WordPress YouTube Embed plugin version 3.3.2 suffers from a stored cross site scripting vulnerability.
bd08d635da81f1250b0bd7b2decd8288c09061ca8182cdeb83b88b0b64cd4586
HP Security Bulletin HPSBGN03411 1 - A potential security vulnerability has been identified in HP Operations Agent Virtual Appliance. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.
639bf8507e1b5ad87717788379b46c94b04598136a31007b96374bcb323d0885
HP Security Bulletin HPSBGN03405 1 - Potential security vulnerabilities have been identified in HP Integration Adaptor. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
0e6fc4e54f6c6314c75c0105e2ac65fd4c07dd8d8fb3eb8e90df6aa1a1f6a636
HP Security Bulletin HPSBGN03399 1 - Potential security vulnerabilities have been identified in HP BSM Connector (BSMC). The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
84f3b874b3b98be0bf0823568c0e8846a56946be08587462ea7859e44fa6c5df
FreeBSD Security Advisory - If the kernel-mode IRET instruction generates an #SS or #NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userland GS segment may be used in the context of the kernel exception handler. By causing an IRET with #SS or #NP exceptions, a local attacker can cause the kernel to use an arbitrary GS base, which may allow escalated privileges or panic the system.
c96f042a2e1f79016cee3228dd1a6dccfd18fcba578117e9a03af878aee5caf1
FreeBSD Security Advisory - A programming error in the privileged monitor process of the sshd(8) service may allow the username of an already-authenticated user to be overwritten by the unprivileged child process. A use-after-free error in the privileged monitor process of he sshd(8) service may be deterministically triggered by the actions of a compromised unprivileged child process. A use-after-free error in the session multiplexing code in the sshd(8) service may result in unintended termination of the connection.
3a8b1bfd85b5a339a84d61427764656f8de8bc6b1e993e98a5732638aac6f504
nullcon is an annual security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 4th through the 5th, 2016.
4f1454e9bc2d8289b349a3fdce42d430af7f08c0ece80b991b18ed318038403e
Debian Linux Security Advisory 3343-1 - James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates.
805404034e4c9a24f3324b6ba48b3771bb4d719aa491044f98bc20c9f2e2ade3
Ubuntu Security Notice 2722-1 - Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.
53ace9ef917aebbafcf19dc56fa2c9f36bb86ae8fb4479b09de38565703eb1f6
HP Security Bulletin HPSBGN03415 1 - Potential security vulnerabilities have been identified in HP Operations Agent Virtual Appliance. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
fe697ef6edf021eeaaa0c510a00b8027459e63c615ee0257cc4e7099c03d9fe1
HP Security Bulletin HPSBGN03414 1 - Potential security vulnerabilities have been identified in HP Operations Agent. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
bf90a44cb60c6e9039856d3da552a22356d63ab04ce1ca47af70fce3e6b2b9e1
ZSNES version 1.51 suffers from a buffer overflow vulnerability.
ac0bbeac824268291f65934827d6406fd927814abaffee462140a86382be50ec
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
ed6f8cfbda6dc76a56a994465188b49419267492ebc6d5328e0947479bd2714b
HP Security Bulletin HPSBMU03409 1 - Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.
ed1893104d8e7dcdd770c7c2dd6eea29fcb783bd67155f6d99ab3d07423260e5
HP Security Bulletin HPSBGN03404 1 - A potential security vulnerability has been identified in HP Service Health Reporter. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.
81df34bec39d89b1c0a6979bd60403319676351b9237601064e3bfd18d74561f
Ubuntu Security Notice 2712-1 - Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
674b2e26a251f35dbda3345884ca92e8bd282ae9ac9699767bce9224e7a9d691
Red Hat Security Advisory 2015-1682-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird .
4c069329c01d5dd2b23d438ea15fb2cf2ddb55af9e97c1998eb05ee9cd900538
Red Hat Security Advisory 2015-1685-01 - Python-keystoneclient is a client library and a command-line utility for interacting with the OpenStack Identity API. It was discovered that some items in the S3Token configuration as used by python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option was set to "false", the option would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. Note: The "insecure" option defaults to false, so setups that do not specifically define "insecure=false" are not affected.
f7c56d4b381ea910926af2ea30028853daff29cd7f8167099a0f0009a6fa3119
Red Hat Security Advisory 2015-1683-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.
05e8000a6206bbfbe20a766ed07087904157b0283a55bcc3b13dd5695debb6d1
Red Hat Security Advisory 2015-1684-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container.
ee39183a3ea994aeff17098083ebe2a8492a6ee3bf022511868c02167de39768
HP Security Bulletin HPSBMU03397 1 - Potential security vulnerabilities have been identified with HP Version Control Agent (VCA) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.
4b42962930ba66e223d79373611361d9e3b5d02e2010fe34205524553f22c3d5
HP Security Bulletin HPSBMU03413 1 - Potential security vulnerabilities have been identified with HP Virtual Connect Enterprise Manager SDK. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.
6b5a85f0a3835e211788a83e13c0d0712017e6346f21143164be00789078748c
HP Security Bulletin HPSBMU03396 1 - Potential security vulnerabilities have been identified with HP Version Control Repository Manager (VCRM) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), execution of arbitrary code, unauthorized modification, unauthorized access, disclosure of information, cross-site request forgery (CSRF), or elevation of privilege. Revision 1 of this advisory.
619deaf4049b64ca228d248eccdea1ecdfa933166df8d4b18aafd081c1b4ca8f
Red Hat Security Advisory 2015-1686-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. A flaw was found in the Django session backend, which could allow an unauthenticated attacker to create session records in the configured session store, causing a denial of service by filling up the session store.
acf60870374e52838ceb79bf380b03c1f8262786630a6240d6a305c27b59d945
WordPress Car Rental System plugin versions prior to 3.1 suffer from a remote SQL injection vulnerability.
a2cdab0c11366b52adaafd94afcce39eacb22aff6f7f1ff06b4f931c4a631ffa