FreeBSD : Openfire administration console authentication bypass (9bcff2c4-1779-11ef-b489-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9bcff2c4-1779-11ef-b489-b42e991fc52e advisory. - Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative...

Security Bulletin: Security vulnerabilities affecting IBM InfoSphere Optim Performance Manager (CVE-2015-1916, CVE-2015-0488)

Summary This advisory covers all the issues disclosed by Oracle in their April 2015 Critical Patch Update CPU, plus additional CVEs which are specific to the IBM JRE/SDK. Vulnerability Details CVE-2015-1916 Description: Server applications which use the IBM Java Secure Socket Extension provider t...

Mitsubishi MELSEC FX3G PLCs < April 2015 Denial of Service

Binary data 720064.prm...

Oracle Java SE 5 < Update 85 / 6 < Update 95 / 7 < Update 79 / 8 < Update 45 Multiple Vulnerabilities (April 2015 CPU) (FREAK)

Binary data 700650.prm...

Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Systems Director Editions

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that affects Tivoli Common Reporting, Tivoli Provisioning Manager for OS deployment and IBM Systems Director which are shipped as part of IBM Systems Director Editions. These issues were disclosed as part of the IBM Jav...

Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.5.0 and 1.7.0 affect IBM Flex System Manager (FSM)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.5.0 and 1.7.0 that is used by IBM Flex System Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An...

Security Bulletin: April 2015 Java Platform Standard Edition Vulnerabilities in Multiple N series Products

Summary Multiple N series products incorporate the Oracle Java Platform, Standard Edition Java SE software libraries. Java SE JDK and JRE versions below 8u45, 7u79 and 6u95 and OpenJDK versions below 1.7.0.79 are susceptible to multiple vulnerabilities, potentially leading to an unauthorized...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server included in Tivoli Network Manager IP Edition April 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server included in Tivoli Network Manager IP Edition. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVE IDs:...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime (April 2015)

Summary Addresses multiple vulnerabilities disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 6 that is used by Tivoli Composite Application Manager for SOA. These issues...

Security Bulletin: Security vulnerabilities have been identified in Oracle MySQL shipped with IBM Tivoli Network Manager IP Edition (Oracle Advisory - April 2015)

Summary Oracle MySQL is shipped as a component of IBM Tivoli Network Manager IP Edition. Information regarding security vulnerabilities affecting Oracle MySQL has been published. http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html Vulnerability Details Tivoli Network Manager...

Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle April 2015 Critical Patch Update, plus four additional CVEs Vulnerability Details CVE IDs: CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0486 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 CVE-2015-0192...

CVE-2017-1000253

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14, 2015. This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 backported to Linux 3.10.7...

CVE-2017-1000253

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14, 2015. This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 backported to Linux 3.10.7...

Vulnerability in OpenSSL - Memory corruption in the ASN.1 encoder

This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time. In previous versions of OpenSSL, ASN.1 encoding the...

mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL...

RHEL 5 : mysql55-mysql (RHSA-2015:1628)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1628 advisory. - mysql: unspecified vulnerability related to Server:InnoDB:DML CPU Jan 2015 CVE-2014-6568 - mysql: unspecified vulnerability related to...

Oracle WebCenter Sites Multiple Vulnerabilities (April 2015 CPU)

The Oracle WebCenter Sites installed on the remote host is missing patches from the April 2015 CPU. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker,...

aydinpost.com XSS vulnerability

Open Bug Bounty ID: OBB-60122 Description| Value ---|--- Affected Website:| aydinpost.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

Privilege escalation

Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."...

Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 (Apr 2015) - Windows

Oracle Java SE JRE is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...