Jolla Phone with Sailfish OS versions 1.1.1.27 and below suffer from a telephone URI spoofing vulnerability.
57ef9596cf11861bdc97dd540ee415f4X2Engine version 5.0.4 Platinum Edition suffers from a cross site request forgery vulnerability.
877278aa21ada6b1af40d241a8ea9a19Debian Linux Security Advisory 3186-1 - It was discovered that the Mozilla Network Security Service library (nss) incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack.
1ac6828016c36d3b1fed8bd4fbbfe9c8HP Security Bulletin HPSBMU03262 1 - A potential security vulnerability has been identified with the HP Version Control Agent running OpenSSL on Linux and Windows. This vulnerability is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. A second vulnerability could be exploited to cause a Denial of Service (Dos). Revision 1 of this advisory.
582c93fa49f6fa2d67d23f493f320ea9HP Security Bulletin HPSBMU03283 1 - Potential security vulnerabilities have been identified with the HP Virtual Connect Enterprise Manager SDK running OpenSSL on Windows. This vulnerability is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. A second vulnerability could be exploited remotely to cause a Denial of Service (DoS). Revision 1 of this advisory.
5a964ae5bcf1f5f013a6a2dd42e92690HostingTakip version 3.0 suffers from a persistent cross site scripting vulnerability.
4e299665a39662162ba1bee579abffa1HP Security Bulletin HPSBMU03259 1 - A potential security vulnerability has been identified with the HP Version Control Repository Manager running OpenSSL on Linux and Windows. This vulnerability is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
133e668f504ba8566e9e81afdfeb3320HP Security Bulletin HPSBMU03267 1 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
1ec40d8dc9f955517fe38ee2c122c801Mandriva Linux Security Advisory 2015-058 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. Various other issues have also been addressed. The updated packages provides a solution for these security issues.
1672197a7863a87e12b27bd341a9da98This Metasploit module exploits a vulnerability in the IPass Client service. This service provides a named pipe which can be accessed by the user group BUILTIN\Users. This pipe can be abused to force the service to load a DLL from a SMB share.
ffc39e2ef1fd5a0cf7b4f982947690e3Alkacon OpenCms version 9.5.1 suffers from a cross site scripting vulnerability.
3d084771b1baac89e9f752cbc9edecc2WordPress SEO by Yoast plugin versions 1.7.3.3 and below suffer from a remote blind SQL injection vulnerability.
e5250a7dfde4fb7e954ba5c8607ff1ebWordPress WPML plugin versions prior to 3.1.9.1 suffer from remote SQL injection, cross site scripting, and page/post/menu deletion vulnerabilities.
a22d22991a043270f96f8e41fed347f9Codiad version 2.5.3 suffers from a local file inclusion vulnerability.
8bdbe05fbaa9900680311f36d6be4609iPass Mobile Client version 2.4.2.15122 suffers from a local privilege escalation vulnerability.
4c5355b5d39555eab80c8d1b1908db1eCkeditor version 4.4.7.x suffers from cross site scripting and remote shell upload vulnerabilities.
e8624b8c4ac1962e13f3d4672f9a6761Debian Linux Security Advisory 3185-1 - Multiple vulnerabilities were discovered in libgcrypt.
f0c5d0f18d2ca6b02de9a4619ba16987Debian Linux Security Advisory 3184-1 - Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard.
597bb3322ba9abb2d5362afadecace13HP Security Bulletin HPSBMU02895 SSRT101253 5 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 5 of this advisory.
2ee0bde75e35fb76aedf6add788d8258HP Security Bulletin HPSBGN03249 1 - Potential security vulnerabilities has been identified with HP ArcSight Enterprise Security Manager (ESM) and HP ArcSight Logger. These vulnerabilities could be exploited remotely resulting in multiple vulnerabilities. Revision 1 of this advisory.
0158bc52b8c30a9c3c1083232d8639beDebian Linux Security Advisory 3183-1 - Multiple vulnerabilities have been discovered in Movable Type, a blogging system.
ceb5b7e73629bea880d14be77a58aac7
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed