what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-10-16

Ubuntu Security Notice USN-2772-1
Posted Oct 16, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2772-1 - Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt() function was provided a too-short salt. An attacker could use this flaw to read private data. Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust available stack space. An attacker could use this flaw to perform a denial of service attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2015-5288, CVE-2015-5289
MD5 | 95f0b337f6122cac413e344ac0725f97
HP Security Bulletin HPSBOV03503 1
Posted Oct 16, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03503 1 - Potential security vulnerabilities have been identified in HP OpenVMS CSWS_JAVA running Tomcat. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2013-4444, CVE-2013-4590, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0230, CVE-2014-0277
MD5 | 6fe4f7a06015373b53986b43bfde1890
Google Open Redirect
Posted Oct 16, 2015
Authored by Vicente Aguilera Diaz

The Google generic TLD and ccTLD suffer from an open redirection vulnerability.

tags | exploit
MD5 | 1edf52990acc06056d5bb7bb7d758dd4
Apple Security Advisory 2015-10-15-1
Posted Oct 16, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-10-15-1 - Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address information compromise, arbitrary code execution, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | cisco, apple, ios
advisories | CVE-2015-3784, CVE-2015-7032, CVE-2015-7033, CVE-2015-7034
MD5 | cc81711802db1133386c30e0dd73870b
Red Hat Security Advisory 2015-1894-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1894-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions.

tags | advisory, remote, web, python
systems | linux, redhat
advisories | CVE-2015-5963, CVE-2015-5964
MD5 | 344a83b89b091e48a8f80fce34c14c62
Red Hat Security Advisory 2015-1895-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1895-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to deployment in multiple data centers. A flaw was found in the OpenStack Object storage service tempurls. An attacker in possession of a tempurl key with PUT permissions may be able to gain read access to other objects in the same project.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5223
MD5 | b0690cfef8c095dd395e9bcd3bc9ab0a
Red Hat Security Advisory 2015-1896-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1896-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance or potentially execute arbitrary code on the host.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-5279
MD5 | 2e874626b2f7c02e73ea87c7676381a0
Ubuntu Security Notice USN-2771-1
Posted Oct 16, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2771-1 - It was discovered that click did not properly perform input sanitization during click package installation. If a user were tricked into installing a crafted click package, a remote attacker could exploit this to escalate privileges by tricking click into installing lenient security policy for the installed application.

tags | advisory, remote
systems | linux, ubuntu
MD5 | 6364f23c94ced6a70ef1de3c2f992e53
HPE Security Bulletin HPSBUX03512 SSRT102254 1
Posted Oct 16, 2015
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03512 SSRT102254 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts including.. - The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. - The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2015-2808, CVE-2015-3183, CVE-2015-4000
MD5 | 82f686cb2fe6f4d43efcc320d791f31c
Red Hat Security Advisory 2015-1906-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1906-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console.

tags | advisory, java, web, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2015-5178, CVE-2015-5188, CVE-2015-5220
MD5 | ddc9324c2d946c4587d201da78d99017
Red Hat Security Advisory 2015-1907-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1907-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console.

tags | advisory, java, web, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2015-5178, CVE-2015-5188, CVE-2015-5220
MD5 | e20d7a3d1934ff0d5ceffe5f12ec0798
Red Hat Security Advisory 2015-1912-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1912-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 46.0.2490.71, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-6755, CVE-2015-6756, CVE-2015-6757, CVE-2015-6758, CVE-2015-6759, CVE-2015-6760, CVE-2015-6761, CVE-2015-6762, CVE-2015-6763
MD5 | 82550b179ee196f76ed1e1eeba3e1b3a
Red Hat Security Advisory 2015-1909-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1909-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A race-condition flaw leading to ACL bypass was discovered in OpenStack Networking. An authenticated user could change the owner of a port after it was created but before firewall rules were applied, thus preventing firewall control checks from occurring. All OpenStack Networking deployments that used either the ML2 plug-in or a plug-in that relied on the security groups AMQP API were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5240
MD5 | 3bab09c1e618ec60371434779c14e463
Red Hat Security Advisory 2015-1898-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1898-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A denial of service flaw was found in the OpenStack Compute instance migration process. Because the migration process does not terminate when an instance is deleted, an authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an instance.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2015-3241, CVE-2015-3280
MD5 | f8076a5e00ca6bfe66cc94b2d573b299
Red Hat Security Advisory 2015-1897-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1897-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to reactivate disabled images, bypass storage quotas, and in some cases replace image contents. Setups using the Image service's v1 API could allow the illegal modification of image status. Additionally, setups which also use the v2 API could allow a subsequent re-upload of image contents.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-5251, CVE-2015-5286
MD5 | c340b401e75dc64c304c0f0262ccfdb1
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close