BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 6 min 49 sec ago

ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability

May 26, 2016 - 1:17pm

Posted by Security Alert on May 26

ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability

EMC Identifier: ESA-2016-061

CVE Identifier: CVE-2016-0907

Severity Rating: CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected products:
EMC IsilonSD Edge OneFS 8.0.x
EMC Isilon OneFS 8.0.x
EMC Isilon OneFS 7.2.1.x
EMC Isilon OneFS 7.2.0.x
EMC Isilon OneFS 7.1.1.x
EMC Isilon OneFS 7.1.0.x

Summary:
EMC Isilon OneFS and EMC IsilonSD Edge include an...
Categories:

[security bulletin] HPSBGN03610 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Arbitrary Code Execution

May 25, 2016 - 11:52pm

Posted by security-alert on May 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05149345

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05149345
Version: 1

HPSBGN03610 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of
Service (DoS), Arbitrary Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[security bulletin] HPSBMU03611 rev.1 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities

May 25, 2016 - 11:42pm

Posted by security-alert on May 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05150888

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150888
Version: 1

HPSBMU03611 rev.1 - HPE Matrix Operating Environment on Windows and Linux,
Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

[security bulletin] HPSBMU03600 rev.1 - HPE Insight Control server provisioning using OpenSSL, Remote Denial of Service (DoS)

May 25, 2016 - 2:51pm

Posted by security-alert on May 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05150736

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150736
Version: 1

HPSBMU03600 rev.1 - HPE Insight Control server provisioning using OpenSSL,
Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

[security bulletin] HPSBUX03606 rev.1 - HPE HP-UX running Apache Tomcat 7, Multiple Remote Vulnerabilities

May 25, 2016 - 2:40pm

Posted by security-alert on May 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05150442

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150442
Version: 1

HPSBUX03606 rev.1 - HPE HP-UX running Apache Tomcat 7, Multiple Remote
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-05-25
Last...
Categories:

[security bulletin] HPSBMU03601 rev.1 - HPE Insight Control server deployment using OpenSSL, Multiple Vulnerabilities

May 25, 2016 - 2:26pm

Posted by security-alert on May 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05150800

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150800
Version: 1

HPSBMU03601 rev.1 - HPE Insight Control server deployment using OpenSSL,
Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

VMWare vSphere Web Client Flash XSS

May 25, 2016 - 1:11pm

Posted by apparitionsec on May 25

[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt

[+] ISR: apparitionsec

Vendor:
===============
www.vmware.com

Product:
====================================
VMWare vSphere Web Client v5.1 - 6.0

A server virtualization platform from VMware. Also referred to as a cloud operating system or virtualized data center
platform, VMware...
Categories:

Cisco Security Advisory: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

May 25, 2016 - 11:51am

Posted by Cisco Systems Product Security Incident Response Team on May 25

Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20160525-ipv6

Revision 1.0

For Public Release 2016 May 25 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the IP Version 6 (IPv6) packet processing functions of Cisco IOS XR Software and Cisco IOS XE
Software could allow an unauthenticated, remote attacker to...
Categories:

Open-Xchange Security Advisory 2016-05-25

May 25, 2016 - 7:48am

Posted by Martin Heiland on May 25

Product: OX AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 44542 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.8.0 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed versions: 7.6.2-rev40, 7.6.3-rev7, 7.8.0-rev19
Researcher credits: Satish Bommisetty
Vendor notification: 2016-03-07
Solution date: 2016-03-29
CVE reference: CVE-2016-3173
CVSSv3:...
Categories:

[slackware-security] libarchive (SSA:2016-145-01)

May 25, 2016 - 4:23am

Posted by Slackware Security Team on May 25

[slackware-security] libarchive (SSA:2016-145-01)

New libarchive packages are available for Slackware 14.1 and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/libarchive-3.1.2-i486-2_slack14.1.txz: Rebuilt.
Patched an issue with Zip archive handling that could allow an attacker
to overwrite parts of the heap in a controlled fashion and execute...
Categories:

[security bulletin] HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information

May 25, 2016 - 12:56am

Posted by security-alert on May 24

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05149290

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05149290
Version: 1

HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-05-24
Last Updated:...
Categories: