OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919OXID eShop Community Edition version 4.9.7 suffers from path traversal and privilege escalation vulnerabilities.
6d480e472dd8ac2378c54bdb33cab32a7b02cd23ec4e03639daf3671e5bd7067Swagger Editor version 2.9.9 suffers from a cross site scripting vulnerability.
2c9f139677da0df23f3a83e1dfd810fd387124a00de5fae2c2e07e62c09ac0efNetCommWireless HSPA 3G10WVE suffers from authentication bypass and remote code execution vulnerabilities.
9996c2e688f51727de634672566a4b67b0fea81f1759e9ab8f7ea6e2e10391bblibxml versions prior to 2.9.3 suffer from a stack overflow vulnerability when parsing a malicious file.
e627232db6fe21d686a937565c9d43af1ef4a7e15710847f48703d1656e2f593Zabbix Agent version 3.0.1 suffers from a remote shell command injection vulnerability via mysql.size.
6f4704de4bcf1cffa3bdc31fb48a54c0bbd0e2a752f76897323a61d5406a6f59Red Hat Security Advisory 2016-0711-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix: The Jenkins continuous integration server has been updated to upstream version 1.642.2 LTS that addresses a large number of security issues, including XSS, CSRF, information disclosure, and code execution.
8cb241f7f26e24db895bca20b367c5d2ec75547e9aa7d1d03f82eab44c897d01Ubuntu Security Notice 2959-1 - Huzaifa Sidhpurwala, Hanno Boeck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. Various other issues were also addressed.
3fb297642dda424c9a2fdccf91144e60ea85032eaaa5c25bace6373ceec41e05Red Hat Security Advisory 2016-0716-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
078167b3a1b6eede13852019b0c8bb3574483fe875d568c5496e595340c7d03dDebian Linux Security Advisory 3566-1 - Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.
c4d2a15eb0d1dceb59a021eef09bc9edd0bfe8717d7f9c3514d177c58c51295fSlackware Security Advisory - New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
691ee2b30ae6b117b4855ba8e0f0dd25e513546845e8670049741f2b2fe52eb8Moxa MiiNePort suffers from cross site request forgery, weak credential management, and sensitive information protection vulnerabilities.
7ed488745e4d059d12d5ec837be93fd1917ea75cdbe335cca37b64e00022a474CONFidence 2016 Call For Papers - This conference will take place from May 19th through the 20th, 2016 in Krakow, Poland.
866cf1ecab274d7a542c851887290f1a1e0a616227e02188fa9b5a7c1896d9e6Linux 4.4 suffers from a use-after-free vulnerability in double-fdput().
fdf02d266337b84af0f49b7c8b000f74559cac23baf06e83b0bb199f19224b59Fuzzing packed executables with McAfee's LiveSafe version 14.0 on Windows found a signedness error parsing sections and relocations.
df3a3c638fb803483492e5595745c6b207dc5378a2e3150bc4c2f7d4306afa97Linux suffers from a reference count overflow using BPF maps.
7adaf8180063a09e3682592ef0ccca5ec1a3445cd1c0424d7f622a7d8f579117OpenSSL Security Advisory 20160503 - This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time. Other issues were also addressed.
c1bd7ca386d1c20c2cc9e48468708819814aeb79be8b47c58d08c86485a8125aMobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.
9a9189b4d7fe03495edaca2f8d76a9fbb34f18d666bd43cc24ac1ab1a8d428ddA race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.
34223fcdcb6cbd70c6b1a484cbbe82f7969a88b8b78a173e0396adc447df53aaCMS Made Simple versions prior to 2.1.3 and 1.12.2 suffer from a web server cache poisoning vulnerability.
a13d86771a20355ec31260d111b449108279447a297ac945443686c587923cee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed