Red Hat Security Advisory 2015-1685-01 - Python-keystoneclient is a client library and a command-line utility for interacting with the OpenStack Identity API. It was discovered that some items in the S3Token configuration as used by python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option was set to "false", the option would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. Note: The "insecure" option defaults to false, so setups that do not specifically define "insecure=false" are not affected.
f7c56d4b381ea910926af2ea30028853daff29cd7f8167099a0f0009a6fa3119Red Hat Security Advisory 2015-1683-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.
05e8000a6206bbfbe20a766ed07087904157b0283a55bcc3b13dd5695debb6d1Red Hat Security Advisory 2015-1684-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container.
ee39183a3ea994aeff17098083ebe2a8492a6ee3bf022511868c02167de39768HP Security Bulletin HPSBMU03397 1 - Potential security vulnerabilities have been identified with HP Version Control Agent (VCA) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.
4b42962930ba66e223d79373611361d9e3b5d02e2010fe34205524553f22c3d5HP Security Bulletin HPSBMU03413 1 - Potential security vulnerabilities have been identified with HP Virtual Connect Enterprise Manager SDK. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.
6b5a85f0a3835e211788a83e13c0d0712017e6346f21143164be00789078748cHP Security Bulletin HPSBMU03396 1 - Potential security vulnerabilities have been identified with HP Version Control Repository Manager (VCRM) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), execution of arbitrary code, unauthorized modification, unauthorized access, disclosure of information, cross-site request forgery (CSRF), or elevation of privilege. Revision 1 of this advisory.
619deaf4049b64ca228d248eccdea1ecdfa933166df8d4b18aafd081c1b4ca8fRed Hat Security Advisory 2015-1686-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. A flaw was found in the Django session backend, which could allow an unauthenticated attacker to create session records in the configured session store, causing a denial of service by filling up the session store.
acf60870374e52838ceb79bf380b03c1f8262786630a6240d6a305c27b59d945WordPress Car Rental System plugin versions prior to 3.1 suffer from a remote SQL injection vulnerability.
a2cdab0c11366b52adaafd94afcce39eacb22aff6f7f1ff06b4f931c4a631ffaMagento shoplift exploit that adds an administrator account. Flaw originally discovered by CheckPoint.
a0b1053cf090b751b7847bc8312657f3d98e988645e6d4a2d846df5e19b0cf8aThis is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428Microsoft Office 2007 suffers from a RTF XML SmartTags use-after-free vulnerability.
9112fd06f8a9594124ac555685a4c390b42d8b36cbf029a9deca63894f80b49eMicrosoft Office 2007 suffers from a OneTableDocumentStream invalid object vulnerability.
71aae25eeff40a890630b5def4b9a4c33395e8cd48b05b1af664a30be591e023Microsoft Office 2007 suffers from a stack-based buffer overflow vulnerability when handling a malformed document.
fc3f3a43acba1f2993d16df8be2f8af7217caf24ea88bc37b3ab71571b41e296Page2Flip version 2.5 is missing an access control and due to this allows for information disclosure.
4d58d05abd8782f6ea8e55b951adbc39826bfb054bc42cad328a0157a2cf0cf3Page2Flip version 2.5 suffers from a session management issue that allows deleted users to still login.
3dd3826320edfc3d9787b04d941d218aa5fcb2d184361a4c7704cfea80c20ef4Page2Flip version 2.5 suffers from an authorization bypass vulnerability.
81eff9c8072a47333a722737d210492a75a50e881af03b9fbb7745d495b77d5cPage2Flip version 2.5 suffers from an insecure direct object reference vulnerability.
88377ffbd2ae0e8c6494acd84244a8d80fc28f3b4cb5e706a672ceaab14433b9Page2Flip version 2.5 suffers from a persistent cross site scripting vulnerability.
a80dbfc906c92033fe34653626d3672fe4672f10582601c6398132ae3406a17bPage2Flip version 2.5 suffers from a cross site scripting vulnerability in the create user functionality.
8c4a6a8c8fb7c3e5d54cac7cab64b3e9ec1fd020d73d675cbf2229ba4b628693This guide is to help others integrate their Microsoft 2013 Lync systems with AsteriskNOW for use with non-Lync compatible SIP providers.
368670bac076a99e8be719227b8a15dfab584d7e8ed20365c28899df35a6cddaPage2Flip version 2.5 suffers from a denial of service vulnerability.
d605475e023fd099f6ae5991a6c9dc8b5175e3d6115f0f5e24bdef720b8b65c0Dell SonicWall NetExtender version 7.5.215 suffers from a privilege escalation vulnerability.
f0b514cab106db17e65e6afa1d98fdd80dad6bd4d518110c106cfcff55f1bcd3WordPress Google Analyticator plugin version 6.4.9.4 suffers from cross site scripting vulnerabilities.
7f7523e430b3afce63313d41c2b6e4084ef335223ee61e6f6fdb35a34d45f768Netop Remote Control versions 11.52 and 12.11 suffer from hard-coded cryptographic key and insufficiently protected credential issues.
bd92784b38a1c301a6674b12b72e327934aa4b895b78f8ea87bbefcaaebfb4a3Pligg CMS version 2.0.2 suffers from a cross site request forgery vulnerability.
e8df6ea13dde593af7dce761b232c1d61d5a0fb061392ea66d9fa5a7ea0f440d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed