|
|
Colapse all |
Post message
[security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS) 2015-11-10 security-alert hpe com Microsoft .NET Framework XSS / Elevation of Privilege CVE-2015-6099 2015-11-11 apparitionsec gmail com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-MICROSOFT-XSS-ELEVATION-OF -PRIVILEGE.txt Vendor: ================== www.microsoft.com Product: =========================== Microsoft .NET Framework Vulnerab [ more ] [ reply ] TestLink 1.9.14 CSRF Vulnerability 2015-11-08 Aravind (altoarun gmail com) Information ================================= Name: CSRF Vulnerability in TestLink 1.9.14 Affected Software: TestLink Affected Versions: 1.9.14 and possibly below Vendor Homepage: http://testlink.org/ Severity: High Status: Fixed Vulnerability Type: ================================= Cross Site Req [ more ] [ reply ] TestLink 1.9.14 Persistent XSS 2015-11-08 Aravind (altoarun gmail com) Information ================================= Name: Persistent XSS Vulnerability in TestLink 1.9.14 Affected Software: TestLink Affected Versions: 1.9.14 and possibly below Vendor Homepage: http://testlink.org/ Severity: High Status: Fixed Vulnerability Type: ================================= Pers [ more ] [ reply ] [ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities 2015-11-06 Timothy Bish (tabish121 gmail com) There following security vulnerability was reported against Apache ActiveMQ 5.10.0 and older versions. Please check the following document and see if youâ??re affected by the issue. http://activemq.apache.org/security-advisories.data/CVE-2014-3576-announ cement.txt Apache ActiveMQ 5.11.0 and newer [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2015-310-01) 2015-11-06 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2015-310-01) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [slackware-security] mozilla-nss (SSA:2015-310-02) 2015-11-06 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-nss (SSA:2015-310-02) New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/pa [ more ] [ reply ] CVE-2015-5378 2015-11-06 Suyog Rao (suyog elastic co) Summary: Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent and Lo [ more ] [ reply ] CVE-2015-5619 2015-11-06 Suyog Rao (suyog elastic co) Summary: Logstash 1.5.3 and prior versions are vulnerable to a SSL/TLS security issue which allows an attacker to successfully implement a man in the middle attack. This vulnerability is not present in the initial installation of Logstash. This insecurity is exposed when users configure Lumberjack o [ more ] [ reply ] NXFilter v3.0.3 Persistent / Reflected XSS 2015-11-06 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NXFILTER-XSS.txt Vendor: ================================ www.nxfilter.org/p2/ Product: ================================ NXFilter v3.0.3 Vulnerability Type: ============ [ more ] [ reply ] NXFilter v3.0.3 CSRF 2015-11-06 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NXFILTER-CSRF.txt Vendor: ================================ www.nxfilter.org/p2/ Product: ================================ NXFilter v3.0.3 Vulnerability Type: =========== [ more ] [ reply ] Elasticsearch vulnerability CVE-2015-4165 2015-11-06 Kevin Kluge (kevin elastic co) Summary: Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to crea [ more ] [ reply ] Elasticsearch vulnerability CVE-2015-5377 2015-11-05 Kevin Kluge (kevin elastic co) Summary: Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253. Deployments are vulnerable even when Groovy dynamic scripting is disabled. We [ more ] [ reply ] SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products 2015-11-05 SEC Consult Vulnerability Lab (research sec-consult com) [security bulletin] HPSBGN03519 rev.1 - HP Project and Portfolio Management Center, Remote Disclosure of Information 2015-11-04 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04876402 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04876402 Version: 1 HPSBGN03519 r [ more ] [ reply ] Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability 2015-11-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability Advisory ID: cisco-sa-20151104-wsa Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Mobility Services Engine Privilege Escalation Vulnerability 2015-11-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Mobility Services Engine Privilege Escalation Vulnerability Advisory ID: cisco-sa-20151104-privmse Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary [ more ] [ reply ] Cisco Security Advisory: Cisco Mobility Services Engine Static Credential Vulnerability 2015-11-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Mobility Services Engine Static Credential Vulnerability Advisory ID: cisco-sa-20151104-mse-cred Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary == [ more ] [ reply ] Cisco Security Advisory: Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability 2015-11-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability Advisory ID: cisco-sa-20150612-esa Revision 2.0 For Public Release 2015 November 4 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary [ more ] [ reply ] Cisco Security Advisory: Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability 2015-11-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability Advisory ID: cisco-sa-20151104-esa2 Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +--------------------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Web Security Appliance Range Request Denial of Service Vulnerability 2015-11-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Web Security Appliance Range Request Denial of Service Vulnerability Advisory ID: cisco-sa-20151104-wsa2 Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +--------------------------------------------------------------------- Su [ more ] [ reply ] Cisco Security Advisory: Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability 2015-11-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability Advisory ID: cisco-sa-20151104-wsa1 Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +--------------------------------------------------------------------- Summ [ more ] [ reply ] Cisco Security Advisory: Cisco AsyncOS TCP Flood Denial of Service Vulnerability 2015-11-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco AsyncOS TCP Flood Denial of Service Vulnerability Advisory ID: cisco-sa-20151104-aos Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +----------------------------------------------------------------- [ more ] [ reply ] [KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability 2015-11-04 Egidio Romano (research karmainsecurity com) ----------------------------------------------------------------------- Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability ----------------------------------------------------------------------- [-] Software Link: https://piwik.org/ [-] Affected Versions: Version 2.14.3 an [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04797406
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04797406
Version: 2
HPSBGN03507 r
[ more ] [ reply ]