D-Link DAP-1320 wireless range extenders suffer from cross site scripting and directory traversal vulnerabilities.
4112b4df739e7ec39886258958f425e4
F-Secure Messaging Security Gateway version 7.5.0.892 suffers from a reflective cross site scripting vulnerability.
7ac40cc1a76920029a3c14d08900c33a
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
1bcc5cd1ff744d8c920e42be9e056672
Nagios Remote Plugin Executor (NRPE) versions 2.15 and below suffer from a remote command execution vulnerability.
ab43115d2842c0125acfc721e8cc79df
HP Security Bulletin HPSBMU02995 3 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 3 of this advisory.
c3eccb2ce96e9c3c6a8cd03a45a0c0ad
HP Security Bulletin HPSBMU02998 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
7c105f0e88710253eeeddfeb03a62f77
HP Security Bulletin HPSBGN03010 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
c37610a6a753bffeaf8f1e6412725497
HP Security Bulletin HPSBMU02935 2 - Potential security vulnerabilities have been identified with HP LoadRunner Virtual User Generator. The vulnerabilities could be exploited to allow remote code execution and disclosure of information. Revision 2 of this advisory.
8985e9ea11462bd0b834b44913bbe800
HP Security Bulletin HPSBMU02987 - A potential security vulnerability has been identified with HP Universal Configuration Management Database Integration Service. The vulnerability could be exploited to allow remote execution of code. Revision 1 of this advisory.
85a9b06e85f5eb8f18a846d89dfeb12a
HP Security Bulletin HPSBMU02988 - A potential security vulnerability has been identified with HP Universal Configuration Management Database Integration Service. The vulnerability could be exploited to allow disclosure of information. Revision 1 of this advisory.
435a18e386a4bfadd62ac0da62f847da
HP Security Bulletin HPSBMU02982 - A potential security vulnerability has been identified with HP Database and Middleware Automation (DMA). The vulnerability could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.
e976cef7d0a0452d14559959fd1e34a1
HP Security Bulletin HPSBGN03008 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
b02794dad9406da467d2b09fbcf5abe9
HP Security Bulletin HPSBMU02996 - A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. This vulnerability could be remotely exploited resulting in unauthorized access or execution of arbitrary code. Revision 1 of this advisory.
bbe389cd88b78f342b845e8768d44ffc
Red Hat Security Advisory 2014-0412-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
84790d917cbde2c678a759fef617465c
Red Hat Security Advisory 2014-0413-02 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
248d403ae5d745ccc617909346df34b2
Red Hat Security Advisory 2014-0409-02 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. The gluster-swift component, provided by Red Hat Storage, requires the auth_token middleware. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.
365b33bb9309689bc3c8b570bc33d54c
Mandriva Linux Security Advisory 2014-079 - Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library. Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU.
b3703a3c440ae2d1e586dde7903dc712
Red Hat Security Advisory 2014-0416-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues: An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
11512b6f2ee60d28099ef8fec81c28ec
Red Hat Security Advisory 2014-0415-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. A buffer overflow flaw was found in the way the libyaml library parsed URLs in YAML documents. An attacker able to load specially crafted YAML input to an application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An integer overflow flaw was found in the way the libyaml library handled excessively long YAML tags. An attacker able to load specially crafted YAML input to application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
0bd4696e9c1502e08477406df9c325e1
Red Hat Security Advisory 2014-0414-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section.
5dfe583ef9a4bba7221b9c08e0d1e506
CMSimple versions 4.4.2 and below suffer from a remote file inclusion vulnerability.
ace9cbcf9c69edcf2c32d6cc2d8677e6
Jzip version 2.0.0.132900 structured exception handler (SEH) unicode buffer overflow denial of service exploit.
72bc8fd9c38d1ec32fe4392585e83d0c
Poor treatment of file paths may lead to rogue binary execution in McAfee Security Scanner Plus.
ce17ae5c6470989528d6178b06d425f5
ASUS RT series of routers disclose administrative credentials.
502fadc2c4bed26bcbc7d10d5f208933