Resolved Bugs
1205637 – CVE-2015-1806 CVE-2015-1807 CVE-2015-1813 CVE-2015-1812 CVE-2015-1811 CVE-2015-1810 CVE-2015-1808 CVE-2015-1809 CVE-2015-1814 jenkins: various flaws [fedora-all]
1205615 – CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)
1205616 – CVE-2015-1814 jenkins: forced API token change (SECURITY-180)
1205620 – CVE-2015-1806 jenkins: Combination filter Groovy script unsecured (SECURITY-125)
1205622 – CVE-2015-1807 jenkins: directory traversal from artifacts via symlink (SECURITY-162)
1205623 – CVE-2015-1808 jenkins: update center metadata retrieval DoS attack (SECURITY-163)
1205625 – CVE-2015-1809 jenkins: external entity injection via XPath (SECURITY-165)
1205627 – CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)
1205632 – CVE-2015-1811 jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)<br
Security fix for CVE-2015-1806, CVE-2015-1807, CVE-2015-1813, CVE-2015-1812, CVE-2015-1810, CVE-2015-1808, CVE-2015-1809, CVE-2015-1814, CVE-2015-1811
Monthly Archives: April 2015
CVE-2015-0688
Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.
CVE-2015-2111
Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors.
TGIF: Avast News Wrap-up for March 18 – April 2 2015
The Avast biweekly wrap-up is a quick summary of what was on the Avast blog for the last 2 weeks .
March Madness wraps up on April 6th. Even if you are traveling abroad, all you basketball fans can watch the game using a VPN service. Stay safe during March Madness using Avast SecureLine explains why you should always use VPN when connecting to a public Wi-Fi hotspot, plus the added benefit of being able to watch geo-restricted content online.
Speaking of Wi-Fi – Just like in real estate, one of the most important things for your router is location, location, location. 5 things you can do to boost your Wi-Fi network shares helpful things that you can do yourself to make your Wi-Fi signal stronger within your home or business.
I run because I really REALLY like Beer!
Team Avast rocked it at the Sportisimo Prague Half Marathon.
World Backup Day was a good reminder that we need to take time to prevent data loss on our PCs and mobile phones. We discovered that one of the main reasons that people do not back up their data is because they are lazy.
The family IT expert knows how frustrating it can be to help someone solve a computer problem over the phone. Avast makes it easier with our Remote Assistance service. Now you can Help others with their computer issues using Avast Remote Assistance.
For those of you who like to DIY, you can learn How to use the Avast Virus Chest and what actions you can perform on files inside the chest.
With all the security improvements in browsers and operating systems, some people have questioned whether they still need antivirus protection. The business of malware has changed, but it can still be devastating if you are targeted. COO ONdrek Vlcek explains why Avast is not your father’s antivirus protection.
Bugtraq: NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE
NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE
Bugtraq: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8
Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8
Bugtraq: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17
Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17
Bugtraq: [ MDVSA-2015:192 ] subversion
[ MDVSA-2015:192 ] subversion
CVE-2015-0612
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062.
CVE-2015-0613
The Connection Conversation Manager (CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul20444.