The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page.
Monthly Archives: August 2015
CVE-2015-5499
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the “navigate view” permission.
Bugtraq: Re: Re: [SECURITY] [DSA 3336-1] nss security update
Re: Re: [SECURITY] [DSA 3336-1] nss security update
Bugtraq: Re: [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD â?? XXE
Re: [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD â?? XXE
Bugtraq: [SECURITY] [DSA 3325-2] apache2 regression update
[SECURITY] [DSA 3325-2] apache2 regression update
Bugtraq: [SECURITY] [DSA 3337-1] gdk-pixbuf security update
[SECURITY] [DSA 3337-1] gdk-pixbuf security update
Adobe Patches XXE Vulnerability in LiveCycle Data Services
Adobe pushed out a hotfix for LiveCycle Data Services patching an XXE vulnerability in BlazeDS.
CESA-2015:1640 Moderate CentOS 7 pam SecurityUpdate
CentOS Errata and Security Advisory 2015:1640 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1640.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: e0d36e10c6878fa9f1b0b7e9dc15deb22d795925856826ecc8619fd322f23892 pam-1.1.8-12.el7_1.1.i686.rpm 95e6dfc467787bfe47414daa88e9ce701ead0b791e399f891f8cedbce99ff979 pam-1.1.8-12.el7_1.1.x86_64.rpm d45322823151e2f613dcbe6fb4f30a4c3136c5416a68aeb640c8e3d014c3f1d4 pam-devel-1.1.8-12.el7_1.1.i686.rpm 59ee244c96662c9b7a9a739d88f6a33b8821c3def4ee425cb4d9f98181685508 pam-devel-1.1.8-12.el7_1.1.x86_64.rpm Source: a2f8e35f3ab15ebd7821384966adee39e4efaa3cc1fdd0a26b80efdb92301e81 pam-1.1.8-12.el7_1.1.src.rpm
RHSA-2015:1642-1: Important: Red Hat JBoss Web Server 2.1.0 security update
Red Hat Enterprise Linux: An update for Red Hat JBoss Web Server 2.1.0 that fixes two security issues
is now available for Red Hat Enterprise Linux 5, 6, and 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-8111, CVE-2015-0298
RHSA-2015:1640-1: Moderate: pam security update
Red Hat Enterprise Linux: An updated pam package that fixes one security issue is now available for
Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
CVE-2015-3238