WSO2 Identity Server version 5.0.0 suffers from XML external entity injection, cross site request forgery, and cross site scripting vulnerabilities.
b23a062266269d325f887cf960d7eb910446d8f0167a0b3dbb117e633cc72a23
Red Hat Security Advisory 2015-1006-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
6ebf24c3f0db42257759c31fdfcb6d80a98014c1b1d6c137166193e633de9a26
Red Hat Security Advisory 2015-1007-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
b772b137fb0bdda2ffb0720f11c349a1cbf1d4e0c3104168e2cbee848d92718b
Red Hat Security Advisory 2015-1004-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
3ab0adad6fdda3667b0f1e811a8d230ad26a1f9bb5f02a2fa6f520bf3b3b42f7
Red Hat Security Advisory 2015-1000-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
03f03d53cedd59584831f1b0029666475f5a81ddb57f12c6ce52d258b2f1a3cd
Red Hat Security Advisory 2015-0999-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
8b8a9a5f38747ef44b28cfced166cfbeee90228726e80b1798327876421a726a
Red Hat Security Advisory 2015-1005-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-09 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
18dba377b8d0c3973a6a9ff5ad7a7dfa4b5d0bbeba0504bbf14a350cbc09f23f
Red Hat Security Advisory 2015-1001-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
601caacd379172315f6cfffb985b4159a96e67bb16763d5a658276647f625617
Red Hat Security Advisory 2015-1003-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
422cb9cd2c5794c27203769b3c622eee2665f29cb4a6305ca8a00af32b1ea44b
Red Hat Security Advisory 2015-1002-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
36b8dc0dc040f168bcfb6d3931f9b68020149d31e605934b0251afd569aa45b8
Red Hat Security Advisory 2015-0998-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
4560d87105d92523f195c69d8a771fe7e08b0abb29590473f66f27e5963fe158
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
19b42ed0791ca913756b8b07af8ee72d0e8058d28591098fed1c46203ad10a2e
Ubuntu Security Notice 2608-1 - Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Daniel P. Berrange discovered that QEMU incorrectly handled VNC websockets. A remote attacker could use this issue to cause QEMU to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.
8016922249d1200857b855be754556a4986b2239c15572207796d8c4f2e6d88f
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
d0f177b2ef49e4deae4ff7d3299bdd295ba558a3934ce8ae489b2f13927cbd82
Core Security Technologies Advisory - SAP products make use of a proprietary implementation of the Lempel-Ziv-Thomas (LZC) adaptive dictionary compression algorithm and the Lempel-Ziv-Huffman (LZH) compression algorithm. These compression algorithms are used across several SAP products and programs. Vulnerabilities were found in the decompression routines that could be triggered in different scenarios, and could lead to execution of arbitrary code and denial of service conditions.
b7740dd59be457ef9148466ce77bd2cb7d93fd8bf564a611bcde64e3a811e628
Concrete5 version 5.7.3.1 suffers from multiple cross site scripting vulnerabilities.
779a300e312a7f4499e82dec4285a6c6d712548afa3edad66c1b13bfc741514e
Web India Solutions CMS 2015 suffers from a remote SQL injection vulnerability.
186f772d4cbfbdca92299e311c1cfbd9921be6fd8774c3498aadb5307cb3e6b4
Cisco Security Advisory - Cisco TelePresence TC and TE software contains bypass and denial of service vulnerabilities.
b039a112fa02e1201dfdfc19e955f20fdf2ab0107f851c51c766bcd7ab4086ef
Debian Linux Security Advisory 3259-1 - Several vulnerabilities were discovered in the qemu virtualisation solution.
0023f319a16ece6a882500e80e69ae44288802e335ef47565d8d36f8fc537ea8
Cisco Security Advisory - A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the root user.
83f9feb7e2383c6d20e2c82cb444ba7b846eaaec5df0301bda4e323cdd977dde
WordPress Booking Calendar Contact Form plugin version 1.0.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
634d97d85a3a0669c521ef17cf7084d41acd83e7ce20d66da98dcc013771b672
Gentoo Linux Security Advisory 201505-1 - Multiple vulnerabilities have been found in Ettercap, the worst of which allows remote attackers to execute arbitrary code. Versions less than 0.8.2 are affected.
4fb301318f73335466a17ade52ccdd90b1deaa42c752151235fba66990415fcb
Pure Faction versions 3.0c and below suffer from a buffer overflow vulnerability.
8618e8b91988d93e4585ec66b7b191bf0ccc0cebef32603efe81062604ab7e1f
Red Hat Security Advisory 2015-0983-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. All Tomcat 7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the tomcat service will be restarted automatically.
5fbf9d2bfdeb25eabe097cd11548f49289ce461d6279a5523453f1740bab084e
Red Hat Security Advisory 2015-0981-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. The kernel-rt packages have been upgraded to version 3.10.0-229.4.1, which provides a number of bug fixes and enhancements over the previous version, including:
f7685a4ef3fc6251d8ff3cbd208f6da216aaf3cd4ee9139d4759706f5ef69a7c