what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2015-08-24

HP Security Bulletin HPSBGN03395 1
Posted Aug 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03395 1 - A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, solaris, freebsd, aix, hpux
advisories | CVE-2015-5416, CVE-2015-5417, CVE-2015-5418, CVE-2015-5419, CVE-2015-5420, CVE-2015-5421, CVE-2015-5422, CVE-2015-5423, CVE-2015-5424
SHA-256 | d4943331c6e9bd04dfbd5d772d43f3cfb604cd0b207c5e286fdb599dbf4649c0
Slackware Security Advisory - gnutls Updates
Posted Aug 24, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, 14.1, and -current to fix security issues. IMPORTANT: On Slackware 14.0, install the new updated nettle package first.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-6251
SHA-256 | 4dae198e1d37c02254ad3217d06551652e88d99bc14c29e717e8d4d153644a2a
HP Security Bulletin HPSBGN03395 1
Posted Aug 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03395 1 - A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, solaris, freebsd, aix, hpux
advisories | CVE-2015-5416, CVE-2015-5417, CVE-2015-5418, CVE-2015-5419, CVE-2015-5420, CVE-2015-5421, CVE-2015-5422, CVE-2015-5423, CVE-2015-5424
SHA-256 | d4943331c6e9bd04dfbd5d772d43f3cfb604cd0b207c5e286fdb599dbf4649c0
Red Hat Security Advisory 2015-1680-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1680-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A Denial of Service flaw was found in the L2 agent when using the IPTables firewall driver. By submitting an address pair that will be rejected as invalid by the ipset tool, an attacker may cause the agent to crash.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2015-3221
SHA-256 | 1c900b64c1c046c15100d973b3f2c7c656a176c607769bcf507d218f35dac18e
Red Hat Security Advisory 2015-1678-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1678-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. A flaw was found in the Django session backends whereby an unauthenticated attacker could cause session records to be created in the configured session store, leading to a Denial of Service.

tags | advisory, web, denial of service, python
systems | linux, redhat
advisories | CVE-2015-5143
SHA-256 | da0bd1ff67bde2125708c6affce9b0c3dddf75822665f35c77de69c65d52fb71
Red Hat Security Advisory 2015-1679-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1679-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Two security issues were discovered in the Horizon dashboard and are addressed in this update: A cross-site scripting flaw was found in the Horizon Orchestration dashboard. An attacker able to trick a Horizon user into using a malicious template during the stack creation could use this flaw to perform an XSS attack on that user.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2015-3219, CVE-2015-3988
SHA-256 | 049a53c2f8b49daf6583db34ebce131b70093bb11ff93f3c7cb8322e2b815093
Red Hat Security Advisory 2015-1676-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1676-01 - Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system. All users of redis are advised to upgrade to these updated packages, which correct this issue.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-4335
SHA-256 | 7542ff0f7f8591ac2b7496069338aeb5f02634351c90ab819dece762771db9f3
Red Hat Security Advisory 2015-1674-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1674-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw, while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read upto 65KB of uninitialised Qemu heap memory.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5165
SHA-256 | 655ce68a55cb52082be13dff04d401b89873b55d5d3ba57ecfc23516472286eb
Red Hat Security Advisory 2015-1677-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1677-01 - Python-keystonemiddleware is a client library and a command line utility for interacting with the OpenStack Identity API. Red Hat Enterprise OpenStack Platform 6.0 contains and uses both the python-keystonemiddleware and python-keystoneclient versions of this package. It was discovered that some items in the the S3Token configuration as used by python-keystonemiddleware and python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. This would result in a setting for 'insecure=false' to evaluate as true and leave TLS connections open to MITM.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2015-1852
SHA-256 | a1617b37a82aaba4dffd76c93a797fec5f99a0e2790e814aeaca542becd1f2b4
Red Hat Security Advisory 2015-1675-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1675-01 - Libunwind provides a C ABI to determine the call-chain of a program. An off by one array indexing error was found in libunwind. It is unlikely that any exploitable attack vector exists in current builds or supported usage. This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which correct this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3239
SHA-256 | 5dbbc250256bba423718ba8da49fa8ff4d3663ff32e09800903aec59408ece1b
Red Hat Security Advisory 2015-1669-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1669-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3158
SHA-256 | ac6ff0c26dd0931f2a4b7dfc9c63aafe984926db6d86c345b37bec42e474e86e
Red Hat Security Advisory 2015-1671-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1671-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes bug fixes and enhancements. Documentation for these changes is available from the Red Hat JBoss Enterprise Application Platform 6.4.3 Release Notes, linked to in the References. It was discovered that under specific conditions that PicketLink IDP ignores role based authorization. This could lead to an authenticated user being able to access application resources that are not permitted for a given role.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3158
SHA-256 | 41db18bc723de61d5540e8ea0a2e0522fa12f7fbdb8f4a0f896ef9d5138a2012
Red Hat Security Advisory 2015-1672-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1672-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3158
SHA-256 | 825316d586b6cfb9c92ebea2d781e625d1e436e2810c1363c1460ebc77471f22
Red Hat Security Advisory 2015-1666-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1666-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185
SHA-256 | 0f0af590cf4c621e7c0a3e37a8fe52a41b798cb1d1718c319834d751b885ed27
Red Hat Security Advisory 2015-1673-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1673-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EE applications. It is based on JBoss Application Server 7 and incorporates multiple open-source projects to provide a complete Java EE platform solution. The jboss-ec2-eap package provides scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.3.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2015-3158
SHA-256 | 25fe77a88627a03de97904189e2e7072d53133c4a0aaa7b60864409de558185a
Red Hat Security Advisory 2015-1670-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1670-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3158
SHA-256 | a35f01c8ed5eec4e01e9170a8bf2dcfe62054f8945135a6a356a21502684669b
Red Hat Security Advisory 2015-1667-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1667-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3185
SHA-256 | cc995bdec6db74fa4bd9ed6a37fcb3a2d131bada36289012607e855214d38823
Red Hat Security Advisory 2015-1668-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1668-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. All httpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd service will be restarted automatically.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2015-3183
SHA-256 | 9dd5f07e7506c6bdca39972af899a077f6c01994adbef396b1168dfcf44aceb8
Red Hat Security Advisory 2015-1665-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1665-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. This update fixes several vulnerabilities in the MariaDB database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-3152, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757
SHA-256 | eee5d48a690c21e88f9787a0da818519c419771396111ec5b95d2704445ff426
Red Hat Security Advisory 2015-1664-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1664-01 - Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE. A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-2721, CVE-2015-2730
SHA-256 | 3498aaba984c0397d5021e266a21f7fc2203bcbcadf82c1c6ff3c6e60f6a2e4b
HP Security Bulletin HPSBMU03345 1
Posted Aug 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03345 1 - Potential security vulnerabilities have been identified with HP Network Node Manager i and Smart Plugins (iSPIs). The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The SSLv3 vulnerability using US export-grade RSA encryption known as FREAK could be exploited remotely to allow unauthorized . Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-0204, CVE-2015-2808, CVE-2015-4000
SHA-256 | fe7f899b4850cb2631ccebca80f500545354289771cf98a3fb0cd9de9070a04d
Red Hat Security Advisory 2015-1657-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1657-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this flaw to force a client to download content from an untrusted domain. All rh-ruby22-ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running instances of Ruby need to be restarted for this update to take effect.

tags | advisory, ruby
systems | linux, redhat
advisories | CVE-2015-3900
SHA-256 | a83a76331113d2b393468cdeb02666b0ee5a4d97f354b9b3f8e95a81b41f2fc7
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close