[security bulletin] HPSBGN03192 rev.1 – HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information
Monthly Archives: November 2014
Bugtraq: [SECURITY] [DSA 3073-1] libgcrypt11 security update
[SECURITY] [DSA 3073-1] libgcrypt11 security update
Bugtraq: [slackware-security] mozilla-thunderbird (SSA:2014-320-01)
[slackware-security] mozilla-thunderbird (SSA:2014-320-01)
CVE-2014-6095
Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-6096
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-6098
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request.
CVE-2014-6105
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2014-6107
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.
CVE-2014-6110
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation.
CVE-2014-7992
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.