kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2015:1623 Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...

Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...

IBM MQ Light Denial of Service Vulnerability (CNVD-2015-05122)

IBM MQ Light is a messaging service from IBM USA based on IBM Bluemix, a PaaS platform for creating, deploying and managing applications on the cloud. A security vulnerability exists in IBM MQ Light versions 1.0 and 1.0.0.1 due to the program failing to properly handle authentication credentials....

UBUNTU-CVE-2014-9721

libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header...

CVE-2015-0189

The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service memory overwrite and daemon outage by triggering multiple transmit-queue records...

CVE-2015-0189

The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service memory overwrite and daemon outage by triggering multiple transmit-queue records...

Unbreakable Enterprise kernel security and bugfix update

2.6.39-400.250.2 - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077389 CVE-2015-3331 2.6.39-400.250.1 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807440 CVE-2015-2150 - xen-blkfront: fix accounting of reqs when...

Design/Logic Flaw

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service interface queue wedge via crafted ICMPv4 packets, aka Bug ID CSCsi02145...

Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication

Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service DoS condition, interface queue...

CVE-2014-9711

Multiple cross-site scripting XSS vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary w...

CVE-2015-2075

SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396...

CVE-2015-2075

SAP BusinessObjects Edge 4.0 is vulnerable to an unauthenticated remote attack that can delete audit events from the auditee queue via the clearData CORBA operation. The root cause is improper authorization (CWE-285) in the CORBA interface, allowing an attacker to instruct the remote auditee to c...

CVE-2015-2075

SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396...

CVE-2015-2088

Cross-site scripting XSS vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2015-2088

Cross-site scripting XSS vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2015-2088

CVE-2015-2088 describes a cross-site scripting (XSS) vulnerability in the contributed Drupal module Term Queue (not Drupal core), affecting version 6.x-1.0 and related 6.x releases. The root cause is insufficient sanitization of user-supplied text in some administration pages, enabling remote att...

CVE-2015-2088

Cross-site scripting XSS vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

Drupal Term Queue Module Cross-Site Scripting Vulnerability

Drupal is an open source content management platform. A cross-site scripting vulnerability exists in the Drupal Term Queue module, which allows remote attackers to exploit this vulnerability to construct malicious URIs and trick users into parsing them, which can be used to obtain sensitive...

IBM WebSphere MQ Resource Management Denial of Service Vulnerability

IBM WebSphere MQ is used to provide messaging services in the enterprise. A security vulnerability exists in IBM WebSphere MQ, which can be exploited by remote attackers to cause a denial of service with the 'PCF query' privilege with the help of a specially crafted query...