Feed aggregator

[security bulletin] HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege

BugTraq Latest Security Advisories - February 8, 2016 - 1:26am

Posted by security-alert on Feb 07

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04872416

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04872416
Version: 3

HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-11-03
Last Updated:...
Categories:

[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox

BugTraq Latest Security Advisories - February 8, 2016 - 1:17am

Posted by Stefan Kanthak on Feb 07

Hi @ll,

the installers or Oracle's Java 6/7/8 for Windows and VirtualBox for
Windows load and execute several DLLs from their "application directory".

* The online installer jxpiinstall.exe:
UXTheme.dll and RASAdHlp.dll plus
(on Windows XP) SetupAPI.dll, HNetCfg.dll and XPSP2Res.dll
(on Windows Vista and above) ProfAPI.dll, Secur32.dll, NTMarta.dll
and Version.dll

* The offline installer jre-8u66-windows-i586.exe:...
Categories:

[security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution

BugTraq Latest Security Advisories - February 8, 2016 - 1:08am

Posted by security-alert on Feb 07

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04958567

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04958567
Version: 1

HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java
Deserialization, Remote Arbitrary Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

Bugtraq: [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox

Security Focus Latest Security Advisories - February 8, 2016 - 1:00am
[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
Categories:

Bugtraq: [security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution

Security Focus Latest Security Advisories - February 8, 2016 - 1:00am
[security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution
Categories:

Bugtraq: [security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities

Security Focus Latest Security Advisories - February 8, 2016 - 1:00am
[security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities
Categories:

Bugtraq: CVE-2015-3252: Apache CloudStack VNC authentication issue

Security Focus Latest Security Advisories - February 8, 2016 - 1:00am
CVE-2015-3252: Apache CloudStack VNC authentication issue
Categories:

[security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities

BugTraq Latest Security Advisories - February 8, 2016 - 12:59am

Posted by security-alert on Feb 07

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04920918

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04920918
Version: 2

HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security
Restrictions, Indirect Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

next-20160208: linux-next

Linux Kernel Updates - February 8, 2016 - 12:14am
Version:next-20160208 (linux-next) Released:2016-02-08

Bugtraq: CVE-2015-3251: Apache CloudStack VM Credential Exposure

Security Focus Latest Security Advisories - February 7, 2016 - 11:00pm
CVE-2015-3251: Apache CloudStack VM Credential Exposure
Categories:

Bugtraq: [SECURITY] [DSA 3466-1] krb5 security update

Security Focus Latest Security Advisories - February 7, 2016 - 11:00pm
[SECURITY] [DSA 3466-1] krb5 security update
Categories:

Bugtraq: WordPress User Meta Manager Plugin [Blind SQLI]

Security Focus Latest Security Advisories - February 7, 2016 - 11:00pm
WordPress User Meta Manager Plugin [Blind SQLI]
Categories:

4.5-rc3: mainline

Linux Kernel Updates - February 7, 2016 - 6:38pm
Version:4.5-rc3 (mainline) Released:2016-02-07 Source:linux-4.5-rc3.tar.xz PGP Signature:linux-4.5-rc3.tar.sign Patch:patch-4.5-rc3.xz