Red Hat Security Advisory 2016-1785-01 - Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.7 release serves as a replacement for JBoss Operations Network 3.3.6, and includes several bug fixes.
2cc2183f89947a122a8dbcc3d0f918c09c7e9dfb436446ac88bd6b099f31bff0Cisco Security Advisory - A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device. The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device. Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.
ccf9dfcc97adb138f7d24d75f51d007e71d7f844aae6e82d07c7a188c937bed1Cisco Security Advisory - A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of malformed HTTP traffic. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. An exploit could allow the attacker to deny service continually by sending crafted HTTP requests to a phone, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
899c8995efd36f53e8fcb7f2a34120edfb3bed08afe4753d1cfcd4de9c447c31Cisco Security Advisory - A vulnerability in Cisco WebEx Player could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious file using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
891c13b58be0af0b7350c16216c66fcc911203ae9cc908aa9be3b56343ff46f5HP Security Bulletin HPSBGN03637 1 - A potential vulnerability has been identified in the AdminUI of the HP Operations Manager for Unix, Solaris, and Linux. The vulnerability could be exploited remotely resulting in Cross-Site Scripting (XSS). Revision 1 of this advisory.
1ce5c760fd7c1301d3a84917c1bc4e1979c54720b9deb0df1356b2c57f517089Red Hat Security Advisory 2016-1781-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a newer upstream version: rh-postgresql94-postgresql. Security Fix: A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.
9345dc2c41d8927ec523db65c6d7145025cd5746f563f0a1360ea20e8f699bf1Oracle E-Business Suite version 12.2 suffers from a cross site scripting vulnerability.
4dbd32f1e827b9fbc232549a7899763b8c70b67a7074a0a1624dd746f94353b4Oracle E-Business Suite version 12.2 suffers from a cross site scripting vulnerability.
4248daa0121eaa86e6b714139fadeeeec921c2b5e1fca28b45f54bf775e87f96HP Security Bulletin HPSBHF03641 1 - A potential security vulnerability has been identified with certain versions of HPE Integrated Lights-Out 3 (iLO 3). This vulnerability, also known as the "Vaudenay vulnerability", could be remotely exploited using TLS CBC Padding and MAC Errors resulting in disclosure of information. Revision 1 of this advisory.
58e82735227f4286de90f9cfe8309c05b1d48976220a0330658f8f7cc251e5edUbuntu Security Notice 3070-4 - USN-3070-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. Various other issues were also addressed.
54515843f175f0f9bcd9acc3ab889613ddf0f05fd7d32658882565e31cc06142Ubuntu Security Notice 3070-3 - A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. Kangjie Lu discovered an information leak in the Reliable Datagram Sockets implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
94afc7eeef9ca08145fbcd09d2933660867345939bcddffa924773452fa63bdeUbuntu Security Notice 3070-2 - A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. Kangjie Lu discovered an information leak in the Reliable Datagram Sockets implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
ea8ebece878c9ec1bdb289ff938356e56dc9c698e0e7b55ac18137e6e45dca21Slackware Security Advisory - New kernel packages are available for Slackware 14.1 to fix a security issue.
783ac25f8f61e15eb21e0a2ae6348f261f89609ab114395fbab3dfd1e9a81614HP Security Bulletin HPSBGN03638 1 - Potential vulnerabilities have been identified in the lighttpd and OpenSSH version used in HPE Remote Device Access: Virtual Customer Access System (vCAS). These vulnerabilities could be exploited remotely resulting in unauthorized modification of information, denial of service (DoS), and disclosure of information. Revision 1 of this advisory.
52dde48bf7e6534ed145537c197f29c8bff97d184184ef9e9c43b600d40a7d73Oracle E-Business Suite version 12.2 suffers from a cross site scripting vulnerability.
d4ca9abf8207c6975fcc66ecc45a548f67b27bb8793df0a127fb71210092aeeaOracle E-Business Suite version 12.2 suffers from a cross site scripting vulnerability.
554e04de0e954a1d4192207c20fc07b4bd10869bb459eb7fde19ec15034a2eecRed Hat Security Advisory 2016-1779-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support for Cloudforms 3.x will end on February 28, 2017. Red Hat will not provide extended support for this product. Customers are requested to migrate to a supported Red Hat CloudForms product prior to the end of the life cycle for CloudForms 3.x. After February 28, 2017, technical support through Red Hat's Global Support Services will no longer be provided.
6c22befc34ebe4b1c03b51bbf7c25ad661bd7f118db5425b92f5744941dc05a8Ubuntu Security Notice 3072-2 - Kangjie Lu discovered an information leak in the Reliable Datagram Sockets implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Yue Cao et al discovered a flaw in the TCP implementation's handling of challenge acks in the Linux kernel. A remote attacker could use this to cause a denial of service or inject content into an TCP stream. Various other issues were also addressed.
96d0691fb37a717dc4538398d603c1ba2926fb7655c3ca0e94e6f32b862548e3Ubuntu Security Notice 3072-1 - Kangjie Lu discovered an information leak in the Reliable Datagram Sockets implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Yue Cao et al discovered a flaw in the TCP implementation's handling of challenge acks in the Linux kernel. A remote attacker could use this to cause a denial of service or inject content into an TCP stream. Various other issues were also addressed.
87c2db82b8e8252d7c63bb9b84f22240a7da51fef03461bf0f74053a53450993Ubuntu Security Notice 3071-2 - USN-3071-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Kangjie Lu discovered an information leak in the Reliable Datagram Sockets implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
3566417846c77d69e8d6e988ac18f853f3f5643c015dda7a7a0b163ac03ba13eUbuntu Security Notice 3071-1 - Kangjie Lu discovered an information leak in the Reliable Datagram Sockets implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Yue Cao et al discovered a flaw in the TCP implementation's handling of challenge acks in the Linux kernel. A remote attacker could use this to cause a denial of service or inject content into an TCP stream. Various other issues were also addressed.
390d0ea5ed263a891c9e578a8e5adc5d81a3abf7979689b597c1dbe2ca6e2c3dUbuntu Security Notice 3070-1 - A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. Kangjie Lu discovered an information leak in the Reliable Datagram Sockets implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
671f73e3980f6ab5eb3168e9a016890390d6371acb18fd3ee5f1267d933eeb9dRed Hat Security Advisory 2016-1776-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed.
49fb553f781a4fb3768e1f5965572b0d7f7c4362a804c7d52fefa6aacf26bdf1Debian Linux Security Advisory 3654-1 - Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon.
25c09a37562c4b6e5388e52d121a5fd6c975e1347392e663a3722c450e2bd3cbDebian Linux Security Advisory 3652-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum, PDB, DDS, DCM, EXIF, RGF or BMP files are processed.
86f82123fa7a7dda6e9bf4a697f83c57a7e7b708b8514ad9004f3b0ba28ee0da
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed