D-Link DAP-1320 wireless range extenders suffer from cross site scripting and directory traversal vulnerabilities.
77b810526b2243160b03793dfdb3c3585e5ec7325808307c5d7dc5f0e4ec20bd
F-Secure Messaging Security Gateway version 7.5.0.892 suffers from a reflective cross site scripting vulnerability.
1ebe4673c3131e4294001e8442564433f1c1492f36c6fab08541b4faaba0b2bb
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
b375bd144b2f81ac70be343ff773bd7359c755f388f319524145505fb617fc64
Nagios Remote Plugin Executor (NRPE) versions 2.15 and below suffer from a remote command execution vulnerability.
035764b6de0406994622b53a57f33221624085f4e55263d2f7452b0cfbc8b3ed
HP Security Bulletin HPSBMU02995 3 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 3 of this advisory.
86765e24d5fcb7d4170feb34ec2d8d7db6999d8047673df3d2fb46a973590cdb
HP Security Bulletin HPSBMU02998 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
733ae6b6c797c2f872b96a8cfe71841d57f9fd119cfbb08abf8bc944a7445c49
HP Security Bulletin HPSBGN03010 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
172c320e016b03571bbe375dc655cf8d96104b9638eb6a31af4da51d7f8d2058
HP Security Bulletin HPSBMU02935 2 - Potential security vulnerabilities have been identified with HP LoadRunner Virtual User Generator. The vulnerabilities could be exploited to allow remote code execution and disclosure of information. Revision 2 of this advisory.
c17c49979c868c01c3de4db8eacd6549014a47f13c9b15385389dc06d3eacb41
HP Security Bulletin HPSBMU02987 - A potential security vulnerability has been identified with HP Universal Configuration Management Database Integration Service. The vulnerability could be exploited to allow remote execution of code. Revision 1 of this advisory.
146b6c10aaae84fdd8c94f2074128e3d38ec819b17d443dbeec5d4e08d5f449c
HP Security Bulletin HPSBMU02988 - A potential security vulnerability has been identified with HP Universal Configuration Management Database Integration Service. The vulnerability could be exploited to allow disclosure of information. Revision 1 of this advisory.
5cfdc87ca68bc3d113f239c5c7c951f574a2fc5614984e93389993becc828ef0
HP Security Bulletin HPSBMU02982 - A potential security vulnerability has been identified with HP Database and Middleware Automation (DMA). The vulnerability could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.
b4e78fd8204d45695af10e5c2e77b2a9175a0c50fd21acb8579dcc925aaa1477
HP Security Bulletin HPSBGN03008 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
dc12ff4b97cc7f7bde3e57c9bc930be617618f08358ac5d4132d942d76cef2c1
HP Security Bulletin HPSBMU02996 - A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. This vulnerability could be remotely exploited resulting in unauthorized access or execution of arbitrary code. Revision 1 of this advisory.
832c5ff1a9d8afd2aacff0f24630f22290dc29524365a7b0173bb95574e49237
Red Hat Security Advisory 2014-0412-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
14e6e30de1dd8d53d0118bd04bcdd0bae0938c861f8eebcd77cbd8be81d4fe4c
Red Hat Security Advisory 2014-0413-02 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
36273595a316596e5e9c175f2af277f4b20df80c8667ad56d776f9fbe9258c28
Red Hat Security Advisory 2014-0409-02 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. The gluster-swift component, provided by Red Hat Storage, requires the auth_token middleware. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.
debcf705b06b5d1037df044c9082983bed52386575c5808c293ec0369d358fea
Mandriva Linux Security Advisory 2014-079 - Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library. Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU.
283252a26796384c39dbaf9c5eebd109cce41ade7c0422b68ccb6e4ff62aa236
Red Hat Security Advisory 2014-0416-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues: An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
0032421aec1d1d27f91354a5fea1ce01a8e83f64e4d39583854c2b9d91e466a1
Red Hat Security Advisory 2014-0415-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. A buffer overflow flaw was found in the way the libyaml library parsed URLs in YAML documents. An attacker able to load specially crafted YAML input to an application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An integer overflow flaw was found in the way the libyaml library handled excessively long YAML tags. An attacker able to load specially crafted YAML input to application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
5fef5f073818707ceea9b7f87273bfe379b0a83bea50ee402ae2cf18c228dca7
Red Hat Security Advisory 2014-0414-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section.
5b3fb26a72b3dc5b46c59de7a98419bcfae270b7312d42ac692372308de6f6a1
CMSimple versions 4.4.2 and below suffer from a remote file inclusion vulnerability.
f91d039649d0d7455138e22a97cb9bbde986f51fffebbd0a62328e6e857ccbea
Jzip version 2.0.0.132900 structured exception handler (SEH) unicode buffer overflow denial of service exploit.
a6e85747e12c5a2bb932271a468a9287a562d49c9948a9fb730c4886698b8934
Poor treatment of file paths may lead to rogue binary execution in McAfee Security Scanner Plus.
1f27a310e8ba534f86eb471ef915bc94b1c682806e2c9e1eb7e4cbce7b1f69a1
ASUS RT series of routers disclose administrative credentials.
8772a0c6d1603fbc6b5d100af4cf6abccf78190e836b3ada0d1b5bdd764b4937