(RHSA-2015:0707) Moderate: qpid security and bug fix update
Red Hat Enterprise MRG is a next-generation IT infrastructure incorporating Messaging, Real Time, and Grid functionality. It offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for....
7.5CVSS
7AI Score
0.949EPSS
(RHSA-2015:0137) Important: Red Hat JBoss Fuse/A-MQ 6.1.0 security and bug fix update
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This....
9.8CVSS
8.9AI Score
0.722EPSS
(RHSA-2015:0138) Important: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 security update
Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 Patch 8 on Rollup...
9.8CVSS
8.7AI Score
0.009EPSS
GNU glibc gethostbyname Function Buffer Overflow Vulnerability
On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affects applications that call these functions. This vulnerability may allow an attacker to obtain...
8.2AI Score
0.975EPSS
Apple Mac OSX networkd - effective_audit_token XPC Type Confusion Sandbox Escape
Apple Mac OSX networkd - effective_audit_token XPC Type Confusion Sandbox...
0.5AI Score
OS X networkd (effective_audit_token) XPC Type Confusion Sandbox Escape Exploit
Exploit for macOS platform in category local...
6.8AI Score
Apple Mac OSX networkd - 'effective_audit_token' XPC Type Confusion Sandbox Escape
...
7.4AI Score
EPSS
-0.1AI Score
Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash...
AI Score
7.4AI Score
OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey - Crash PoC
Exploit for macOS platform in category dos /...
7AI Score
Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName Crash...
0.1AI Score
Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey Crash...
AI Score
OS X 10.10 Bluetooth BluetoothHCIChangeLocalName - Crash PoC
Exploit for macOS platform in category dos /...
7AI Score
OS X 10.10 Bluetooth DispatchHCICreateConnection - Crash PoC
Exploit for macOS platform in category dos /...
7AI Score
Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection Crash...
-0.1AI Score
7.4AI Score
OS X 10.10 Bluetooth TransferACLPacketToHW - Crash PoC
Exploit for macOS platform in category dos /...
7AI Score
7.4AI Score
7.4AI Score
Sabotage The System: Encryption as Surveillance State Monkey Wrench
Sabotage The System Since Snowden’s 2013 disclosures confirmed long-standing assumptions that the NSA and other Western spy agencies have secretly constructed a massive global surveillance infrastructure – at a cost of well in excess of $50 billion – much focus has been brought to bear on...
AI Score
OS X 10.9.x - sysmond XPC Privilege Escalation Vulnerability
Exploit for macOS platform in category local...
6.8AI Score
7.4AI Score
EPSS
Apple Mac OSX 10.9.x - sysmond XPC Privilege Escalation
Apple Mac OSX 10.9.x - sysmond XPC Privilege...
0.5AI Score
SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. Several PGP/Core plugin improvements A new version of the RSSyl plugin, completely redesigned and rewritten. The...
3.4CVSS
6AI Score
0.975EPSS
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1645-1)
This openjdk update fixes the following security and non security issues : Upgrade to 2.4.8 (bnc#887530) Changed back from gzipped tarball to xz Changed the keyring file to add Andrew John Hughes that signed the icedtea package Change ZERO to AARCH64 tarball Removed patches : ...
0.1AI Score
0.917EPSS
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)
This openjdk update fixes the following security and non security issues : Upgrade to 2.4.8 (bnc#887530) Changed back from gzipped tarball to xz Changed the keyring file to add Andrew John Hughes that signed the icedtea package Change ZERO to AARCH64 tarball Removed patches : ...
0.1AI Score
0.917EPSS
OracleVM 3.2 : xen (OVMSA-2013-0042)
The remote OracleVM system is missing necessary patches to address critical security updates : Other than the HVM emulation path, the PV case so far failed to check that YMM state requires SSE state to be enabled, allowing for a #GP to occur upon passing the inputs to XSETBV inside...
-0.6AI Score
0.001EPSS
OracleVM 3.1 : xen (OVMSA-2013-0043)
The remote OracleVM system is missing necessary patches to address critical security updates : x86/xsave: properly check guest input to XSETBV Other than the HVM emulation path, the PV case so far failed to check that YMM state requires SSE state to be enabled, allowing for a #GP to...
-0.6AI Score
0.001EPSS
pwn4fun Spring 2014 - Safari - Part II
Posted by Ian Beer TL;DR An OS X GPU driver trusted a user-supplied kernel C++ object pointer and called a virtual function. The IOKit registry contained kernel pointers which were used defeat kASLR. A kernel ROP payload ran Calculator.app as root using a convenient kernel API. Overview of part...
-0.3AI Score
0.013EPSS
7.1AI Score
SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. Several PGP/Core plugin improvements A new version of the RSSyl plugin, completely redesigned and rewritten. The...
3.4CVSS
6AI Score
0.975EPSS
SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. Several PGP/Core plugin improvements A new version of the RSSyl plugin, completely redesigned and rewritten. The...
3.4CVSS
6AI Score
0.975EPSS
openSUSE Security Update : claws-mail (openSUSE-SU-2014:1384-1) (POODLE)
Claws Mail was updated to version 3.11.0. Changes : SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability (CVE-2014-3566). Several PGP/Core plugin improvements : Indicate when a key has been revoked or has expired when displaying signature...
3.4CVSS
5.8AI Score
0.975EPSS
Mac OS X Mavericks IOBluetoothHCIUserClient Privilege Escalation Exploit
Exploit for iOS platform in category dos /...
6.9AI Score
7.4AI Score
Apple Mac OSX (Mavericks) - IOBluetoothHCIUserClient Privilege Escalation
Apple Mac OSX (Mavericks) - IOBluetoothHCIUserClient Privilege...
0.9AI Score
GNU Bash Environment Variable Command Injection Vulnerability
On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is...
9.8CVSS
8.8AI Score
0.976EPSS
GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
Description GNU Bash is prone to remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Advantech EKI-1320 1.98 ...
1.5AI Score
0.976EPSS
ed2k-link-selector <= 1.1.7 - XSS in ZeroClipboard
The ed2k-link-selector WordPress plugin was affected by a XSS in ZeroClipboard security...
1.8AI Score
0.003EPSS
Leahy Introduces Bill to End Bulk Call Record Collection
Sen. Patrick Leahy has introduced an updated, tougher version of the USA FREEDOM Act that would end the bulk collection of data under Section 215 of FISA and also would require the appointment of a panel of special legal advocates who would represent the interests of individual privacy and civil...
-0.1AI Score
Inxi - A newer, better system information script for irc, administration, and system troubleshooters
A newer, better system information script for irc, administration, and system troubleshooters. Inxi Options Inxi has a wide range of options and custom triggers, along with useful defaults like -b or -F. Plain inxi, no options, prints a single line of basic system information. Here is a...
6.9AI Score
Gesytec ElonFmt ActiveX 1.1.14 (ElonFmt.ocx) pid Item Buffer Overflow (SEH)
No description provided by...
7.1AI Score
OpenBSD 2.x/3.x Local Malformed Binary Execution Denial of Service Vulnerability
No description provided by...
7.1AI Score
7.1AI Score
7.1AI Score
Linux Kernel 2.4.x/2.6.x Bluetooth Signed Buffer Index Vulnerability (4)
No description provided by...
7.1AI Score
7.1AI Score
WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
No description provided by...
7.1AI Score
Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability
No description provided by...
7.1AI Score