Security News

ESA-2016-127: EMC ViPR SRM Stored Cross-Site Scripting Vulnerability

Bug Traq - 27 September, 2016 - 12:52

Posted by EMC Product Security Response Center on Sep 27

EMC Identifier: ESA-2016-127
CVE Identifier: CVE-2016-6647
Severity Rating: CVSS v3 Base Score: 7.6 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)

Affected products:
EMC ViPR SRM versions prior to 4.0.1

Summary:
EMC ViPR SRM 4.0.1 contains a fix for a stored cross-site scripting vulnerability that could potentially be exploited
by malicious users to compromise the affected system.

Details:
EMC ViPR SRM is affected by a stored cross-site...

Bugtraq: [security bulletin] HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities

Security Focus Vulnerabilities - 27 September, 2016 - 12:50
[security bulletin] HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities

[SECURITY] [DSA 3679-1] jackrabbit security update

Bug Traq - 27 September, 2016 - 06:13

Posted by Florian Weimer on Sep 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3679-1 security () debian org
https://www.debian.org/security/ Florian Weimer
September 27, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jackrabbit
CVE ID : CVE-2016-6801
Debian Bug :...

Bugtraq: [SECURITY] [DSA 3678-1] python-django security update

Security Focus Vulnerabilities - 27 September, 2016 - 05:30
[SECURITY] [DSA 3678-1] python-django security update

[security bulletin] HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons FileUpload, Remote Denial of Service (DoS)

Bug Traq - 27 September, 2016 - 01:03

Posted by security-alert on Sep 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289840

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05289840
Version: 1

HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons
FileUpload, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...

[security bulletin] HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple Remote Vulnerabilities

Bug Traq - 27 September, 2016 - 00:54

Posted by security-alert on Sep 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289935

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05289935
Version: 1

HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple
Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-09-26
Last...

[security bulletin] HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities

Bug Traq - 27 September, 2016 - 00:46

Posted by security-alert on Sep 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289984

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05289984
Version: 1

HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2,
Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-09-26...

[SECURITY] [DSA 3678-1] python-django security update

Bug Traq - 27 September, 2016 - 00:37

Posted by Florian Weimer on Sep 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3678-1 security () debian org
https://www.debian.org/security/ Florian Weimer
September 26, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2016-7401

Sergey Bobrov...

[slackware-security] openssl (SSA:2016-270-01)

Bug Traq - 27 September, 2016 - 00:28

Posted by Slackware Security Team on Sep 26

[slackware-security] openssl (SSA:2016-270-01)

New openssl packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
Missing CRL sanity check (CVE-2016-7052)
For more information, see:...

Bugtraq: [security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS)

Security Focus Vulnerabilities - 27 September, 2016 - 00:10
[security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS)

Bugtraq: OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10)

Security Focus Vulnerabilities - 27 September, 2016 - 00:10
OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10)

Bugtraq: [slackware-security] php (SSA:2016-267-01)

Security Focus Vulnerabilities - 27 September, 2016 - 00:10
[slackware-security] php (SSA:2016-267-01)

Bugtraq: ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability

Security Focus Vulnerabilities - 27 September, 2016 - 00:10
ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability

Vuln: Mozilla Network Security Services Use After Free CVE-2016-1978 Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 26 September, 2016 - 23:00
Mozilla Network Security Services Use After Free CVE-2016-1978 Remote Code Execution Vulnerability

Vuln: NTP CVE-2015-8138 Denial of Service Vulnerability

Security Focus Vulnerabilities - 26 September, 2016 - 23:00
NTP CVE-2015-8138 Denial of Service Vulnerability

Vuln: Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass Vulnerability

Security Focus Vulnerabilities - 26 September, 2016 - 23:00
Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass Vulnerability

Vuln: Symantec Messaging Gateway CVE-2016-5312 Directory Traversal Vulnerability

Security Focus Vulnerabilities - 26 September, 2016 - 23:00
Symantec Messaging Gateway CVE-2016-5312 Directory Traversal Vulnerability

Vuln: Cisco IOS and Cisco IOS XE Software CVE-2016-1384 Unauthorized Access Vulnerability

Security Focus Vulnerabilities - 26 September, 2016 - 23:00
Cisco IOS and Cisco IOS XE Software CVE-2016-1384 Unauthorized Access Vulnerability

Vuln: libgd 'gd_webp.c' Integer Overflow Vulnerability

Security Focus Vulnerabilities - 26 September, 2016 - 23:00
libgd 'gd_webp.c' Integer Overflow Vulnerability

Vuln: LibTIFF CVE-2014-8127 Out of Bounds Read Multiple Remote Denial of Service Vulnerabilities

Security Focus Vulnerabilities - 26 September, 2016 - 23:00
LibTIFF CVE-2014-8127 Out of Bounds Read Multiple Remote Denial of Service Vulnerabilities
Syndicate content