Clair - Vulnerability Static Analysis for Containers

Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. Vulnerability data is continuously imported from a known set of sources and correlated with the indexed contents of container images in order to produce lists of vulnerabilities that threaten...

Red Hat CloudForms Management Engine Information Disclosure Vulnerability

Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud service solutions from Red Hat, Inc. A security vulnerability exists in Red Hat CFME versions 5.4.4 CloudForms version 3.2 and 5.5.0 CloudForms version 4.0, which stems from the program...

Tryton-server Access Privilege Vulnerability

tryton is a general-purpose application framework, GPL-3 licensed, written in Python, with PostgreSQL as the database engine. A security vulnerability exists on the server side of Tryton, which can be exploited by an authenticated attacker to write arbitrary values to record fields...

Moderate: Red Hat Security Advisory: postgresql92-postgresql security update

Updated postgresql92-postgresql packages that fix two security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

Synology Video Station command injection and multiple SQL injection vulnerabilities

------------------------------------------------------------------------ Synology Video Station command injection and multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Han Sahin, September 2015...

Synology Video Station 1.5-0757 - Multiple Vulnerabilities

------------------------------------------------------------------------ Synology Video Station command injection and multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Han Sahin, September 2015...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the www-pgsql package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Quassel Denial of Service Vulnerability

Quassel aka Quassel IRC is a cross-platform distributed IRC chat client developed by the Quassel IRC team , which is developed using the QT application framework , PostgreSQL database to store data . A denial of service vulnerability exists in the message splitting feature of Quassel versions pri...

Wireless Toolsuite: WRAITH

Wireless reconnaissance, collection and exploitation toolsuite Attack vectors, rogue devices, interfering networks are best visualized and identified over time. Current tools i.e. Kismet, Aircrack-ng and Wireshark are excellent tools but none are completely suitable for collecting and analyzing t...

Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2501-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2501-1 advisory. Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a...

Gitrob - Reconnaissance tool for GitHub organizations

Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files, that typically contain sensitive or dangerous...

Low: Red Hat Security Advisory: rhevm-log-collector security update

An updated rhevm-log-collector package that fixes one security issue is now available for Red Hat Enterprise Virtualization 3. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresqladapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. It was...

CVE-2013-1941

The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack...

CVE-2013-1941

The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack...

Fedora Update for mantis FEDORA-2013-5801

Check for the Version of mantis OpenVAS Vulnerability Test Fedora Update for mantis FEDORA-2013-5801 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

SEC Consult 20130404-0 :: Multiple Vulnerabilities in Censornet Professional v4 (2.1.7)

SEC Consult Vulnerability Lab Security Advisory 20130404-0 ======================================================================= title: Multiple Vulnerabilities product: Censornet Professional v4 2.1.7 vulnerable version: 2.1.7 fixed version: impact: high homepage: http://www.censornet.com/...

Fedora Update for roundcubemail FEDORA-2013-2177

Check for the Version of roundcubemail OpenVAS Vulnerability Test Fedora Update for roundcubemail FEDORA-2013-2177 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

[SECURITY] Fedora 17 Update: roundcubemail-0.7.3-1.fc17

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64

PostgreSQL is an advanced object-relational database management system DBMS. A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...