SAP HANA version 102.02 suffers from a denial of service vulnerability.
5fccc7675d88d83dae2c3a0c0c65e2fb0a98ab8777842e235044812b9b499f18SAP NetWeaver J2EE Engine version 7.40 suffers from a cross site scripting vulnerability.
4655901da59fa913d5474f46ffc2314351dc96a7255647b287423117a2d864b4Red Hat Security Advisory 2016-0561-02 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected urgent priority bug fixes for RHEL 5.11. On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released content.
4366eac4b38f0f7fb9596ab285515ca6fc43211529f702b81367eceed768c2f8HP Security Bulletin HPSBST03576 2 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HP P9000 and HP XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager. The vulnerability could be exploited remotely to allow remote code execution. Revision 2 of this advisory.
f606dc4dc388eed30004af41fb349d384fd9a13645b31d992d7cc1b0d2b4daaeHP Security Bulletin HPSBGN03555 1 - Potential security vulnerabilities have been identified with HPE Vertica Analytics Management Console. The vulnerabilities could be remotely exploited resulting in disclosure of sensitive information or execution of arbitrary code with root privileges. Revision 1 of this advisory.
4f63819779cdddfebe33628e2067a2957a407f873004fdb0efdff6ac05524e30Ubuntu Security Notice 2917-3 - USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. Various other issues were also addressed.
4f190a0b3a5329c140efe8e3eb4e0cb1f1beaabfa751c14f762b50fff0465e04HP Security Bulletin HPSBMU03575 1 - HP Smart Update Manager (SUM) has addressed the following vulnerabilities: The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Multiple OpenSSL vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS) or other impacts. Revision 1 of this advisory.
951b9459376328c5cc2cb9fbe9d2e7233b6bd702b9e72e647dbe0a71bf95c52eA design flaw in Avast Sandbox allows a potentially harmful program to escape the sandbox and infect the host by dropping its files out of it and/or by modifying existing legitimate files of any type. Affected products include Avast Internet Security v11.x.x, Avast Pro Antivirus v11.x.x, Avast Premier v11.x.x, Avast Free Antivirus v11.x.x, Avast Business Security v11.x.x, Avast Endpoint Protection v8.x.x, Avast Endpoint Protection Plus v8.x.x, Avast Endpoint Protection Suite v8.x.x, Avast Endpoint Protection Suite Plus v8.x.x, Avast File Server Security v8.x.x, and Avast Email Server Security v8.x.x.
7fd3ef05288e1690d62a92d2e2d6b6fd6cc0392156eb537960ff2d8cc0ea7037Ubuntu Security Notice 2950-1 - Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. Various other issues were also addressed.
7e7ea9fcd4b1fd06b83c16d90cf9d03bcaa1f0afa52f3c19687b2dd2577594b2Ubuntu Security Notice 2951-1 - Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service. Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service. Hans Jerry Illikainen discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
f520a8832a32ec2cc81ded387c5e63c900d74f0cc05dce5dc9b80ba00db439ebRed Hat Security Advisory 2016-0638-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 50.0.2661.75. Security Fix: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
0110fc0bd75ec112fdfde6dcd668bac14f69bcb0954d2d4de12aa637092fce57Debian Linux Security Advisory 3552-1 - Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager.
1b018da117488b19261b9d974ed2fe2088c108c4c83626583134bb1f11f147c8Debian Linux Security Advisory 3551-1 - It was discovered that fuseiso, a user-space implementation of the ISO 9660 file system based on FUSE, contains several vulnerabilities.
4543e4617d7c112434980fbe6976b5d975b8192992ac0f0ec3c02bd6aa1d02abSlackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
2e1f520115dc0ce156ad8eafcb817bb0a5e79dc89363864cf265e0979131fc8aSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
ada13069916cf30f9ba40168bc484d5f3570073943d56347b0b28908cc548cbaSAP NetWeaver J2EE Engine version 7.40 suffers from a cryptographic issue that can lead to information disclosure.
4a8752f48a5fa73baa980c9abecb1d2a2c71088e4ae41dc5af67c4faa1a59f5bAnonymous attackers can use a special HTTP request to inject logs in the xsengine trace file without size restriction. The vulnerability is triggered when the username sent to the /sap/hana/xs/debugger/grantAccess.xscfunc page is longer than 256 characters.
c8c5dd5a2c2a55cdafe1f8d473df9812f164b0f46f07d0a934fb5fc0b3a066f0SAP NetWeaver J2EE engine version 7.40 suffers from a cross site scripting vulnerability.
4d45bc8c91a6d3d36af7f90ad4341ee0314fc7fffe6fbc4ec7d2cfe5c83dab9fDebian Linux Security Advisory 3550-1 - enabled and the sshd PAM configuration is configured to read user- specified environment variables and the "UseLogin" option is enabled, a local user may escalate her privileges to root.
374089592e1cd2eb80c2dec50b28b14a5c1a6f12066de2e2c148453d945875cfDebian Linux Security Advisory 3549-1 - Several vulnerabilities have been discovered in the chromium web browser.
78be013d33903d3148ba3f1b8de4567e0e7e3695de26eaeb437da123767a9de4VMware Security Advisory 2016-0004 - VMware vCenter Server, vCloud Director (vCD), vRealize Automation (vRA) Identity Appliance, and the Client Integration Plugin (CIP) updates address a critical security issue.
bd56155a16a9898620437b43f01ad1f323acba62d3f1fc3b322b4be0caad980bEMC Unisphere for VMAX Virtual Appliance contains a fix for an arbitrary file upload vulnerability. This vulnerability could expose the VMAX Virtual Appliance to be potentially compromised by malicious users. EMC Unisphere for VMAX Virtual Appliance version prior to 8.2.0 are affected.
54c97e2325e2b7e67297fc3d7d82dccdb3972cb5aa3005957194aba7f8158f07Asterisk Project Security Advisory - PJProject has a limit on the number of TCP connections that it can accept. Furthermore, PJProject does not close TCP connections it accepts. By default, this value is approximately 60. An attacker can deplete the number of allowed TCP connections by opening TCP connections and sending no data to Asterisk. If PJProject has been compiled in debug mode, then once the number of allowed TCP connections has been depleted, the next attempted TCP connection to Asterisk will crash due to an assertion in PJProject. If PJProject has not been compiled in debug mode, then any further TCP connection attempts will be rejected. This makes Asterisk unable to process TCP SIP traffic. Note that this only affects TCP/TLS, since UDP is connectionless. Also note that this does not affect chan_sip.
122646434ef3ffdbf4f736e5ba7648af84f7dff43cfe57162960b91becc450fdAsterisk Project Security Advisory - Asterisk may crash when processing an incoming REGISTER request if that REGISTER contains a Contact header with a lengthy URI. This crash will only happen for requests that pass authentication. Unauthenticated REGISTER requests will not result in a crash occurring. This vulnerability only affects Asterisk when using PJSIP as its SIP stack. The chan_sip module does not have this problem.
afafbceea5744913691ffdaa1e188cde546064b48141faa603d4ecb51464d088Red Hat Security Advisory 2016-0632-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Ceph Storage 1.2 offering will be retired as of May 31, 2016, and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including Critical impact security patches or urgent priority bug fixes, after this date.
571366d5e03d4e8944a1d32ee5130b116af47843449136c95f54efbf44c63e33
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed