[security bulletin] HPSBHF03125 rev.1 – HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution
Monthly Archives: October 2014
Bugtraq: [security bulletin] HPSBMU03126 rev.1 – HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)
[security bulletin] HPSBMU03126 rev.1 – HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)
Bugtraq: [SECURITY] [DSA 3052-1] wpa security update
[SECURITY] [DSA 3052-1] wpa security update
OpenX 2.8.10 Open Redirect
OpenX version 2.8.10 suffers from multiple open redirection vulnerabilities.
CEEA-2014:1649 CentOS 7 kpatch Enhancement Update
CentOS Errata and Enhancement Advisory 2014:1649 Upstream details at : https://rhn.redhat.com/errata/RHEA-2014-1649.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 51d8cfeb1a49efd3d778fcbf00537076b2d68f6ebcd0098fa174cd885c29dc6a kpatch-0.1.10-3.el7_0.noarch.rpm Source: 4d7cb8146fc0433167cd8e18f439d3b3cf7748649ce21b509b501fd46cc45c58 kpatch-0.1.10-3.el7_0.src.rpm
CESA-2014:1652 Important CentOS 7 opensslSecurity Update
CentOS Errata and Security Advisory 2014:1652 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1652.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 982ba4376041d2d99d4b84dc05fbeac6b925777aa34d631aceeedb598bb98413 openssl-1.0.1e-34.el7_0.6.x86_64.rpm 426ba8dc7ac74f8b71f7965ec2e6e6b398ab466dc892394e8d1d5bd80ca4a4e6 openssl-devel-1.0.1e-34.el7_0.6.i686.rpm 7fdf24148ed86f0abb2618d92741d5c8f0769de6136b4ed9df2a60b8c795abe3 openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm ebc0fc79108a67efd64da36669c90865b4a75a38b4c07a5316078edd98b65da9 openssl-libs-1.0.1e-34.el7_0.6.i686.rpm 5d0607c487922602ae315f62d9d3c0eb8ca76a65c288e6c8fc61f688dad59593 openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm 4b092081206a1140a5d2901c2f5513c8155ec2b57a05cafdd6c9011ccdde78f5 openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm d664f61543bb84773467300c726d870700584f5af616df7a9f29922822773dd8 openssl-static-1.0.1e-34.el7_0.6.i686.rpm c57075f8c198ec81db1936eb2dea8ff210de317f76047ffa601eefd8230d3bae openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm Source: 6638e94c18b6961748e7986823b7115d852b25883ccff03ec89a16234cbca517 openssl-1.0.1e-34.el7_0.6.src.rpm
CVE-2014-6970
The North American Ismaili Games (aka hr.apps.n166983741) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6981
The Taiwan Business Bank (aka com.mitake.TBB) application 2.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6980
The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6974
The MifaShow Hairstyles (aka com.mifashow) application 3.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.