accept no compromises
Showing 1 - 22 of 22 RSS Feed

Files Date: 2015-08-24

HP Security Bulletin HPSBGN03395 1
Posted Aug 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03395 1 - A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, solaris, freebsd, aix, hpux
advisories | CVE-2015-5416, CVE-2015-5417, CVE-2015-5418, CVE-2015-5419, CVE-2015-5420, CVE-2015-5421, CVE-2015-5422, CVE-2015-5423, CVE-2015-5424
MD5 | c822d624233777789e959ca18bfbc976
Slackware Security Advisory - gnutls Updates
Posted Aug 24, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, 14.1, and -current to fix security issues. IMPORTANT: On Slackware 14.0, install the new updated nettle package first.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-6251
MD5 | 204b7caa91dc1b0c877b3478729bac26
HP Security Bulletin HPSBGN03395 1
Posted Aug 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03395 1 - A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, solaris, freebsd, aix, hpux
advisories | CVE-2015-5416, CVE-2015-5417, CVE-2015-5418, CVE-2015-5419, CVE-2015-5420, CVE-2015-5421, CVE-2015-5422, CVE-2015-5423, CVE-2015-5424
MD5 | c822d624233777789e959ca18bfbc976
Red Hat Security Advisory 2015-1680-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1680-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A Denial of Service flaw was found in the L2 agent when using the IPTables firewall driver. By submitting an address pair that will be rejected as invalid by the ipset tool, an attacker may cause the agent to crash.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2015-3221
MD5 | 311ca99fc808bb4b45a5bc5cb704adf9
Red Hat Security Advisory 2015-1678-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1678-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. A flaw was found in the Django session backends whereby an unauthenticated attacker could cause session records to be created in the configured session store, leading to a Denial of Service.

tags | advisory, web, denial of service, python
systems | linux, redhat
advisories | CVE-2015-5143
MD5 | 98b8659421a30b2e0bd905184f83b645
Red Hat Security Advisory 2015-1679-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1679-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Two security issues were discovered in the Horizon dashboard and are addressed in this update: A cross-site scripting flaw was found in the Horizon Orchestration dashboard. An attacker able to trick a Horizon user into using a malicious template during the stack creation could use this flaw to perform an XSS attack on that user.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2015-3219, CVE-2015-3988
MD5 | 2fbaaa998bb1d4d13ff269ad6ef2eba1
Red Hat Security Advisory 2015-1676-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1676-01 - Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system. All users of redis are advised to upgrade to these updated packages, which correct this issue.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-4335
MD5 | abde96a2e796f99571d42e458e9f63ad
Red Hat Security Advisory 2015-1674-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1674-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw, while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read upto 65KB of uninitialised Qemu heap memory.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5165
MD5 | 3002e9068bf5b513f6ab933e33afcac9
Red Hat Security Advisory 2015-1677-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1677-01 - Python-keystonemiddleware is a client library and a command line utility for interacting with the OpenStack Identity API. Red Hat Enterprise OpenStack Platform 6.0 contains and uses both the python-keystonemiddleware and python-keystoneclient versions of this package. It was discovered that some items in the the S3Token configuration as used by python-keystonemiddleware and python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. This would result in a setting for 'insecure=false' to evaluate as true and leave TLS connections open to MITM.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2015-1852
MD5 | 0dc08e7c4a86639f012ea63654e3f1b6
Red Hat Security Advisory 2015-1675-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1675-01 - Libunwind provides a C ABI to determine the call-chain of a program. An off by one array indexing error was found in libunwind. It is unlikely that any exploitable attack vector exists in current builds or supported usage. This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which correct this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3239
MD5 | e2126f7fec827dc62947684aa346234d
Red Hat Security Advisory 2015-1669-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1669-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3158
MD5 | 3edace604ee1b7ef13adcbc64c071e28
Red Hat Security Advisory 2015-1671-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1671-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes bug fixes and enhancements. Documentation for these changes is available from the Red Hat JBoss Enterprise Application Platform 6.4.3 Release Notes, linked to in the References. It was discovered that under specific conditions that PicketLink IDP ignores role based authorization. This could lead to an authenticated user being able to access application resources that are not permitted for a given role.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3158
MD5 | 38e0dafab8bb303fa3fc050c1ae7b64c
Red Hat Security Advisory 2015-1672-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1672-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3158
MD5 | b2aa1b708790270eaf976f33041592d1
Red Hat Security Advisory 2015-1666-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1666-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185
MD5 | 2ce344efd53462e471a1f039dc25073a
Red Hat Security Advisory 2015-1673-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1673-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EE applications. It is based on JBoss Application Server 7 and incorporates multiple open-source projects to provide a complete Java EE platform solution. The jboss-ec2-eap package provides scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.3.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2015-3158
MD5 | 462d355970765254ec85211be64aa232
Red Hat Security Advisory 2015-1670-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1670-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3158
MD5 | 6ce49c5aa45ab3b4ec924f6a395d3e02
Red Hat Security Advisory 2015-1667-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1667-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3185
MD5 | b027387c05b53ae04916a1d04abac423
Red Hat Security Advisory 2015-1668-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1668-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. All httpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd service will be restarted automatically.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2015-3183
MD5 | 9b5fda49550bf50c352a9351810d009e
Red Hat Security Advisory 2015-1665-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1665-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. This update fixes several vulnerabilities in the MariaDB database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-3152, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757
MD5 | b9b8e132e23cc1cfc53287af18e22bf6
Red Hat Security Advisory 2015-1664-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1664-01 - Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE. A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-2721, CVE-2015-2730
MD5 | ae3db96a1a12a86e9c9225fc9523dc97
HP Security Bulletin HPSBMU03345 1
Posted Aug 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03345 1 - Potential security vulnerabilities have been identified with HP Network Node Manager i and Smart Plugins (iSPIs). The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The SSLv3 vulnerability using US export-grade RSA encryption known as FREAK could be exploited remotely to allow unauthorized . Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-0204, CVE-2015-2808, CVE-2015-4000
MD5 | 16305c839856c915507ccb1978b9dae0
Red Hat Security Advisory 2015-1657-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1657-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this flaw to force a client to download content from an untrusted domain. All rh-ruby22-ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running instances of Ruby need to be restarted for this update to take effect.

tags | advisory, ruby
systems | linux, redhat
advisories | CVE-2015-3900
MD5 | d3dc536a32601e927bb25eb3401dd0f3
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    10 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close