OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
OXID eShop Community Edition version 4.9.7 suffers from path traversal and privilege escalation vulnerabilities.
6d480e472dd8ac2378c54bdb33cab32a7b02cd23ec4e03639daf3671e5bd7067
Swagger Editor version 2.9.9 suffers from a cross site scripting vulnerability.
2c9f139677da0df23f3a83e1dfd810fd387124a00de5fae2c2e07e62c09ac0ef
NetCommWireless HSPA 3G10WVE suffers from authentication bypass and remote code execution vulnerabilities.
9996c2e688f51727de634672566a4b67b0fea81f1759e9ab8f7ea6e2e10391bb
libxml versions prior to 2.9.3 suffer from a stack overflow vulnerability when parsing a malicious file.
e627232db6fe21d686a937565c9d43af1ef4a7e15710847f48703d1656e2f593
Zabbix Agent version 3.0.1 suffers from a remote shell command injection vulnerability via mysql.size.
6f4704de4bcf1cffa3bdc31fb48a54c0bbd0e2a752f76897323a61d5406a6f59
Red Hat Security Advisory 2016-0711-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix: The Jenkins continuous integration server has been updated to upstream version 1.642.2 LTS that addresses a large number of security issues, including XSS, CSRF, information disclosure, and code execution.
8cb241f7f26e24db895bca20b367c5d2ec75547e9aa7d1d03f82eab44c897d01
Ubuntu Security Notice 2959-1 - Huzaifa Sidhpurwala, Hanno Boeck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. Various other issues were also addressed.
3fb297642dda424c9a2fdccf91144e60ea85032eaaa5c25bace6373ceec41e05
Red Hat Security Advisory 2016-0716-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
078167b3a1b6eede13852019b0c8bb3574483fe875d568c5496e595340c7d03d
Debian Linux Security Advisory 3566-1 - Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.
c4d2a15eb0d1dceb59a021eef09bc9edd0bfe8717d7f9c3514d177c58c51295f
Slackware Security Advisory - New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
691ee2b30ae6b117b4855ba8e0f0dd25e513546845e8670049741f2b2fe52eb8
Moxa MiiNePort suffers from cross site request forgery, weak credential management, and sensitive information protection vulnerabilities.
7ed488745e4d059d12d5ec837be93fd1917ea75cdbe335cca37b64e00022a474
CONFidence 2016 Call For Papers - This conference will take place from May 19th through the 20th, 2016 in Krakow, Poland.
866cf1ecab274d7a542c851887290f1a1e0a616227e02188fa9b5a7c1896d9e6
Linux 4.4 suffers from a use-after-free vulnerability in double-fdput().
fdf02d266337b84af0f49b7c8b000f74559cac23baf06e83b0bb199f19224b59
Fuzzing packed executables with McAfee's LiveSafe version 14.0 on Windows found a signedness error parsing sections and relocations.
df3a3c638fb803483492e5595745c6b207dc5378a2e3150bc4c2f7d4306afa97
Linux suffers from a reference count overflow using BPF maps.
7adaf8180063a09e3682592ef0ccca5ec1a3445cd1c0424d7f622a7d8f579117
OpenSSL Security Advisory 20160503 - This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time. Other issues were also addressed.
c1bd7ca386d1c20c2cc9e48468708819814aeb79be8b47c58d08c86485a8125a
Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.
9a9189b4d7fe03495edaca2f8d76a9fbb34f18d666bd43cc24ac1ab1a8d428dd
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.
34223fcdcb6cbd70c6b1a484cbbe82f7969a88b8b78a173e0396adc447df53aa
CMS Made Simple versions prior to 2.1.3 and 1.12.2 suffer from a web server cache poisoning vulnerability.
a13d86771a20355ec31260d111b449108279447a297ac945443686c587923cee