HP Security Bulletin HPSBGN03395 1 – A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.
Monthly Archives: August 2015
Slackware Security Advisory – gnutls Updates
Slackware Security Advisory – New gnutls packages are available for Slackware 14.0, 14.1, and -current to fix security issues. IMPORTANT: On Slackware 14.0, install the new updated nettle package first.
HP Security Bulletin HPSBGN03395 1
HP Security Bulletin HPSBGN03395 1 – A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.
Red Hat Security Advisory 2015-1679-01
Red Hat Security Advisory 2015-1679-01 – OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Two security issues were discovered in the Horizon dashboard and are addressed in this update: A cross-site scripting flaw was found in the Horizon Orchestration dashboard. An attacker able to trick a Horizon user into using a malicious template during the stack creation could use this flaw to perform an XSS attack on that user.
Red Hat Security Advisory 2015-1678-01
Red Hat Security Advisory 2015-1678-01 – Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. A flaw was found in the Django session backends whereby an unauthenticated attacker could cause session records to be created in the configured session store, leading to a Denial of Service.
Red Hat Security Advisory 2015-1680-01
Red Hat Security Advisory 2015-1680-01 – OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A Denial of Service flaw was found in the L2 agent when using the IPTables firewall driver. By submitting an address pair that will be rejected as invalid by the ipset tool, an attacker may cause the agent to crash.
Bugtraq: [SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5
[SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5
Bugtraq: [SYSS-2015-027] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5
[SYSS-2015-027] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5
Bugtraq: [SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5
[SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5
Bugtraq: [security bulletin] HPSBMU03345 rev.1 – HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, Unauthorized Modification
[security bulletin] HPSBMU03345 rev.1 – HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, Unauthorized Modification