Aethra SV2242E suffers from an XML external entity injection vulnerability.
f6e1dff459b1b34ead7aedcf8cec0f90b77dec9084aca725feca07e6529faf74
Red Hat Security Advisory 2015-2545-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
23126030912ce13e6f67046b218273250d65f3f2a03ab3411e6465eed00201ec
Red Hat Security Advisory 2015-2544-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to. This issue was discovered by Jordan Liggitt of Red Hat Atomic OpenShift.
e79355bab9122208743e19448a24c138d26a43a46d9ca55a2e5cfa71b1f163cc
WordPress Cool Video Gallery plugin version 1.9 suffers from a remote command injection vulnerability.
5527218243efe625a95dd6c7587560dc325ce8d0f1365babde77ebbdb4973007
ASUS RT-N15U suffers from code execution, cross site request forgery, cross site scripting, and open redirection vulnerabilities.
d1c82b8071267c44391fdf0d71b71f396d5966f96c2c97a35a8df881891b8b83
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
eee11def03647aa2267434a779608af6fca645023c9a194ddb82f14426835537
EMC NetWorker contains a denial of service vulnerability that is caused by incorrect handling of malformed messages. A malicious user can construct and use malformed messages as a part of RPC authentication attempt, which can result in denial of service from critical NetWorker processes. Versions affected include 8.0.4.5 or later, 8.1.3.6 or later, 8.2.2.2 or later, and 9.0 Build 407 or higher.
e416ce7e1365e16866816655a3c3841b004255565655e81e70ea4de11479f625
Banner Student suffers from cross site scripting, information disclosure, user enumeration, and open redirect vulnerabilities. Versions affected range through 8.5.1.2 to 8.7.
ac1224d3a2c05dfbbfdcac9ff7ec8f63d106fdc3c9fd7d2a3d28f25b3baf9aac
Ubuntu Security Notice 2827-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
684b357b80cf1aa524a066dc53487410bde75791d42a81c81b9e182ca7edea65
Slackware Security Advisory - New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
b00153fe943a9ec2ec32ab0fb50b52c57aae3585e8201e2d9960cfe0a2ae70db
Ubuntu Security Notice 2826-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.
a46cac37588ee91b5f88a74d036718a72a40eb593bde4fc8fd7dd5be31746a37
Debian Linux Security Advisory 3411-1 - Michal Kowalczyk discovered that missing input sanitizing in the foomatic-rip print filter might result in the execution of arbitrary commands.
115f5c398e30dbc11ada3adb77eb84a593571a1601061db9c9cf98ec628f5f80
Ubuntu Security Notice 2828-1 - Jason Wang discovered that QEMU incorrectly handled the virtio-net device. A remote attacker could use this issue to cause guest network consumption, resulting in a denial of service. Qinghao Tang and Ling Liu discovered that QEMU incorrectly handled the pcnet driver when used in loopback mode. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
fc0b08dbcf83bbc55bb54aad652eecb253d942b7951bfa2f15d8b8c01f810021
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
891b6026a26afcacd00ad70f3cb2d8ffbb65201f966259158bf104e9e617814f
OpenSSL Security Advisory 20151203 - There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Other issues were also addressed.
47226417fb16c4f755233423cc8e871f0e4f6f54208d5c74b1e9fb97ec335763
huutoporssi.fi, which is currently offline, suffers from cross site scripting, privilege escalation, information disclosure, and user data modification vulnerabilities.
5cfe8025663a2bfef9a365a6f6b6884916d199ece4fae1a80e9963fa8737b3ad
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
41c266f4316546b227c5da447568ee64d856cb85a9104893038e66bc9b956d58
This Metasploit module exploits a vulnerability found in Oracle BeeHive. The processEvaluation method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM.
0dd4b2592fada413038b4c9f336ee7ca63693bbb79a1842a8646d6ac30bff4df
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
e29a9ddd3c50a61497594dbfeb1263ace0bbd21f51b26e136d50480e96a396d4
This Metasploit module exploits a vulnerability found in Oracle BeeHive. The prepareAudioToPlay method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM. Authentication is not required to exploit this vulnerability.
2ffb837bd56e22b7a4670bff61370cd18bac27e5c719ed050224b17709ad6f2e
Red Hat Security Advisory 2015-2542-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
769753c23fa44883c0a1cb29228b56da67792c60690a326278743b344879bb60
Red Hat Security Advisory 2015-2541-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
54ef7d2cacc1fca8cda27da2f49d2e75a9654c0ed2bd911f0f4b661e4ef15620
Red Hat Security Advisory 2015-2540-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
303793d8561dccbe0bccc7c85fef2a6f2c76c530e82a96fb1bcfba7b1477990e
Red Hat Security Advisory 2015-2539-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
cec179433c8b214af2aeadf23419255ffc44da58f98017b40827dbf4b84b6e92
Red Hat Security Advisory 2015-2538-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
dc3af6c291832609148a6b54f87ef924bfcdea3e964652c58de6588a02d3ef4d