The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
6f7fdc579c4c27554cc3ec99a4f16381b719faa8c9b3ea09575d872a2c46eedbGnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
57646d3e4b919fa1e5c8f1c0cf5fe1215333041c493a5ebc4b8f2978dbe930f2GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
7f09319d044b0f6ee71fe3587bb873be701723ac0952cff5069046a78de8fd86Apache Standard Taglibs version 1.2.1 suffers from XXE and remote command execution vulnerabilities via the XSL extension in JSTL XML tags.
8c2ab7316e10682e5ec4ae90bd77f5d88181ffc401373f41d68ce5954d7390c9Tcl versions 1.0.0 through 1.16 suffer from a cross site scripting vulnerability.
730a7bdc810f6661614e8c85a4d349f300753b320e0c094481b7623cf1db1ed1WordPress Media Cleaner plugin version 2.2.6 suffers from a cross site scripting vulnerability.
d6d74a75a7b2750fa09fb305d04f9190b5b35d816ed0e17bd581dad5ccd3abf6Debian Linux Security Advisory 3176-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
840d3a686a95a1505364975685598e01a1f4b7e2a8c3bf734345eba944e56722Electronic Arts Origin Client version 9.5.5 suffers from multiple privilege escalation vulnerabilities.
bdc4deb08d63ed9cd53fd413b95ebd3ad366bfd82c36adf13589b24c4c2719beGotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by other users. Jetty versions 9.2.3 through 9.2.8 are affected. Proof of concept code included.
17f918c6ed7be55415f6475ca5befcbf2d795848bb2960612e998e54f15479d5Wireless File Transfer Pro Android suffers from a cross site request forgery vulnerability.
f709cfd1847fd656f23afa2f5a198b95fcf11abe5bc5307c2b3e6986922ffa41Data Source: Scopus CMS suffers from a remote SQL injection vulnerability.
b800f8c298aac054e854e7dff0260d6929a4378ec6d5bbeb141735b6bb249cb1DSS TFTP version 1.0 suffers from a path traversal vulnerability.
1659f811ad0d86f14519c3c5d8b7cf5d0467eaa4dfccab458a7219f5b85406adMultiple D-Link and TRENDnet devices suffer from cross site request forgery and unauthenticated access vulnerabilities. Various proof of concepts included.
d86bc02a0870f2b702d8d6cfe716a8d3945f7125fd82903e1ad431ce4f504b42Collabtive version 2.0 suffers from a stored cross site scripting vulnerability.
51dbb48d16f19915093f913e78a13762366a085517ff044dcbe854adf5fca212Akeneo PIM suffers from a cross site scripting vulnerability.
040796ea07e3e0dd0e31046f63c7e45cef6b91156f100b03958457fd5300859deFront Learning version 3.6.11 suffers from a stored cross site scripting vulnerability.
003e810011af79ee652072521748cd4aa32885be460c9e002ccdbf1dd2107972Secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
7583c1120e911e292f22b4a1d949b32c23518038afd966d527dae87c61565283FreeBSD Security Advisory - BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable. A remote attacker can trigger a crash of a name server that is configured to use managed keys under specific and limited circumstances. However, the complexity of the attack is very high unless the attacker has a specific network relationship to the BIND server which is targeted.
0e416654c22a1367cdad06ceb1a67ec74bb5ad43931cfbbd4d5e066547480619FreeBSD Security Advisory - An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash.
76ae1889e6e180016123dbcd9d01a3c9f96266857a6c54bf55851337ed754719TangoBB version 1.5.0-A3 suffers from a cross site scripting vulnerability.
f14175c8ce177339644aee54e883870979db753dec8cfea37dfd6eec3d7e585dEnano CMS version 1.1.8pl1 suffers from a cross site scripting vulnerability.
77dfeefd90af3bf96609dca951ae09bcd4a7461ee0b4f68b894ccb8f1404c368Ubuntu Security Notice 2512-1 - A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. Various other issues were also addressed.
3f262086df87588265dbecbb8ff0843e0cab2865cab84a7edc8442b585a2644fUbuntu Security Notice 2519-1 - Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the GNU C Library incorrectly handled receiving a positive answer while processing the network name when performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to hang, resulting in a denial of service. Various other issues were also addressed.
1b157586f2ed9c751bb741fa0ea8c7d75c284f263ee1da14e33f7921b5b19b1dUbuntu Security Notice 2520-1 - Peter De Wachter discovered that CUPS incorrectly handled certain malformed compressed raster files. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.
3f5f2c63b03a2f9dbe4401968467d5532e3781909850a2839166ccf5352b25efSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
407ff06d90c59a8b214eeec8314e041b0b6f0f5ceb2a4b26b52d783cf39cdb87
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed