Red Hat Security Advisory 2015-0857-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
c54689f6ad7f395023088b0e36606b64d46cbcc83638c2801b0f61ddd5f0c4f5
Laravel Framework versions since 4.1 suffer from a PHP objection injection vulnerability when encryption is turned off.
77f22e2a8757288c75c6f2b204358f81cc4f63d582e81dad74eced0ce382209a
Red Hat Security Advisory 2015-0856-01 - PostgreSQL is an advanced object-relational database management system. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed. A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL.
3d9bd9b652b5dd4ebbb712cc6ff829b52fc7c6607babb3a559a3c929cbd8f5dd
Debian Linux Security Advisory 3230-1 - James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didn't disable the ..raw directive, allowing remote attackers to include arbitrary files.
3270e5081886088b7ed8f4115a4706ecb72ef1ab0109663405f9e4dee0cff5b9
Debian Linux Security Advisory 3229-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.
61a31d80e9d7fc0245a18112cf1972442899d6b29454ef63f49e26c112dea75a
Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a sign extension error in ibpsd2.dll when processing PSD files, which can be exploited to cause a heap-based buffer overflow. Successful exploitation of the vulnerability may allow execution of arbitrary code. Oracle Outside In versions 8.4.1, 8.5.0, and 8.5.1 are affected.
881fefe28d05888ab8bb824adc584939c717d9e3fd0ffb3517681895051b5cb4
Gentoo Linux Security Advisory 201504-7 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.457 are affected.
b4d1f33ae090d323723fea5ea3b1e7183793f2901305dbd8d27932e24e8dda88
Gentoo Linux Security Advisory 201504-6 - Multiple vulnerabilities have been found in X.Org X Server, allowing attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.12.4-r4 are affected.
02bfcf82733cc51a9e7242f086fd8e7f523654b1b9c474a9238aec3001352a0f
Red Hat Security Advisory 2015-0854-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
63fb2eee82ffd6233a18a0a0dd56ff5da078eb57b76a6fbf6d67f5269c0b212c
The doSendObjectInfo() method of the MtpServer class implemented in frameworks/av/media/mtp/MtpServer.cpp on Android 4.4 does not validate the name parameter of the incoming MTP packet, leading to a path traversal vulnerability.
9645f86fa24dbcf40e5f7dd36ca986ccbcd0f124fb94b860bde8a37c6cb42100
Many 112 ipTIME routers / modems / firewalls suffer from a remote root code execution vulnerability.
fc4b268b4814bbad49e3581dca82b41858ee28e67ff5515ee4dee66d9f8e5093
A use after free vulnerability was discovered within the header parser of the Open Litespeed web server. This vulnerability can be successfully exploited to trigger an out of bounds memory read, resulting in a segmentation fault crashing the web server. Versions 1.3.9 and below are affected.
ba696755f82d0a6c51a8e925464c14c179ecc0f068dad4c1169fb09cd1f7d894
Debian Linux Security Advisory 3228-1 - Emanuele Rocca discovered that ppp, a daemon implementing the Point-to-Point Protocol, was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.
3f427866f2b4b74ed9acc0505e613edb072544d44f385fda7f4ca19cbee3d17e
HP Security Bulletin HPSBMU03264 1 - Potential security vulnerabilities have been identified with HP Network Automation. These include Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), clickjacking and other vulnerabilities which can be used to create remote exploits. Revision 1 of this advisory.
3d2da90d680875607928f6400e98f2c7c082681f345808b204ca5066ab522722
Red Hat Security Advisory 2015-0844-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. It was discovered that the OpenStack Compute console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.
151e0f877c537ca169273ce95093ea6b8d6d0261d15f86f70fa508944ce15b73
Red Hat Security Advisory 2015-0841-01 - The Red Hat Support plug-in for Red Hat OpenStack is a Technology Preview feature which offers seamless integrated access to Red Hat subscription services from the Red Hat OpenStack administration portal. The plug-in provides automated functionality that enables quicker help, answers, and proactive services. It offers easy and instant access to Red Hat exclusive knowledge, resources, engagement, and diagnostic features. It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server.
a25ce60fbc1e5270012c54c9b2f809c91915f13b562c47e10cc6a956a8b3e614
Red Hat Security Advisory 2015-0838-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A storage quota bypass flaw was found in OpenStack Image. If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service.
ab762a171dbd37a18044a58c9f42a856b163bfd04f4309116ecc2defce0a2e91
Red Hat Security Advisory 2015-0840-01 - The Red Hat Support plug-in for Red Hat OpenStack is a Technology Preview feature which offers seamless integrated access to Red Hat subscription services from the Red Hat OpenStack administration portal. The plug-in provides automated functionality that enables quicker help, answers, and proactive services. It offers easy and instant access to Red Hat exclusive knowledge, resources, engagement, and diagnostic features. It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server.
b1d68aaef80aeb02daac54d15c3df339026c7c2140cce6a5224795abd26f2cf9
Red Hat Security Advisory 2015-0843-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. It was discovered that the OpenStack Compute console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.
f2b184d98b9de9d4e2a7dc8a1db6b1770436a3e1e82ce7a8b3d69c7b38659ce5
Red Hat Security Advisory 2015-0845-01 - OpenStack Dashboard provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A denial of service flaw was found in the OpenStack Dashboard when using the db or memcached session engine. An attacker could make repeated requests to the login page, which would result in a large number of unwanted backend session entries, possibly leading to a denial of service.
30a4c4d985b5b54b8d412d63d8b97a60009d8ca15c084352ac502411675ccdc1
Red Hat Security Advisory 2015-0837-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A storage quota bypass flaw was found in OpenStack Image. If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service.
39c59fd933042cf7eb4339004da2bcb47b20ff7d345d6bab73562d0643d3c3b9
Red Hat Security Advisory 2015-0839-01 - OpenStack Dashboard provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A denial of service flaw was found in the OpenStack Dashboard when using the db or memcached session engine. An attacker could make repeated requests to the login page, which would result in a large number of unwanted backend session entries, possibly leading to a denial of service.
071e89abeea4e32a552176b1335794caf73208c69831ee258b4e0fe2f68b7fc7
Red Hat Security Advisory 2015-0833-01 - The novnc package provides a VNC client that uses HTML5 and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. All novnc users are advised to upgrade to this updated package, which corrects this issue.
6d30c80129f8a6c1a7cefed0426c7604ab809f48a22e682319e62fc6c18ebe2f
Red Hat Security Advisory 2015-0836-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in the metadata constraints in OpenStack Object Storage. By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration.
b77fd20861995bfda334b9ffbfe7e1cb064b7648fbf5798845c00561bbcb1191
Red Hat Security Advisory 2015-0835-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in the metadata constraints in OpenStack Object Storage. By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration.
3a6180ccf7be16f2cf337e2015cc2ba9095c2a4130f7d49215412e20a6d43efb