|
|
Colapse all |
Post message
[SECURITY] [DSA 3595-1] mariadb-10.0 security update 2016-06-05 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 3594-1] chromium-browser security update 2016-06-04 Michael Gilbert (mgilbert debian org) FreeBSD Security Advisory FreeBSD-SA-16:24.ntp 2016-06-04 FreeBSD Security Advisories (security-advisories freebsd org) [slackware-security] ntp (SSA:2016-155-01) 2016-06-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2016-155-01) New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches [ more ] [ reply ] [security bulletin] - Linux Kernel Flaw, ASN.1 DER decoder for x509 certificate DER 2016-06-03 HP Security Alert (hp-security-alert hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0515855 5 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05158555 Version: 1 HPSBHF3548 - Linux Kernel F [ more ] [ reply ] [security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access 2016-06-03 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05162399 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05162399 Version: 2 HPSBUX03616 S [ more ] [ reply ] [Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability 2016-06-03 Brian Demers (bdemers apache org) Severity: Important Vendor: The Apache Software Foundation Versions Affected: 1.0.0-incubating - 1.2.4 Description: A default cipher key is used for the "remember me" feature when not explicitly configured. A request that included a specially crafted request parameter could be used to execute ar [ more ] [ reply ] Notilus v2012 R3 - SQL injection 2016-06-03 alex_haynes outlook com Exploit Title: Notilus SQL injection Product: Notilus travel solution software Vulnerable Versions: 2012 R3 Tested Version: 2012 R3 Advisory Publication: 03/06/2016 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89] CVE Reference: NONE C [ more ] [ reply ] ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability 2016-06-02 Security Alert (Security_Alert emc com) Zoho OpManager < v12 2016-06-02 d_fens redbrick dcu ie Reported these 27/08/2015 these were eventually fixed in version 12 because the entire application is based on emberjs now. There are no CVEs for these issues assigned nor is there any acknowledgement of the issues in any patches. Therefore only version 12 fixes these. Multiple stored and reflected [ more ] [ reply ] [security bulletin] HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF) 2016-06-02 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05157667 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05157667 Version: 1 HPSBMU03607 r [ more ] [ reply ] SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway 2016-06-02 SEC Consult Vulnerability Lab (research sec-consult com) XML External Entity XXE vulnerability in OpenID component of Liferay 2016-06-02 Sandro Gauci (sandro enablesecurity com) # XML External Entity XXE vulnerability in OpenID component of Liferay - Author: Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Vulnerable version: Liferay 6.2.3 CE GA4 and earlier - Liferay reference: LPS-58014 - Advisory URL: <https://github.com/EnableSecurity/advisories/tree/master/ES2016-01-life ray [ more ] [ reply ] [security bulletin] HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities 2016-06-01 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05158380 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05158380 Version: 1 HPSBMU03612 [ more ] [ reply ] [security bulletin] HPSBOV03615 rev.1 - HPE OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine, Multiple Remote Vulnerabilities 2016-06-01 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05158626 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05158626 Version: 1 HPSBOV03615 r [ more ] [ reply ] Cisco Security Advisory: Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability 2016-06-01 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability Advisory ID: cisco-sa-20160601-prime3 Revision 1.0 For Public Release 2016 June 1 16:00 UTC (GMT) +--------------------------------------------------------------------- Summa [ more ] [ reply ] Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability 2016-06-01 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability Advisory ID: cisco-sa-20160601-prime Version 1.0: Final For public release: 2016 June 1 16:00 GMT +-------------------------------- [ more ] [ reply ] [security bulletin] HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS) 2016-06-01 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05157423 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05157423 Version: 1 HPSBGN03609 r [ more ] [ reply ] AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS 2016-06-01 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AJAXEXPLORER-REMOTE-CMD-EXECU TION.txt [+] ISR: apparitionsec Vendor: ========== sourceforge.net smsid download linx: sourceforge.net/projects/ajax-explorer/files/ Product: = [ more ] [ reply ] [SECURITY] [DSA 3590-1] chromium-browser security update 2016-06-01 Michael Gilbert (mgilbert debian org) FreeBSD Security Advisory FreeBSD-SA-16:20.linux 2016-05-31 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-16:22.libarchive 2016-05-31 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-16:23.libarchive 2016-05-31 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-16:21.43bsd 2016-05-31 FreeBSD Security Advisories (security-advisories freebsd org) [RT-SA-2016-005] Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution 2016-05-31 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution A vulnerability within the Relay Ajax Directory Manager web application allows unauthenticated attackers to upload arbitrary files to the web server running the web application. De [ more ] [ reply ] [RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow 2016-05-31 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Websockify: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered a buffer overflow vulnerability in the C implementation of Websockify, which allows attackers to execute arbitrary code. Details ======= Product: Websockify C implementation Affected Versions: all versi [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3595-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 05, 2016
[ more ] [ reply ]