Red Hat Security Advisory 2016-1331-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 6.4. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
5be0820af696aa2a268452c7cb12e9918cf60b6dbaaa9e3eabe78bcba849c38cRed Hat Security Advisory 2016-1329-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 5.2. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
cbe5a6f3c25be1d44c8a6c37d72e9e00d69f1ebab57ebe7a864da31a0019d894Red Hat Security Advisory 2016-1332-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 7.0. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
0b70cff2d3ed8610586553763eefcb42254dcb7ea35857a452af437770062313Red Hat Security Advisory 2016-1330-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 6.4. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
20714f9ab297fe4c3aba11ec350c579ba01411bef55c8fc002958030913a6a60Red Hat Security Advisory 2016-1328-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 5.2. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
b321f1b893ea8425ae2c8704d6bb5ac2e38ce33ed0aba504fd5def3d7b6cde15Red Hat Security Advisory 2016-1334-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Data Grid 6.6. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
2316b5764bfc5bd59d8d306c5d123284da962f5f13f6cd12804ceea6eae3b48fRed Hat Security Advisory 2016-1292-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application.
f71832d18eb162dc5fa8c15b9bf6f44e5899fa4cbb3450d0443c272d19d2db1fRed Hat Security Advisory 2016-1293-01 - The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials.
f1fefa3c6150138e6c35d3a12c0085abef4c3c956a18293274ec8285c20af129Remote authenticated WebTop and WebTop Client users may gain access to the IAPI/IDQL interface in WebTop without proper authorization. Malicious users could exploit this vulnerability to run IAPI/IDQL commands on the affected systems using their own privilege. Affected products include EMC Documentum WebTop versions 6.8 and 6.8.1, Administrator versions 7.0, 7.1, 7.2, TaskSpace version 6.7 SP3, and Capital Projects versions 1.9 and 1.10.
922ee5b10d55ca104fdafbfbabd2f4263e941bd47bdcae7794773725a1ceb3d4The Java Startup Framework (jstart) in SAP Application server for Java allows remote attackers to cause a denial of service via a crafted request. SAP NetWeaver AS JAVA versions 7.2 through 7.4 are affected.
bb3db47d4fcab7f0f9eca2bde8886165421542cd01cf50081af2e14438a6d1d2Internet Communication Manager (ICMAN/ICM) in SAP JAVA AS version 7.4 allows remote attackers to cause a denial of service (possible heap corruption IctParseCookies()) via a crafted HTTP request.
44848e8f5d0007ffcced7de64df26b2bc621da243fd08b9ed7a2f134d4043612Ubuntu Security Notice 3014-1 - Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. Frediano Ziglio discovered that Spice incorrectly handled certain primary surface parameters. A malicious guest operating system could potentially exploit this issue to escape virtualization. Various other issues were also addressed.
6e05cdcaf2aa1cf993c525ec3863c9f2831bf4e664648184e4bee5b17da517e3Red Hat Security Advisory 2016-1272-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. The following packages have been upgraded to a newer upstream version: python-django-horizon: 2015.1.4. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.
57c18e406ff48d256568840e79fd9a8a9165b5682bb8557bf2460e7a347077b8Red Hat Security Advisory 2016-1271-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.
332d67b19899392e831c09c54bc9fe1fc0b682a8f165e19386c332e202a75379Red Hat Security Advisory 2016-1270-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.
4988110b761f7d244c2b8fe79fc98028f74872c914e77416413a6b2c20fc1033Red Hat Security Advisory 2016-1269-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.
e8b5f2a5572c79a4a5333f0e6148e04ccab18504a755cadb8a52a22a30caf447Red Hat Security Advisory 2016-1268-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.
0c519befde1282ae9674cb5175276ec7b4452dbab552efe67d806f409758a58eRed Hat Security Advisory 2016-1267-01 - The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials.
48d97575a2509ec4db6bcab27e3b6fa30160797714cb37a38ecd57b94bf060d2Apple Security Advisory 2016-06-20-1 - AirPort Base Station Firmware Update 7.6.7 and 7.7.7 is now available and addresses an arbitrary code execution vulnerability.
82580c4dbeb889b59ee693c2e8136bdf9dd613b0bde73247408a328c96863758Slackware Security Advisory - New pcre packages are available for Slackware 14.1 and -current to fix security issues.
bb81087a01aaa55a52449ed8212fae7cacd64a6f7ca7e3768406ad119f003424Slackware Security Advisory - New libarchive packages are available for Slackware 14.1 and -current to fix security issues.
5ab416c95610b2c7d6d2ffbb23607802961886c6610f1d8a0b6446e0ee052757Debian Linux Security Advisory 3605-1 - Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service (application crash) against an application using the libxslt library.
20fdbd85e9d07462fa31177937cdcc2de883d6f58d73cd04f1530450db6af69aRed Hat Security Advisory 2016-1262-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 51.0.2704.103. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
45cbc6c211ad9e33d1e2722e7c7dc5c15d72fcbcc48dc5da28b0383515f280e3Ubuntu Security Notice 3013-1 - It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
6aa1759ea4a56ff06cbcd1346041c06eac65ab5a67eb809302bc6274df1d8247Ubuntu Security Notice 3012-1 - Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files.
ce58c9f63ee02189ccf645ed4f89fd26639c73baac37f0bbea564d04d356fe3d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed