Red Hat Security Advisory 2015-2512-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. A feature in Ceph Object Gateway allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse the load balancer residing in front of RGW, potentially resulting in a denial of service.
5bba935c88e61a982529ecb4d0825c43268b216c262550f6c407bc0e20298d16Red Hat Security Advisory 2015-2066-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. A feature in Ceph Object Gateway allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse the load balancer residing in front of RGW, potentially resulting in a denial of service.
4c2c2ec31725478916e6a5361f37441d8c1fb0d51c13871c6ec90c61565d5100A privilege escalation vulnerability has been identified in that the Steam Microsoft Windows client software is installed with weak default permissions. These permissions grant read and write access to the Windows Users group for the install folder. This includes Steam.exe which is launched upon user login. Version 2.10.91.91 is confirmed vulnerable.
66f1b7811fa2e915d358da3af9007cb2b0c58c1031bb2b909b5fc2f1e8067197SAP Mobile Platform version 2.3 suffers from an XML external entity injection vulnerability.
763ac979871c176d5a9e6b1f185a1e6109b4d7b5f4517066de0a8a2a92f8f153SAP Afaria version 7 suffers from a stored cross site scripting vulnerability.
2082d9ff424b99cbc2ae9d7bfcce7559468dcb8de5806eb40ae0272bfc163ca1SAP NetWeaver version 7.4 suffers from an XML external entity injection vulnerability.
b5a92464ff47c770ab76479c835e0239d3e5db4770ef988ae3b50741e8e7356cCeloxis versions 9.5 and below suffer from a cross site scripting vulnerability.
0ce327191126fee2975846ae4df13c4f34768a717772e1666d36b2e5d8b59286Red Hat Security Advisory 2015-2504-01 - libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. ABRT uses libreport. It was found that ABRT may have exposed unintended information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not intended to be made public, including host names, IP addresses, or command line options.
c6e8ff0f0a3029c1ec338fb8b132ef3439f2abe1072f5e3c8114d5298359986fRed Hat Security Advisory 2015-2505-01 - ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the ABRT debug information installer did not use temporary directories in a secure way. A local attacker could use the flaw to create symbolic links and files at arbitrary locations as the abrt user.
96ace45f7feb868e68722af714fbf8c6b1b7e30c0c115609d93d96fa1c299b11Red Hat Security Advisory 2015-2507-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
b7e18c8684088d3578868cd309fddf0f9f8f8c4b95fd2ddc2625b84d512d1d53Red Hat Security Advisory 2015-2509-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
834832b1484e1625bcfa6276df2ee304215ec2774b0b531108d0f255023a9501Red Hat Security Advisory 2015-2508-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
2450d307ad133a0d099f9fe68c01e663e8e8321ecc3f4e0edabc899a3e46d828Red Hat Security Advisory 2015-2506-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
2b58a7dc0e4778c5b7cef3899bb02cd76151611c5fe6b525585ddca301e44746Apache Flex BlazeDS versions 4.7.0 and 4.7.1 suffer from a server-side request forgery vulnerability.
0005b6103d499d01523afeee675b0ec07725b42b1b1468d91a6d3b6c8f9096aevBulletin version 5.x suffers from a code execution vulnerability.
8bae9267f14bc87a02271f45d06cb5b550d1a16db3443ab464810a2e31344f2b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed