Cisco IOS XE Autonomic Networking Infrastructure Multiple Vulnerabilities (cisco-sa-20150325-ani)

According to its self-reported version, the version of Cisco IOS running on the remote host is affected by the following vulnerabilities : - A flaw exists in the ANI due to failing to properly validate Autonomic Networking AN messages. This could allow a remote attacker to spoof an Autonomic...

CVE-2015-2767

Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled."...

Design/Logic Flaw

Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled."...

CVE-2015-2767

CVE-2015-2767 is an unspecified vulnerability affecting Websense TRITON AP-EMAIL, specifically in versions earlier than 8.0.0, linked to the Autocomplete feature. Public CNVD/NVD records describe an information exposure risk without explicit impact details; one CNVD entry notes that attackers cou...

CVE-2015-2767

Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled."...

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

Microsoft Reports Massive Increase in Macros Enabled Threats

The Microsoft Malware Protection Center says there has been a dramatic increase in threats using macros to spread malware via spam and social engineering over the last month. Macros are used for automating frequently used tasks in Office. Macro-related infections were constant and near zero daily...

Microsoft Windows SSL Library Private Communications Transport Buffer Overflow - Ver2 (CVE-2003-0719)

A buffer overflow vulnerability has been reported in Microsoft Windows SSL Library. The vulnerability is due to the processing of certain messages. A remote attacker can exploit this issue by executing arbitrary code in the context of a local system user when SSL is enabled...

DEBIAN-CVE-2014-8134

The paravirtopssetup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirtenabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value...

httpd: NULL pointer dereference in mod_cache if Content-Type has empty value

A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled...

USN-2428-1 thunderbird vulnerabilities

Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service...

RHEL 6 : Storage Server (RHSA-2014:0377) (Heartbleed)

Updated openssl packages that fix one security issue are now available for Red Hat Storage 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Ubuntu systemd-shim DoS

Debugging is enabled by default...

DEBIAN-CVE-2014-4877

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the...

UBUNTU-CVE-2014-4877

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the...

SSLv3 Is Not Disabled When sslProtocol is Set to TLS, Vulnerable to POODLE

The default connector as written in /conf/server.xml uses sslProtocol="TLS". This should only enable TLS connectors, but it also enables SSLv3. Our documentation and the included server.xml need to be updated to reflect the correct settings to enable only TLS. h3. Reproduction steps: Follow the...

openstack-keystone: denial of service via V3 API authentication chaining

A flaw was found in the keystone V3 API. An attacker could send a single request with the same authentication method multiple times, possibly leading to a denial of service due to generating excessive load with minimal requests. Only keystone setups with the V3 API enabled were affected by this...

CentOS 6 / 7 : openssl (CESA-2014:1652)

Updated OpenSSL packages that contain a backported patch to mitigate the CVE-2014-3566 issue known as SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability POODLE, and fixed two security issues that are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has...

[SECURITY] Fedora 20 Update: kscd-4.14.1-1.fc20

KsCD is a small, fast, CDDB enabled audio CD player...

USN-2330-1 thunderbird vulnerabilities

Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to...