Debian Linux Security Advisory 3530-1 - Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.
77795095ecabfbe0b7faeebcf56310cbe664e59cc59399f4ca8042fe47af5751When attempting to upload a file via the API using the importFileByInternalUserId or importFile methods in the FileService, it is possible to read arbitrary files from the system. This is due to that Java's URL class is used without checking what protocol handler is specified in the API call. Apache OpenMeetings versions 1.9.x through 3.0.7 are affected.
c8dd487b97e1b03e9a3818c01b947705ae5bdeec150494b208e77bfa5c1dd41fWhen creating an event, it is possible to create clickable URL links in the event description. These links will be present inside the event details once a participant enters the room via the event. It is possible to create a link like "javascript:alert('xss')", which will execute once the link is clicked. As the link is placed within an <a> tag, the actual link is not visible to the end user which makes it hard to tell if the link is legit or not. Apache OpenMeetings versions 1.9.x through 3.0.7 are affected.
ae142c09b3506f6a2df2eff1b29727a0f7f4ac41ab39eacb5ce1d1505fe8e1a3The hash generated by the external password reset function is generated by concatenating the user name and the current system time, and then hashing it using MD5. This is highly predictable and can be cracked in seconds by an attacker with knowledge of the user name of an OpenMeetings user. Apache OpenMeetings versions 1.9.x through 3.1.0 are affected.
e8013d35e67485ede2f2a96963a7acebaa5a2d152f1ac777a282f195dd67f09bHP Security Bulletin HPSBGN03563 1 - Security vulnerabilities in the OpenSSL library could potentially impact HPE IceWall products resulting in local or remote Denial of Service (DoS) and local disclosure of sensitive information. Revision 1 of this advisory.
57d02e5956b8e30e3dcc52080b4967e3e1c4122e0888e933cc4d3579340a64ccHP Security Bulletin HPSBMU03562 2 - A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Service Manager. The vulnerability could be exploited remotely to allow code execution. Revision 2 of this advisory.
582059f3157f5288f539b5a0198aa639f4e5be8cb75df46d07a3774d77273937Ubuntu Security Notice 2942-1 - A vulnerability was discovered in the JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code.
03ba63fb82bc9f80a8737b4266fdcf5b1c758da341d6916e0066286df907ff6cRed Hat Security Advisory 2016-0514-01 - The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit, OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions.
d2c7ba18b9ab841d36650848f97e0bcdc94f44f76bd5ae2a2eb845f825938652Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
3f5f9bd87dcf5f48f2a28b9d1483b03c9c6ba6a16a660b4be8e0892fa953dbc9Red Hat Security Advisory 2016-0515-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update provides Oracle Java 7 Update 99. Security Fix: This update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
8ac9769de79b1fb68d57e6e33f362f3fe6eb4617429467e0b04c83b33674fdc8Red Hat Security Advisory 2016-0512-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions.
482fbf87dc29f140a894ff589433aecefe45a4f8423e9a530ffcbb5c2eeb8e91Red Hat Security Advisory 2016-0516-01 - The Java Runtime Environment contains the software and tools that users need to run applets and applications written using the Java programming language. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update provides Oracle Java 8 Update 77. Security Fix: This update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
bc05b0bfdaa20ecc5141ea9df9eb9e268d4e1672946326b3976b8fdee70c1fe1Red Hat Security Advisory 2016-0513-01 - The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit, OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions.
ef42d725d6c3979f8e8ba812004915f3a2c15422e59371dbfb0e3b2a98583a84Red Hat Security Advisory 2016-0511-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions.
5ad8f45a876939a92eae412eed9d2c5a00a149874ad1c5e459428f53c07f7b29Red Hat Security Advisory 2016-0505-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.
a1ca5928df39cb93e5323cf513904cadd1eb4b2f8c76a22cc183665fdfe1876eRed Hat Security Advisory 2016-0504-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.
4d9f12390d17cfb48c176e56fd2deb47dc08e4eb92697c37cbabba1894266fc4Red Hat Security Advisory 2016-0503-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.
2b210d3a0fe1ec9873d9ca62c55bcc92f3674b8cc9e52134deee2ac826dba811Red Hat Security Advisory 2016-0506-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.
6579e5164b0a670658eaf58886c8b7e956d9a10588eaf80409b2278e764907f1Ubuntu Security Notice 2941-1 - Kostya Kortchinsky discovered that Quagga incorrectly handled certain route data when configured with BGP peers enabled for VPNv4. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Quagga incorrectly handled messages with a large LSA when used in certain configurations. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
dec0b6f9f3b35d3f8a8eb68d683beaa94258a1981f7ede3d89ddbda7fc3e091bDebian Linux Security Advisory 3527-1 - It was discovered that inspircd, an IRC daemon, incorrectly handled PTR lookups of connecting users. This flaw allowed a remote attacker to crash the application by setting up malformed DNS records, thus causing a denial-of-service.
0c471d8a4de27f2d477db379d20ed1b3dead807fc656a8246c90808e350edb27Red Hat Security Advisory 2016-0502-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.
fa247c02810e535d2829b461b7194a04d55af8567128c85df54d40410db78361CA Technologies Support is alerting customers to potential risks with CA Single Sign-On (CA SSO), formerly known as CA SiteMinder. Michael Brooks of BishopFox alerted CA to vulnerabilities that can allow a remote attacker to cause a denial of service or possibly gain sensitive information. CA has fixes that address the vulnerabilities.
e4d264a08af7ea40239a2e704d5c538492c6b233c83ff5f9941ca85ac6a5f151Messaging applications using the Proton Python API to provision an SSL/TLS encrypted TCP connection may actually instantiate a non-encrypted connection without notice if SSL support is unavailable. This will result in all messages being sent in the clear without the knowledge of the user. Apache Qpid Proton python API versions starting at 0.9 and up to 0.12.0 are affected.
68f91e3dd01e746dfc1937199c650b9c4fab137baa29178d81db86380e0218cdThe Facebook social networking service includes a mobile application called Messenger that allows users to send private messages to their Facebook contacts. Although the application uses HTTPS to communicate with the backend servers, insufficient validation (only when the device is configured to use a proxy) of the certificates returned by these servers leaves the application open to man-in-the-middle (MITM) attacks.
74652a5aec3baf181af6b9812022ab2b21dfb9d934a01d021673079a04ae47d6Red Hat Security Advisory 2016-0495-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
e62e55b7facaf86e4436e3627f2fd1668a6dde632b5a3e0917d5aed3396fa121
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed