Red Hat Security Advisory 2015-2512-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. A feature in Ceph Object Gateway allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse the load balancer residing in front of RGW, potentially resulting in a denial of service.
5bba935c88e61a982529ecb4d0825c43268b216c262550f6c407bc0e20298d16
Red Hat Security Advisory 2015-2066-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. A feature in Ceph Object Gateway allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse the load balancer residing in front of RGW, potentially resulting in a denial of service.
4c2c2ec31725478916e6a5361f37441d8c1fb0d51c13871c6ec90c61565d5100
A privilege escalation vulnerability has been identified in that the Steam Microsoft Windows client software is installed with weak default permissions. These permissions grant read and write access to the Windows Users group for the install folder. This includes Steam.exe which is launched upon user login. Version 2.10.91.91 is confirmed vulnerable.
66f1b7811fa2e915d358da3af9007cb2b0c58c1031bb2b909b5fc2f1e8067197
SAP Mobile Platform version 2.3 suffers from an XML external entity injection vulnerability.
763ac979871c176d5a9e6b1f185a1e6109b4d7b5f4517066de0a8a2a92f8f153
SAP Afaria version 7 suffers from a stored cross site scripting vulnerability.
2082d9ff424b99cbc2ae9d7bfcce7559468dcb8de5806eb40ae0272bfc163ca1
SAP NetWeaver version 7.4 suffers from an XML external entity injection vulnerability.
b5a92464ff47c770ab76479c835e0239d3e5db4770ef988ae3b50741e8e7356c
Celoxis versions 9.5 and below suffer from a cross site scripting vulnerability.
0ce327191126fee2975846ae4df13c4f34768a717772e1666d36b2e5d8b59286
Red Hat Security Advisory 2015-2504-01 - libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. ABRT uses libreport. It was found that ABRT may have exposed unintended information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not intended to be made public, including host names, IP addresses, or command line options.
c6e8ff0f0a3029c1ec338fb8b132ef3439f2abe1072f5e3c8114d5298359986f
Red Hat Security Advisory 2015-2505-01 - ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the ABRT debug information installer did not use temporary directories in a secure way. A local attacker could use the flaw to create symbolic links and files at arbitrary locations as the abrt user.
96ace45f7feb868e68722af714fbf8c6b1b7e30c0c115609d93d96fa1c299b11
Red Hat Security Advisory 2015-2507-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
b7e18c8684088d3578868cd309fddf0f9f8f8c4b95fd2ddc2625b84d512d1d53
Red Hat Security Advisory 2015-2509-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
834832b1484e1625bcfa6276df2ee304215ec2774b0b531108d0f255023a9501
Red Hat Security Advisory 2015-2508-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
2450d307ad133a0d099f9fe68c01e663e8e8321ecc3f4e0edabc899a3e46d828
Red Hat Security Advisory 2015-2506-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
2b58a7dc0e4778c5b7cef3899bb02cd76151611c5fe6b525585ddca301e44746
Apache Flex BlazeDS versions 4.7.0 and 4.7.1 suffer from a server-side request forgery vulnerability.
0005b6103d499d01523afeee675b0ec07725b42b1b1468d91a6d3b6c8f9096ae
vBulletin version 5.x suffers from a code execution vulnerability.
8bae9267f14bc87a02271f45d06cb5b550d1a16db3443ab464810a2e31344f2b