EMC Avamar contains a security vulnerability that may potentially be leveraged by a malicious user to obtain sensitive information when performing a backup or restore operation relating to the vCenter Server. EMC Avamar VMware image and File Level Restore (FLR) proxies do not verify SSL certificates properly when presented by vCenter and may be vulnerable to man-in-the-middle attacks. This vulnerability may potentially be exploited to obtain sensitive information when performing backup and restore operations relating to the vCenter Server. EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x are affected.
960253ccc6bd345db43360a894017a6964b76e9c567c6ab6c5de909091e08bfa
Unisphere Central versions prior to 4.0 suffer from a large amount of security vulnerabilities and an update has been released that includes a fix for an unvalidated redirect issue along with various embedded component vulnerabilities.
ce4edb828cb719a743e51aeccc8b869350ac720be7a173f3e3978c205c139f5f
Asus RT-N10 Plus with firmware version 2.1.1.1.70 suffers from a cross site scripting vulnerability.
52834296326caf3b9233a242ffe1a865ee9dddc03118fc76297f3bfe0a1ac589
VMware Security Advisory 2015-0002 - VMware vSphere Data Protection product update addresses a certificate validation vulnerability.
0531aeee8d20e6e4def483d5bc261726b7dc432377407392d954630e1a91fddd
Debian Linux Security Advisory 3145-1 - Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing HTTP proxy, which might result in denial of service.
e6db28ba30169786edf2dcf19679ab5a026574a62ab07e73a140bfd7b7124c5b
Debian Linux Security Advisory 3144-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
622b1ffb514cee356dcd2ec27f28c7e4b1b32a3f20afd883039207989ce539b0
HP Security Bulletin HPSBOV03226 2 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS BIND 9 Resolver. These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) and other vulnerabilities. NOTE: These vulnerabilities impact OpenVMS TCP/IP BIND servers only. No update is required for BIND clients. Revision 2 of this advisory.
4935d3f1fb7ea8e8542d5095cd4cb2b982b905b4752fdda66d72da48b1f6e88d
Debian Linux Security Advisory 3146-1 - Jakub Wilk discovered that in requests, an HTTP library for the Python language, authentication information was improperly handled when a redirect occurred. This would allow remote servers to obtain two Proxy-Authorization header (CVE-2014-1830), or netrc passwords from the Authorization header (CVE-2014-1829).
d12919710b3c1d41c774e5833078bfdcbc449f8d50ae48755845daa5dbf03e7a
Debian Linux Security Advisory 3147-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
8f72aaccb477a21c98ab72ae6ecbad94d77750711480b0a4c5c4c91781281f8c
Symantec Encryption Management Server versions prior to 3.2.0 MP6 suffers from a remote command injection vulnerability.
3bc3eeac36113e210abe514dc8172c9c2bb90bb59bbe5d343e9ac303b7490024
NPDS CMS Revolution-13 suffers from a remote SQL injection vulnerability.
142ca9db88be9cf3d50167d0e6ca107fc856238d9b989d450adedf97f40190cc
This is a whitepaper discussing mitigation of the Ghost glibc vulnerability as discussed in CVE-2015-0235.
77fdf5e2024f2bd5d09207c0e6a1b4251255bb6447af8bde63b893affd58ba12
McAfee Data Loss Prevention Endpoint version 9.3.200.23 suffers from an arbitrary write privilege escalation vulnerability.
b96f5506ade3562db4422d9d10574de13efea0a185c340127a4a630ff1c8727d
Asterisk Project Security Advisory - CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150.
29b34a38aceb27270a9742ce1a2328d92a59cc3a2103a91b0fcb2d89ef89580a
This advisory details a vulnerability found within Kaseya Browser Android application. A path traversal vulnerability was discovered within an exported content provider, resulting in the disclosure of arbitrary files, including internal application files.
cd0eed73304887bcbc11bac4f7dca27d8f196f11666aa9eebef47a9489785ca8
Pexip Infinity versions prior to 8 fail to generate unique SSH host keys.
43c60a3a4da895b0ff05a3e455fad08e342cad1275ea6870cdccf41b80f4520e
MantisBT version 1.2.17 suffers from improper access control, cross site scripting, and remote SQL injection vulnerabilities.
66702fafa02a9dbc923285c073b3f395b675adad64da5dfa2394ca10e6440fd2
This advisory details multiple vulnerabilities found within the Kaseya BYOD Gateway software. By chaining a combination of lacking SSL verification, poor authentication mechanisms and arbitrary redirection vulnerabilities, a malicious entity may potentially compromise any Kaseya BYOD installation. The Kaseya BYOD Gateway software uses a redirection feature, wherein users are redirected to their local Kaseya installation via Kaseya's hosted servers. The update request from the BYOD Gateway software to the Kaseya hosted servers was not found to verify SSL certificates and fails to implement any form of authentication, instead relying on the length of the gateway identifier to provide security. Thus, the security of the solution depends on an attacker's ability to enumerate the gateway identifier. Once a malicious user enumerates the Gateway identifier, then they may update the redirect rule for that customer in Kaseya's hosted servers, redirecting customers to a malicious Kaseya BYOD Gateway. Version 7.0.2 is affected.
84b242264d948879e1883fb40c965edd3e0f9240397d1c5870d701482625f9be
ManageEngine Firewall Analyzer versions 8.0 and below suffer from cross site scripting and directory traversal vulnerabilities.
6ee156b0d54a8f1ed09c9f4838b7ee5144db4b15ab8239f4c4fb15af63710762
Multiple direct object reference vulnerabilities were found within the AirWatch cloud console. VMWare advised that these issues also affect on-premise AirWatch deployments. A malicious AirWatch user may leverage several direct object references to gain access to information regarding other AirWatch customers using the AirWatch cloud. This includes viewing groups and downloading private APKs belonging to other organizations.
5468547ad7baa8b8e0d41f706bd7a80458d99dc96cd25a19ec2e1b6344263f4f
UniPDF version 1.1 suffers from a buffer overflow vulnerability. This is a SEH overwrite denial of service proof of concept exploit.
7c9adc7186397aed0cb3bfb2dfaacca61f412e296b377460a47fa10b0f8d7d95
There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the program handles it.
7297622cf93f018ee50d502b4deb7ac9d83396bceed64caa328eab02705135a7
Slackware Security Advisory - New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and 14.1 to fix a security issue.
3d6fcd881648b54bc54e46c4ef60b3519d0791bdbb5d2cd4595f585e0f842fc9
ManageEngine OpManager, Applications Manager, and IT360 suffer from arbitrary file download, directory content disclosure, and blind SQL injection vulnerabilities.
673d176c6994825278245d24a4e3dd01607a5db291f3f9c6d510ddb9184591fa
Fortinet FortiOS with firmware 5.0 build 4457 (GA Patch 7) suffers from a CAPWAP daemon DTLS denial of service vulnerability and man-in-the-middle vulnerability.
1d7eabcba5b448e1f50b41f696a137829a3448ee8819d84a471f0f1752e6f73c