Monthly Archives: May 2015
Bettys Tea Rooms Admit To Massive Data Breach
DSA-3266 fuse – security update
Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not
scrub the environment before executing mount or umount with elevated
privileges. A local user can take advantage of this flaw to overwrite
arbitrary files and gain elevated privileges by accessing debugging
features via the environment that would not normally be safe for
unprivileged users.
Vuln: Oracle Java SE CVE-2014-6593 Remote Java SE, Java SE Embedded, JRockit Vulnerability
Oracle Java SE CVE-2014-6593 Remote Java SE, Java SE Embedded, JRockit Vulnerability
CVE for Apple's ECDHE-ECDSA SecureTransport bug?
Posted by Jeffrey Walton on May 20
Does anyone know if Apple’s ECDHE-ECDSA SecureTransport bug was
assigned a CVE? It affected OS X and iOS.
Effectively, the bug was an implementation error that cause
interoperability failures. To mostly counter it, the cipher suites had
to be disabled, which resulted in a loss of security. If the person
experiencing it did not know the cause, then they were left with a
Denial of Service (DoS).
To be clear, this was a different bug than…
CVE ID assignment – eZPublish vulnerability
Posted by us3r777 on May 20
Hi,
I’m trying to get a CVE-ID attributed to the issue discribed bellow.
I tried to contact cve-assign () mitre org two times, on March 31 and on
May 11, but I did not get any answer.
The issue is now public and described here :
http://share.ez.no/community-project/security-advisories/ezsa-2015-001-potential-vulnerability-in-ez-publish-password-recovery
May someone attribute a CVE-ID to this vulnerability please ?
Description…
HP Security Bulletin HPSBUX03334 SSRT102000 1
HP Security Bulletin HPSBUX03334 SSRT102000 1 – Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
HP Security Bulletin HPSBUX03333 SSRT102029 1
HP Security Bulletin HPSBUX03333 SSRT102029 1 – Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.
Red Hat Security Advisory 2015-1021-01
Red Hat Security Advisory 2015-1021-01 – IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
Red Hat Security Advisory 2015-1020-01
Red Hat Security Advisory 2015-1020-01 – IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.