linux. It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle attacker to obtain authentication and image data from traffic sent from a client to the registry.
b89975366ee6328c10cdb0972ba6d35579d720825039dd0de3a5990c71892d7aUbuntu Security Notice 2552-1 - Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to bypass same-origin policy restrictions. Christoph Kerschbaumer discovered that CORS requests from navigator.sendBeacon() followed 30x redirections after preflight. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. Various other issues were also addressed.
0972d9db16ebd8233794cbdb7b056a8d143dae4f82bcece8ef3a4178d91425feHP Security Bulletin HPSBGN03302 1 - A potential security vulnerability has been identified with HP IceWall Federation Agent. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.
0c598bb274eeeb91e08f4bc2f5e99d94c5348bad37c8dd43877df30730c3be7cMandriva Linux Security Advisory 2015-161 - The Regular Expressions package in International Components for Unicode 52 before SVN revision 292944 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a zero-length quantifier or look-behind expression. The collator implementation in i18n/ucol.cpp in International Components for Unicode 52 through SVN revision 293126 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
49d3630130b46ac02279d010879b18cd3f011430b7437293db81abac638f510bMandriva Linux Security Advisory 2015-191 - Multiple vulnerabilities has been discovered and corrected in owncloud. The updated packages have been upgraded to the 7.0.5 version where these security flaws has been fixed.
f8a5e1a519b807d253347846f6363fdb094ab379701f13b264d2eead2d04dfb8Mandriva Linux Security Advisory 2015-190 - Multiple vulnerabilities have been discovered and corrected in owncloud. The updated packages have been upgraded to the 5.0.19 version where these security flaws has been fixed.
6fd377dd29bbd30e66c0b3e1c809d20c1adae98eff802df38dd47ec10d0d5bf9Mandriva Linux Security Advisory 2015-189 - The tor package has been updated to version 0.2.4.26, which fixes possible crashes that may be remotely trigger-able, which would result in a denial of service, and also fixes a few other bugs.
52fcf4a98c1b933ea290eafeed607d159859972abb36cc0457aaadee25ad465eThis Metasploit module exploits the fact that Ceragon ships a public/private key pair on FibeAir IP-10 devices that allows passwordless authentication to any other IP-10 device. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "mateidu" user.
3ffda87a127eecead37db406771d24d73a3f8fb62c5608cc9113f96992bf3bc3Ceragon FibeAir IP-10 suffers from an SSH private key exposure vulnerability.
768dfecfdbbc1cece9dc248bd3f46e0b6f857da272a00ca6029519bf8127e833Ubuntu Security Notice 2553-2 - USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. Various other issues were also addressed.
0dd5a8710212488bbb9a34fdc96f600275ee2a21f853b93728fe6796576c12d8HP Security Bulletin HPSBST03298 2 - Potential security vulnerabilities have been identified with HP XP Service Processor Software for Windows. These vulnerabilities could be exploited resulting in a variety of outcomes. Revision 2 of this advisory.
f0f3786a55de206b56270c456c7cdcfebdc8d31964d99837b2cb4da7bf277d1cHP Security Bulletin HPSBGN03307 1 - A potential security vulnerability has been identified with HP Intelligent Provisioning that could result in disclosure of information. Revision 1 of this advisory.
5bf0e8a49bde0dce4b3114a3bb06d78f25aa7d84f9c87f320905f0548e1d6360HP Security Bulletin HPSBMU03304 1 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) which are components of HP Insight Control server deployment. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE". The components of HP Insight Control server deployment could be exploited remotely to allow disclosure of information. HP Insight Control server deployment includes HP System Management Homepage (SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following jobs. This bulletin provides the information needed to update the vulnerable components in HP Insight Control server deployment. Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware. Revision 1 of this advisory.
23cb06e0b40a2e6e6cbc8eac69a2687e1b1ecb149c980483c62275e613a41badDebian Linux Security Advisory 3211-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, denial of service or cross-site request forgery.
cff8accf61876aa8543a109416292a9637285376e9eb63bff416160be4708f1fCisco Security Advisory - Cisco Prime Data Center Network Manager (DCNM) contains a file information disclosure vulnerability that could allow an unauthenticated, remote attacker to retrieve arbitrary files from the underlying operating system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
83618c13bb9c82b0d8dc57916e8cbbc985903295c2e90032fb538494d5b5935fCisco Security Advisory - Cisco Unity Connection contains multiple vulnerabilities, when it is configured with Session Initiation Protocol (SIP) trunk integration. The vulnerabilities described in this advisory are denial of service vulnerabilities impacting the availability of Cisco Unity Connection for processing SIP messages. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.
6dcb79fdd0631fbc29ca28fecbabd60167c8419c12237fa33e25b626b78482bcSamba and OpenLDAP Jitterbug instances suffered from a cross site scripting vulnerability.
4b67442c2d4607cdb7bef4db6decebca7bad32c636e64c6031a791331f5c7bfephpList version 3.0.10 suffers from an insecure direct object reference vulnerability.
7772546874c47e1bdb59fee8bab9483dadffb2743ee5e098654b4bc1dc80ac46
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed