John Stumpo discovered that OpenAFS, a distributed file system, does
not fully initialize certain network packets before transmitting them.
This can lead to a disclosure of the plaintext of previously processed
packets.
Monthly Archives: October 2015
DSA-3388 ntp – security update
Several vulnerabilities were discovered in the Network Time Protocol
daemon and utility programs:
DSA-3389 elasticsearch – end-of-life
Security support for elasticsearch in jessie is hereby discontinued. The
project no longer releases information on fixed security issues which
allow backporting them to released versions of Debian and actively
discourages from doing so.
You have new fax, document 000155681
New incoming fax document. Please check your fax document in the attachment to this e-mail. Pages number: 9 Author: Anthony Ayers Quality: 400 DPI Fax name: scanned000155681.doc Scan time: 16 seconds Date: Sat, 31 Oct 2015 02:49:18 +0300 Filesize: 199 Kb Thanks for choosing Interfax!
Bugtraq: [slackware-security] jasper (SSA:2015-302-02)
[slackware-security] jasper (SSA:2015-302-02)
CVE-2015-5667
Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.
CVE-2015-6032
Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation.
CVE-2015-6033
Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update.
CVE-2015-6343
The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202.
CVE-2015-6353
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922.