RSA OneStep is potentially affected by a path traversal vulnerability. Attackers could potentially exploit this vulnerability to access unauthorized information by supplying specially crafted strings in input parameters of the application. Versions 6.9 prior to build 559 are affected.
d03b4b51818c3702e50eb4646e8c602ca6e5e245e452febf9a09050e7347f504
FreeBSD Security Advisory - In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon. A remote attacker who can send specifically crafted packets to the rpcbind(8) daemon can cause it to crash, resulting in a denial of service condition.
3878ab5590562a5fd5ca50aa28fff88a0aafae68e4b7788d01ccb77fe3e7103d
RSA Web Threat Detection versions prior to 5.1 SP1 suffer from information disclosure and privilege escalation vulnerabilities.
2024bffad25c1834ef402bcbdfd21f38a0a47c4ad346146576728f0000db62fc
Red Hat Security Advisory 2015-1841-01 - Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to bypass cross origin restrictions, and access or modify data from an unrelated web site. All Chromium users should upgrade to these updated packages, which contain Chromium version 45.0.2454.101, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
456b42479e1bee74eee40f4fe565aa49f0e5a59ac2e3de9a9a161243c0c64bbe
Red Hat Security Advisory 2015-1840-01 - OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way the OpenLDAP server daemon parsed certain Basic Encoding Rules data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
2b8db859613f053e6c09246eb10db2943893cddb4c9cda9cb50ffde1360f2a63
Ubuntu Security Notice 2752-1 - Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
43c8af60617a3cb82c13b8eea007dc203afb51c8b9ee1c3bc727f761b34d969c
Ubuntu Security Notice 2751-1 - Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
405924714667abca6dd52a948eb668373582fe5cba40c4a1e880bf55c253e392
Ubuntu Security Notice 2749-1 - Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
1ad33970177e89c201e06657bf2522131da69327d6e514c9f7cc7029cbe0d992
Ubuntu Security Notice 2750-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges.
84ba5906bcfde9a5c24394d70086061660eaebde607ead784b3440ce4c078184
Ubuntu Security Notice 2753-1 - Roman Fiedler discovered a directory traversal flaw in lxc-start. A local attacker with access to an LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container.
bf728d8d9557ae32a0f457e004e3e1252ff88f1b5ac7dfef985bd1728212d762
The JSON parser in freeswitch versions prior to 1.6.2 and 1.4.23 suffer from a heap overflow vulnerability.
de3aaff5638707412bde78c6ccb88f499aec5c4ddc637410c1b6a1234caa7426
Onapsis Security Advisory - SAP HANA suffers from a Drop Credentials remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify system settings and delete credentials which could affect other users in the HANA system, engaging into a DoS attack.
d444a5ba1af38fd63f1e5f5e68d842b9592909177de11dc45575d4678f9cd8c4
Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in getSqlTraceConfiguration function. By exploiting this vulnerability an attacker could read sensitive business information stored in the HANA system and change configuration parameters which could render the system unavailable for other users.
eb43d022e8fddd6eecbc5626bd6c632f0e9e075f3e94ea6552a956f95eaf9793
Onapsis Security Advisory - SAP HANA suffers from a cross site scripting vulnerability during user creation. By exploiting this vulnerability a remote authenticated attacker would be able to attack other users connected to the HANA system.
093745f32867efd7e25fa4d1c9f8e459a0b267da21290b330cd5539db3fe4689
Onapsis Security Advisory - SAP HANA role deletion through web-based development workbench suffers from a cross site scripting vulnerability.
6755cf7f8153415edfc191048e8bdf9b8ee3cf270ab9a887093629b129a6311c
Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the trace configuration. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users.
28e3ad290a4fc8f5f373142a21e20d0d46d3545bc5d3b66532fee4c38b603644
Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the setTraceLevelsForXsApps function. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users, who won't be able to perform their assigned business operations.
7869861a8cf7d5ac351d96a4bde8a820fc9cf69a49a6804cb69e0ab966bc97ce
Onapsis Security Advisory - SAP HANA suffers from an XSJS code injection vulnerability in test-net.xsjs. By exploiting this vulnerability a remote authenticated attacker would be able to partially compromise the SAP system as well as all the information processed and stored in the HANA system.
536c2f5bd066d0dd00d1598734d6f710d8be3e982bbd78bef9d75361bc5754eb
Onapsis Security Advisory - The SAP HANA _newUser function suffers from a remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.
f3b215fc645ed5adb73a39c5c8db51b7f63d88844aaeb6ee126baf1e0fc6ffda
Onapsis Security Advisory - The SAP HANA _modifyUser function suffers from a remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.
2bf8dc1f0018c72dd7928ea2e39a57b4c7a243e7a5cde3f12425bfe6876cac15
Onapsis Security Advisory - SAP HANA hdbsql suffers from multiple memory corruption vulnerabilities. By exploiting this vulnerability an attacker could abuse of management interfaces to execute commands on the HANA system and ultimately compromise all the information stored and processed by the system.
368ce04e67548cdb573e6df82ff6477de56a2a3d247070855e42496c9c199e7f
Ubuntu Security Notice 2748-1 - Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
a2cb0cdd12c4fea85e65438f7d13ed3b0ec3c4d26d9c533db9f1fef52292c368
WordPress Appointment Booking Calendar plugin 1.1.7 suffers from a remote SQL injection vulnerability.
a8b494d46b400d0eafca66c2e737a247a4a6f7318c9de23378bb5eb9311bfbd2
Ubuntu Security Notice 2747-1 - Dario Weisser discovered that the NVIDIA graphics drivers incorrectly handled certain IOCTL writes. A local attacker could use this issue to possibly gain root privileges.
93ae91f31f2689b548949ab00e6bc3a4f6a00e3221eb6c715a036784028c2edf
Open Source Point of Sale version 2.3.1 suffers from a persistent cross site scripting vulnerability.
f1671bce7a9da376f8b83740a41aa9d21414efb032bfcb02310d72edd617c40b