Security News

Vuln: libxml2 CVE-2015-8710 Out-of-bounds Memory Access Vulnerability

Security Focus Vulnerabilities - 31 December, 2016 - 00:00
libxml2 CVE-2015-8710 Out-of-bounds Memory Access Vulnerability

Vuln: JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability

Security Focus Vulnerabilities - 24 December, 2016 - 00:00
JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability

Vuln: Autodesk Design Review CVE-2015-8571 Remote Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 8 December, 2016 - 00:00
Autodesk Design Review CVE-2015-8571 Remote Buffer Overflow Vulnerability

Bugtraq: [CVE-2016-4432] Apache Qpid Java Broker - authentication bypass

Security Focus Vulnerabilities - 38 min 28 sec ago
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass

Bugtraq: [CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability

Security Focus Vulnerabilities - 38 min 28 sec ago
[CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability

Bugtraq: [SECURITY] [DSA 3587-1] libgd2 security update

Security Focus Vulnerabilities - 38 min 28 sec ago
[SECURITY] [DSA 3587-1] libgd2 security update

Bugtraq: [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability

Security Focus Vulnerabilities - 38 min 28 sec ago
[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability

More rss feeds from SecurityFocus

Security Focus Vulnerabilities - 38 min 28 sec ago
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass

Bug Traq - 27 May, 2016 - 10:57

Posted by Keith W on May 27

[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Qpid Java Broker versions 6.0.2 and earlier

Description:

The code responsible for handling incoming AMQP 0-8, 0-9, 0-91, and
0-10 connections contains a flaw that allows authentication to be
bypassed. An remote attacker can exploit this vulnerability to
perform actions, without the need to specify...

Bugtraq: ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability

Security Focus Vulnerabilities - 27 May, 2016 - 10:55
ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability

Bugtraq: [CVE-2016-4434] Apache Tika XML External Entity vulnerability

Security Focus Vulnerabilities - 27 May, 2016 - 10:55
[CVE-2016-4434] Apache Tika XML External Entity vulnerability

Bugtraq: [security bulletin] HPSBGN03610 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Arbitrary Code Execution

Security Focus Vulnerabilities - 27 May, 2016 - 10:55
[security bulletin] HPSBGN03610 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Arbitrary Code Execution

[CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability

Bug Traq - 27 May, 2016 - 10:48

Posted by Lorenz Quack on May 27

CVE-2016-3094: Apache Qpid Java Broker denial of service vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Qpid Java Broker versions 6.0.0, 6.0.1, and 6.0.2

Description: A malformed authentication attempt may cause the broker to
terminate. The Qpid Java Broker supports a number of configurable
authentication providers each supporting various SASL mechanisms. Some
mechanisms need (or can be configured...

[SECURITY] [DSA 3587-1] libgd2 security update

Bug Traq - 27 May, 2016 - 10:37

Posted by Salvatore Bonaccorso on May 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3587-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 27, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libgd2
CVE ID : CVE-2013-7456 CVE-2015-8874...

[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability

Bug Traq - 27 May, 2016 - 01:52

Posted by Andreas Lehmkuehler on May 26

CVE-2016-2175: Apache PDFBox XML External Entity vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox 1.8.0 to 1.8.11
Apache PDFBox 2.0.0
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
Apache PDFBox parses different XML data within PDF files such as XMP and the
initialization of the XML parsers did not protect against XML External Entity
(XXE)...

Bugtraq: [security bulletin] HPSBMU03611 rev.1 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities

Security Focus Vulnerabilities - 27 May, 2016 - 01:40
[security bulletin] HPSBMU03611 rev.1 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities

Bugtraq: [security bulletin] HPSBMU03600 rev.1 - HPE Insight Control server provisioning using OpenSSL, Remote Denial of Service (DoS)

Security Focus Vulnerabilities - 26 May, 2016 - 13:45
[security bulletin] HPSBMU03600 rev.1 - HPE Insight Control server provisioning using OpenSSL, Remote Denial of Service (DoS)

Bugtraq: [security bulletin] HPSBUX03606 rev.1 - HPE HP-UX running Apache Tomcat 7, Multiple Remote Vulnerabilities

Security Focus Vulnerabilities - 26 May, 2016 - 13:45
[security bulletin] HPSBUX03606 rev.1 - HPE HP-UX running Apache Tomcat 7, Multiple Remote Vulnerabilities

[CVE-2016-4434] Apache Tika XML External Entity vulnerability

Bug Traq - 26 May, 2016 - 13:30

Posted by Tim Allison on May 26

CVE-2016-4434: Apache Tika XML External Entity vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Tika 0.10 to 1.12

Description:
Apache Tika parses XML within numerous file formats. In some instances[1], the initialization ofthe XML parser or the
choice of handlers did not protect against XML External Entity (XXE)
vulnerabilities. According to www.owasp.org [2]: "This attack may lead...

ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability

Bug Traq - 26 May, 2016 - 13:17

Posted by Security Alert on May 26

ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability

EMC Identifier: ESA-2016-061

CVE Identifier: CVE-2016-0907

Severity Rating: CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected products:
EMC IsilonSD Edge OneFS 8.0.x
EMC Isilon OneFS 8.0.x
EMC Isilon OneFS 7.2.1.x
EMC Isilon OneFS 7.2.0.x
EMC Isilon OneFS 7.1.1.x
EMC Isilon OneFS 7.1.0.x

Summary:
EMC Isilon OneFS and EMC IsilonSD Edge include an...
Syndicate content