Ubuntu 12.04 LTS : nss regression (USN-2903-2)

USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioning change in Ubuntu 12.04 LTS caused a regression when building software against NSS. This update fixes the problem. We apologize for the inconvenience. Hanno Bock discovered that NSS incorrectly handled certain division...

USN-2903-2: NSS regression

USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioning change in Ubuntu 12.04 LTS caused a regression when building software against NSS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Hanno Böck discovered that NSS incorrectly...

Ubuntu: Security Advisory (USN-2903-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : NSS vulnerability (USN-2903-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2903-1 advisory. Hanno Bck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. CVE-2016-1938 This update also refresh...

USN-2903-1 nss vulnerability

Hanno Böck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. CVE-2016-1938 This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA...

SUSE-SU-2016:0114-1 Security update for python-requests

The python-requests module has been updated to version 2.8.1, which brings several fixes and enhancements: - Fix handling of cookies on redirect. Previously a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and...

Atlassian HipChat for Jira Plugin Velocity Template Injection Exploit

Atlassian Hipchat is a web service for internal instant messaging. A plugin is available for Jira that allows team collaboration at real time. A message can be used to inject Java code into a Velocity template, and gain code execution as Jira. Authentication is required to exploit this...

[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability

------------------------------------------------------------------------------- Magento = 1.9.2 catalogProductCreate Autoloaded File Inclusion Vulnerability ------------------------------------------------------------------------------- - Software Link: http://magento.com/ - Affected Versions:...

Fedora Update for php-doctrine-doctrine-bundle FEDORA-2015-15206

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for php-doctrine-doctrine-bundle FEDORA-2015-15204

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : php-doctrine-doctrine-bundle-1.5.2-1.fc23 (2015-15205)

1.5.2 2015-08-31 Security: Fix Security Misconfiguration Vulnerability, allowing potential local arbitrary code execution CVE-2015-5723 http://www.doctrine-project.org/2015/08/31/securitymisconfi gurationvulnerabilityinvariousdoctrineprojects.html 1.5.1 2015-08-12 Bugfix: Fixed the JS expanding a...

Fedora 21 : php-doctrine-doctrine-bundle-1.5.2-1.fc21 (2015-15204)

1.5.2 2015-08-31 Security: Fix Security Misconfiguration Vulnerability, allowing potential local arbitrary code execution CVE-2015-5723 http://www.doctrine-project.org/2015/08/31/securitymisconfi gurationvulnerabilityinvariousdoctrineprojects.html 1.5.1 2015-08-12 Bugfix: Fixed the JS expanding a...

Fedora 22 : php-doctrine-doctrine-bundle-1.5.2-1.fc22 (2015-15206)

1.5.2 2015-08-31 Security: Fix Security Misconfiguration Vulnerability, allowing potential local arbitrary code execution CVE-2015-5723 http://www.doctrine-project.org/2015/08/31/securitymisconfi gurationvulnerabilityinvariousdoctrineprojects.html 1.5.1 2015-08-12 Bugfix: Fixed the JS expanding a...

[SECURITY] Fedora 21 Update: php-doctrine-doctrine-bundle-1.5.2-1.fc21

Doctrine DBAL & ORM Bundle for the Symfony Framework. Optional: Doctrine ORM 2.3 =3D php-doctrine-orm 3.0 Symfony Web Profile Bundle 2.3 =3D php-symfony-web-profiler-bundle 4. 0 Twig 1.10 =3D php-twig 2.0...

CVE-2015-5770

MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app...

Information disclosure

MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app...

CVE-2015-5770

MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app...

Ubuntu 14.04 LTS : NSS vulnerabilities (USN-2672-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2672-1 advisory. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a...

Ubuntu: Security Advisory (USN-2672-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2672-1 nss vulnerabilities

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property...