Debian Linux Security Advisory 3325-2 - The security update from DSA-3325-1 caused a regression for the oldstable distribution (wheezy). In some configurations, apache2 would fail to start with a spurious error message about the certificate chain. This update fixes this problem.
fd4d8ea6fb703a779ebd203d0b03250043668ae38cf071ff46e94eebb23692e2
Ubuntu Security Notice 2719-1 - Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).
76c28116bbdcbd54ba0a647a437d7adcf059560beea7da39f655547b545fe635
Red Hat Security Advisory 2015-1639-01 - OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A flaw was found in the OpenStack Image Service import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw.
d026dfb8e0c6a24ed1480809b2c8412f1cd4ea4019d36f5dec65624cee87ba49
Ubuntu Security Notice 2717-1 - Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).
8d89ec079302bf6432681d4eefcfaba157b9b1ed7fae54681fc70c63905f3606
Ubuntu Security Notice 2718-1 - Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).
9246c46fbea047b8f474b74085a423e569edfe56ee7e7eb9d09f5c99c181b93d
Ubuntu Security Notice 2716-1 - Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).
3d52f120702bc2878f07f1146b86322de5ad5f3fd6f2152bd2a39875cf93ef24
OpenText Secure MFT version 2014 R2 SP4 and some prior versions suffer from a cross site scripting vulnerability.
0ca2f8ce2ac1e8fd0292e44455cd17e0bc3afed80f5f026aa383e3aa9639351c
Trend Micro Deep Discovery Threat Appliance version 3.7.1096 Certain Deep Discovery Inspector URLs including the system log and whitelist/blacklist are accessible to a non-administrator user because the pages do not properly check for authorization. An unauthenticated user without administrator privileges may thus gain access to and modify certain system configuration settings.
2f3b650b488ea428a91118a4744eb72ff92980a194e44fe5a2d45641ddf7748d
It was discovered that the server certificate validation checks performed by EMC Secure Remote Services Virtual Edition are insecure. Weak certificate validation allows attackers to perform a man in the middle attack against ESRS connections. This allows for eavesdropping on, and spoofing of provisioned devices in ESRS VE (including but not limited to home calls to the ESRS portal esrs.emc.com). Versions 3.02, 3.03, and 3.04 are affected.
895ec0911f275467cdc882bab4fd519470eb66160a1c9ff1d02204173cd0bc37
SAP NetWeaver AS Java version 7.4 suffers from an XXE injection vulnerability. Related CVE Number: CVE-2015-4091.
6cfc59352a8bee96dd51e5b8172b86529f4d78b89fc4d04fbb33af78e0cd1d52
EMC Documentum WebTop and WebTop-based clients are affected by a cross site request forgery vulnerability. An attacker can potentially exploit this vulnerability by tricking authenticated users of the application to click on links embedded within an email, web page, or another source, and perform Docbase operations with that user's privileges.
ad1a83f8c864d27f64af80a01849f2edf8a6a00ce286cec429b553b3059f4c4f
UNIT4TETA TETA WEB version 22.62.3.4 suffers from an authorization bypass vulnerability.
fdd28477bf2f54627c01a32c396aeec05fd01c67d3b979bdbca2491f59e2b4f0
Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, is vulnerable to local privilege escalation via command injection. Cumulus Linux's clcmd_server, when receiving commands that end in user supplied labels, will execute any other command appended to the end of it whether it is in the Rosetta or not. And it will do so using its own running credentials which are root. Versions 2.5.3 and earlier are affected.
a1fb04f6cf34bae2b04ccf1d59b164a1842267b7fa3db86f1b9bd93597c10072
Pligg CMS version 2.0.2 suffers from an open redirection vulnerability.
8de2916fb64edab5627798231d00a3bccfd6941441919181802ea8d1d12632d0