iBackDoor: High-Risk Code Hits iOS Apps

Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display...

CVE-2015-4299

Cisco Unified Web and E-Mail Interaction Manager 9.02 improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046...

CVE-2015-4299

Cisco Unified Web and E-Mail Interaction Manager 9.02 improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046...

Cisco Unified Web Interaction Manager Web Interface Denial of Service Vulnerability

Cisco Unified Web Interaction Manager is a WEB interaction manager. An input validation vulnerability in Cisco Unified Web Interaction Manager allows remote attackers to conduct denial of service attacks by deleting the default system folder in the message queue via the WEB interface...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2015:1623 Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...

Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...

IBM MQ Light Denial of Service Vulnerability (CNVD-2015-05122)

IBM MQ Light is a messaging service from IBM USA based on IBM Bluemix, a PaaS platform for creating, deploying and managing applications on the cloud. A security vulnerability exists in IBM MQ Light versions 1.0 and 1.0.0.1 due to the program failing to properly handle authentication credentials....

UBUNTU-CVE-2014-9721

libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header...

CVE-2015-0189

The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service memory overwrite and daemon outage by triggering multiple transmit-queue records...

CVE-2015-0189

The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service memory overwrite and daemon outage by triggering multiple transmit-queue records...

Unbreakable Enterprise kernel security and bugfix update

2.6.39-400.250.2 - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077389 CVE-2015-3331 2.6.39-400.250.1 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807440 CVE-2015-2150 - xen-blkfront: fix accounting of reqs when...

Design/Logic Flaw

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service interface queue wedge via crafted ICMPv4 packets, aka Bug ID CSCsi02145...

Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication

Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service DoS condition, interface queue...

CVE-2014-9711

Multiple cross-site scripting XSS vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary w...

CVE-2015-2075

SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396...

CVE-2015-2075

SAP BusinessObjects Edge 4.0 is vulnerable to an unauthenticated remote attack that can delete audit events from the auditee queue via the clearData CORBA operation. The root cause is improper authorization (CWE-285) in the CORBA interface, allowing an attacker to instruct the remote auditee to c...

CVE-2015-2075

SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396...

CVE-2015-2088

Cross-site scripting XSS vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2015-2088

Cross-site scripting XSS vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors...