Debian Linux Security Advisory 3297-1 - It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg options were enabled via the DPkg::Options::* apt configuration.
592353727e99b36bc11ff7fa2a1deaee71c2dfafbe59ccc20cf3e9636b24d375Ubuntu Security Notice 2657-1 - It was discovered that unattended-upgrades incorrectly performed authentication checks in certain configurations. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
86ccbecafb837e328f635d2fcc068c94f66e9a887e68593b313fb3216003929bRed Hat Security Advisory 2015-1196-01 - PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.
21a23422eed52f92a03a44240a2d21387667a2aa6bd115db53a8e66a0e93d216Red Hat Security Advisory 2015-1195-01 - PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.
326fda39561ebb2685611cba27081731faa2c3f742819f728c63a8c81c7bbbf8Red Hat Security Advisory 2015-1193-01 - Xerces-C is a validating XML parser written in a portable subset of C++. A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash. All xerces-c users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
f53c22d063cac6510e87555a911ccca5902d8eb1bbcfe85374a148575fb20968Red Hat Security Advisory 2015-1194-01 - PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.
7df1d0bc78fc8d84be2cbf7f54933f20a33ddbf05e07e10604dd63a337dfdb36The CollabNet Subversion Edge Management Frontend fails to implement any cross site request forgery protection. Fixed in version 5.0. Version 4.0.11 is affected.
51550678e302e308a0266d2824d45d664b115efd79d9d9699ff2ea9b8606149cThe management frontend does not require the old password for changing the password to a new one. An authenticated attacker may perform password setting attacks via XSRF without knowing the current password. An attacker that stole a Session ID (cookie) is able to gain persistent access by changing the password. Fixed in version 5.0. Version 4.0.11 is affected.
b01690bfbbc4be90118e3f7f950ff41e45b8a303eb3e13ca92e517d946087a0aThe CollabNet Subversion Edge Management stores passwords as unsalted MD5 hashes. Unsalted MD5 hashes can easily be cracked by brute forcing the password. Fixed in version 5.0. Version 4.0.11 is affected.
8cc3148316f4aa4c7d8a4758a7e89063b6e5b83abbe5c26a33241c18c888460cThe CollabNet Subversion Edge Management web application does not restrict users to be logged in only once and does not provide a configuration option to configure this feature for admins and/or user accounts. Fixed in version 5.0. Version 4.0.11 is affected.
136cd2ad53bd137bb66b883f29da54e22164f5784ffa08198eb81b5bca4a4facCourier mail server versions before 0.75 suffer from out of bounds read access and heap overflow vulnerabilities.
425cff4ddf61bbeaf9670a04c641dac78fd64b617955be6dc1d7dbc7d51f3a76The CollabNet Subversion Edge Management Frontend does not protect against brute forcing accounts. An attacker has infinite tries to guess a valid user password. Fixed in version 5.0. Version 4.0.11 is affected.
c4a5be8f15df488c6909bf4b2ac7dc41e0d49ed272885ca67e0b4f9bf8d4b650CollabNet Subversion Edge Management Frontend does not implement clickjacking protection. Fixed in version 5.0. Version 4.0.11 is affected.
c207b180dc94d5a50e20b860125c9f73e2c49f364c17a3013f7603f8c6f2d141The CollabNet Subversion Edge Management does not implement a strong passwordpolicy. Passwords like "aaaaa" are allowed as the only requirement is that the password is at least 5 characters long. Fixed in version 5.0. Version 4.0.11 is affected.
f122205e04ea0584d756f4c07ab8c745e0d178bd283e8cbc86963df7402628e9The CollabNet Subversion Edge management frontend login page password field has autocomplete enabled. This may allow an attacker to retrieve a stored password from the browsers key store. Fixed in version 5.0. Version 4.0.11 is affected.
020e15b4242216e2e5a8d794bda6b2c2bedd387d58410fbce5ecb455fa026919Microsec e-Szigno and Netlock Mokka computer applications suffer from a e-akta signature verification weakness. Microsec e-Szigno version older than 3.2.7.12 and Netlock Mokka versions older than 2.7.8.1204 are affected.
7c9175ecb67d017613e97ac84c7dc3741a8dc378d1f6b845cd5bdd140f7d842bSecure Remote Services (ESRS) Virtual Edition (VE) versions 3.02, 3.03, and 3.04 do not properly validate certificates. Malicious users could potentially exploit this vulnerability to spoof trusted entities by using man-in-the-middle attacks. Session cookie used by ESRS VE is generated using insufficient random values. Malicious users could potentially exploit this vulnerability to gain unauthorized access to authenticated ESRS interfaces.
b38444a20c64e620d0b349751fad79209790fecff7eef46ff991d95560c7f125Debian Linux Security Advisory 3296-1 - Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key.
4707bd24eba3fb745274e22475d0cd9ef7b5c266fc91bff5bcd81208fc794025HP Security Bulletin HPSBPI03360 2 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
0546341f2b42c53e897fdb598ca96db659cb38ad0fe2f87fc2fc3ac058009557HP Security Bulletin HPSBPI03107 1 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
1eaf6201cf39811c6307c3830ebe77600364691f38ef3a3e6739b079b37a8f34HP Security Bulletin HPSBGN03362 1 - A potential security vulnerability has been identified with HP Discovery and Dependency Mapping Inventory (DDMI). This is the TLS vulnerability in U.S. export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
0a328b352df12a13de155069805b9c3849fd9539fffe07ce0faac4caa906a9cfHP Security Bulletin HPSBMU03267 3 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.
7ff5a108a31a43337d5de95d2e79246d6a7bcf81a0b5f4f464ee9d4de1c45e58HP Security Bulletin HPSBUX03359 1 - A potential security vulnerability has been identified with the HP-UX pppoec utility. The vulnerability could be exploited in allowing a local user to elevate their privilege. Revision 1 of this advisory.
3bac40e3ac6cc630596a3687c3baac11a6f456c40c1edb26a503bcf36d021878HP Security Bulletin HPSBGN03351 1 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL. This is the TLS vulnerability known as "Logjam", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
46ca0e4ca7326b1e4d61eab6973ba780752a3ad6ca99d1c36f9123c65ac14560EMC Unisphere for VMAX version 8.0.3.4 contains a fix for a remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 8.0.0, 8.0.1, and 8.0.2 are affected.
dd26bb1f3f1a79a0085a4c0fc0d186a5ec9968c910963ab1d6a7e4b98b20715e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed