XpoLog version 6 suffers from a cross site request forgery vulnerability.
c481c46cc63aa10becaba25e85ac5f5dcd5948376fb9dc30cdecde459fdbad9dHP Security Bulletin HPSBGN03627 1 - A potential security vulnerability has been identified with HPE Service Manager. This is the RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
7c6ebe827eae0bacd2a4c46ef0accd6ec66d2c234787734246d6671b00c65198Debian Linux Security Advisory 3612-1 - Shmuel H discovered that GIMP, the GNU Image Manipulation Program, is prone to a use-after-free vulnerability in the channel and layer properties parsing process when loading a XCF file. An attacker can take advantage of this flaw to potentially execute arbitrary code with the privileges of the user running GIMP if a specially crafted XCF file is processed.
091347c6cc4180d8e8112e957c4dd08a82d007da8daacb8b67fbe108025814e8XpoLog version 6 suffers from cross site scripting, open redirection, and cross site request forgery vulnerabilitie.
2ab464bfc0f5a39be1056dbad1fb0a9fec338572e2cfc1ea1b4a2426dadeeb5eUsually processes writing to temporary directories do not need to perform readdir() because they control the filenames they create, so setting /tmp/ , /var/tmp/ , etc. to be mode 1733 is a not uncommon UNIX hardening practice. Affected versions of SQLite reject potential tempdir locations if they are not readable, falling back to '.'. Thus, SQLite will favor e.g. using cwd for tempfiles on such a system, even if cwd is an unsafe location. Notably, SQLite also checks the permissions of '.', but ignores the results of that check. All versions of SQLite prior to 3.13.0 are affected.
762be39effea94233c24738dcf6d499f38f825f4b7984d06ada2c300f0ae4c55TP-LINK forgot to buy the domain www.tplinklogin.net which is meant to be used to configure their hardware.
37b7d0f6a0e3adef02f0a3653dcd934598a0fbbbeda891f93cb3629d5e221cfeHP Security Bulletin HPSBGN03626 1 - A vulnerability in TLS using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" was addressed by HPE Service Manager. The vulnerability could be remotely exploited to allow disclosure of information. Revision 1 of this advisory.
273336983ab7c89049298197cce72162f447dfe45d581519c19e477dfd6764e3Putty version Beta 0.67 suffers from a DLL hijacking vulnerability.
d37787462e07856730caa0a55900c211e74f847320655af0ae9140840680050fThe executable installers for Microsoft Visual Studio 2015 Community Edition suffer from a dll hijacking vulnerability.
6c33844386682e97898f08238081d1ee36b2e189b4bae3c94a154c3d92aa148aThe Linux 4.5 kernel suffers from a double-fetch vulnerability.
0fa18c9a6344bc9a0269909726c6c873d1f6b33cf5bb9ba86066463d0e9f78aeCA Technologies Support is alerting customers to multiple potential risks with CA Release Automation. Three vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information or cause a denial of service condition. CA has fixes available. The first vulnerability occurs due to the inclusion of a vulnerable 3rd party component, Open Flash Chart. A remote attacker can conduct cross-site scripting attacks The second vulnerability occurs due to insufficient verification of requests to the web server, which can lead to limited XML external entity attacks. An authenticated attacker in the local network can potentially gain sensitive information or cause a denial of service condition. The third vulnerability occurs due to insufficient verification of requests to the web interface, which leads to multiple reflected cross-site scripting vulnerabilities and one stored cross-site scripting vulnerability.
2ef5f54923997660f51cadb44ff051e243c99d18929f23a00717e9198858f0d9The Linux 4.5 kernel suffers from a double-fetch vulnerability.
13b21223af0684b30336626164fe007fe88951d4f102ce39dcc89f002c2eb02a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed