OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
9392e65072ce4b614c1392eefc1f23d0
OXID eShop Community Edition version 4.9.7 suffers from path traversal and privilege escalation vulnerabilities.
967a169d170e23b852bab8a8ae953b71
Swagger Editor version 2.9.9 suffers from a cross site scripting vulnerability.
b53df8f45f91a77bb2ce060de0233f8d
NetCommWireless HSPA 3G10WVE suffers from authentication bypass and remote code execution vulnerabilities.
757797a6cf41e96e0225c3f51900b37f
libxml versions prior to 2.9.3 suffer from a stack overflow vulnerability when parsing a malicious file.
4f1082b373da496d63b7f7f54ce7ab65
Zabbix Agent version 3.0.1 suffers from a remote shell command injection vulnerability via mysql.size.
0e127395045646f3d0f4f76cf5df25ec
Red Hat Security Advisory 2016-0711-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix: The Jenkins continuous integration server has been updated to upstream version 1.642.2 LTS that addresses a large number of security issues, including XSS, CSRF, information disclosure, and code execution.
acdd67c123ba61e93f16c9e70e9fc173
Ubuntu Security Notice 2959-1 - Huzaifa Sidhpurwala, Hanno Boeck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. Various other issues were also addressed.
4925406da94e0165485ac54ee227166b
Red Hat Security Advisory 2016-0716-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
954a455dd4654d2e23193d1b51f899eb
Debian Linux Security Advisory 3566-1 - Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.
2c73861f374ae26a66c6684a585a8fed
Slackware Security Advisory - New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
0fbf869fd346cd8bdb9121760b0488e3
Moxa MiiNePort suffers from cross site request forgery, weak credential management, and sensitive information protection vulnerabilities.
92a9adf18f62186fdffb40720a4c11fc
CONFidence 2016 Call For Papers - This conference will take place from May 19th through the 20th, 2016 in Krakow, Poland.
d0c8524e81294f8ae3552e05e5b117a2
Linux 4.4 suffers from a use-after-free vulnerability in double-fdput().
dfd0a1c5e8fc8b444a14c6a1a6f6c484
Fuzzing packed executables with McAfee's LiveSafe version 14.0 on Windows found a signedness error parsing sections and relocations.
3b23a5a592ee656d437e100b6c4c4322
Linux suffers from a reference count overflow using BPF maps.
e910d3a25817a9fb6a4cfca080ea791a
Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.
f3df40afd37a25833c3786065c2145fd
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.
8a00dfb29a5769d243754a1a99030296
CMS Made Simple versions prior to 2.1.3 and 1.12.2 suffer from a web server cache poisoning vulnerability.
68c513709fea71de8af188448ecd5734