CVE-2015-7907

CVE-2015-7907 affects Honeywell Midas and Midas Black gas detectors. The web server authentication can be bypassed via a directory traversal vulnerability, allowing remote actors to write to a configuration file or trigger calibration/test. Affected versions: Midas before 1.13b3 and Midas Black b...

CVE-2015-7907

Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors...

CentOS 7 : grub2 (CESA-2015:2401)

Updated grub2 packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

unbound security update

CentOS Errata and Security Advisory CESA-2015:2455 Updated unbound packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base...

Ubuntu 14.04 LTS : IcedTea Web vulnerabilities (USN-2817-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2817-1 advisory. It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the...

CVE-2015-5281

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux RHEL 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted 1 multiboot or 2 multiboot2 module in the configuration file or physically proximate attacke...

CVE-2015-5281

CVE-2015-5281 affects GRUB2 on EFI systems (notably grub2 in RHEL7) where modules deemed unsuitable for Secure Boot could be loaded, allowing a local attacker to bypass Secure Boot and execute non-verified code via crafted multiboot/multiboot2 modules or boot menu entries. The issue arises from l...

RHEL 7 : Red Hat Ceph Storage 1.3.1 (RHSA-2015:2066)

Red Hat Ceph Storage 1.3.1 that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

用友某系统通用漏洞涉及多家银行、证券、能源行业、企业

简要描述： 用友某系统通用漏洞可以读取配置文件 详细说明： 用友某系统通用漏洞涉及多家银行、证券、能源行业、企业 测试了部分网站，还有大量的网站存在此漏洞 http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?rpc=true http://nc.hbny.com.cn:9090/hrss/dorado/smartweb2.RPC.d?rpc=true http://59.173.0.46:8070/hrss/dorado/smartweb2.RPC.d?rpc=true...

RedHat Update for unbound RHSA-2015:2455-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: Red Hat Security Advisory: unbound security and bug fix update

Updated unbound packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

OpenBSD net-snmp Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: OpenBSD package 'net-snmp' information disclosure Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-8100-openbsd-net-snmp.txt Blog URL:...

Design/Logic Flaw

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file...

CVE-2015-4940

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file...

[SECURITY] Fedora 22 Update: sudo-1.8.15-1.fc22

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

[SECURITY] Fedora 23 Update: sudo-1.8.15-1.fc23

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Failed to Create New Virtual Machine Using XenDesktop Setup Wizard

Failed to create new virtual machine using XenDesktop setup wizard. The following error message is displayed: "Unable to access the virtual machine configuration: Unable to access file FILEPATH/FILENAME.vmtx"...

NTP Directory Traversal Vulnerability

NTP Network Time Protocol is a network protocol that synchronizes the clocks of two computers by exchanging packets. A security vulnerability exists in NTP versions prior to 4.2.8p4 and 4.3.x prior to 4.3.77. A remote attacker can exploit this vulnerability by sending NTP packets to overwrite the...

CVE-2015-4548

EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file...

CVE-2015-4547

EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file...