CVE-2015-4138

The CVE-2015-4138 entry concerns Blue Coat SSL Visibility Appliance WebUI: SV800, SV1800, SV2800, SV3800 on 3.6.x–3.8.x (pre-3.8.4). The root cause is failure to set the HTTPOnly cookie flag on the administrator cookie, enabling potential script access to the cookie and information disclosure. Th...

UBUNTU-CVE-2015-4036

Array index error in the tcmvhostmaketpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted VHOSTSCSISETENDPOINT ioctl call. NOTE: the affected function w...

SUSE SLED11 / SLES11 Security Update : libqt4 (SUSE-SU-2014:1121-1)

This update of the QT4 QSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. Note that Tenable Network Security has extracted the preceding description block directly from the...

Red Hat PCS Backend Program Set-Cookie Header Information Disclosure Vulnerability

Red Hat is an operating system based on the linux kernel. An information disclosure vulnerability exists in the Set-Cookie header of the PCSD backend program in Red Hat PCS, which allows remote attackers to exploit the vulnerability to gain access to sensitive information via a scripted access...

Updated ruby-rest-client packages fix security vulnerabilities

Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...

CVE-2015-3983

The pcs daemon pcsd in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to differen...

Design/Logic Flaw

The pcs daemon pcsd in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to differen...

CVE-2015-3983

The pcs daemon pcsd in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to differen...

CVE-2015-3983

The PCS vulnerability CVE-2015-3983 is in the PCS daemon (pcsd) where the Set-Cookie header did not include the HttpOnly flag in PCS 0.9.137 and earlier, enabling potential information disclosure via script access to the cookie. The issue is remote and was split from CVE-2015-1848; advisories and...

CVE-2015-3983

The pcs daemon pcsd in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to differen...

Wireshark DEC DNA Routing Protocol Handles Remote Denial of Service Vulnerability

Wireshark is an open source network protocol analysis tool. The setdnetaddress function in the Wireshark DEC DNA routing protocol 'packet-dec-dnart.c' handles data with a pointer error, which allows remote attackers to exploit vulnerabilities to construct malicious messages and trick users into...

Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI

A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a...

UBUNTU-CVE-2015-3451

The clone function in XML::LibXML before 2.0119 does not properly set the expandentities option, which allows remote attackers to conduct XML external entity XXE attacks via crafted XML data to the 1 new or 2 loadxml function...

Hotspot Express hotEx Billing Manager <= 73 Multiple Vulnerabilities - Active Check

Hotspot Express hotEx Billing Manager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress < 4.1.2 version there is XSS vulnerability, an attacker can exploit to obtain site permissions-bug warning-the black bar safety net

tldr; mysql → special characters → truncation → input validation → output sanitisation → xss → time to update WordPress. Mysql truncate Mysql utf8 character set only support up to 3-byte characters, if you insert a 4-byte characters, the default configuration of mysql will truncate the character...

CVE-2015-3380

Multiple cross-site request forgery CSRF vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable a module via unspecified vectors...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable a module via unspecified vectors...

[SECURITY] Fedora 22 Update: arj-3.10.22-22.fc22

This package is an open source version of the arj archiver. It has been created with the intent to preserve maximum compatibility and retain the feature set of original ARJ archiver as provided by ARJ Software, Inc...

CVE-2015-3380

Multiple cross-site request forgery CSRF vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable a module via unspecified vectors...

CVE-2015-3380

CVE-2015-3380 concerns the Drupal Feature Set contributed module. A CSRF flaw allows remote attackers to cause an administrator to enable or disable modules via crafted requests, compromising admin actions. Affected: Feature Set module for Drupal (all versions prior to fixed release). Root cause:...