2015-08-27

 
RSS for product
CVE-2015-5367
 
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.

 
RSS for product
CVE-2015-5368
 
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors.
2015-08-26

 
RSS for product
CVE-2015-6261 Cisco Telepresence video commu...
 
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531.

 
RSS for product
CVE-2013-7424 GNU Glibc
 
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.

 
RSS for product
CVE-2015-3158 Picketlink Picketlink
 
The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.

 
RSS for product
CVE-2015-3221 Openstack Neutron
 
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

 
RSS for product
CVE-2015-3239 Redhat Libunwind
 
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.

 
RSS for product
CVE-2015-4037 QEMU QEMU
 
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.

 
RSS for product
CVE-2015-4173 DELL Sonicwall netextender fi...
 
Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender with firmware before 7.5.1.2 and 8.x before 8.0.0.3 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.

 
RSS for product
CVE-2015-5409 HP Version control reposito...
 
Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

 
RSS for product
CVE-2015-5410 HP Version control reposito...
 
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors.

 
RSS for product
CVE-2015-5411 HP Version control reposito...
 
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.

 
RSS for product
CVE-2015-5412 HP Version control reposito...
 
Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

 
RSS for product
CVE-2015-5413 HP Version control reposito...
 
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors.

 
RSS for product
CVE-2015-2139 HP Systems insight manager
 
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403.

 
RSS for product
CVE-2015-2140 HP Systems insight manager
 
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

 
RSS for product
CVE-2015-5402 HP Systems insight manager
 
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors.

 
RSS for product
CVE-2015-5403 HP Systems insight manager
 
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139.

 
RSS for product
CVE-2015-5404 HP Systems insight manager
 
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

 
RSS for product
CVE-2015-5405 HP Systems insight manager
 
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

 
RSS for product
CVE-2015-5427 HP Matrix operating environ...
 
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429.

 
RSS for product
CVE-2015-5428 HP Matrix operating environ...
 
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429.

 
RSS for product
CVE-2015-5429 HP Matrix operating environ...
 
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.

 
RSS for product
CVE-2015-5430 HP Matrix operating environ...
 
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.

 
RSS for product
CVE-2015-5431 HP Matrix operating environ...
 
HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

 
RSS for product
CVE-2015-5432 HP Virtual connect enterpri...
 
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

 
RSS for product
CVE-2015-5433 HP Virtual connect enterpri...
 
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.

 
RSS for product
CVE-2015-6265 Cisco Application control engi...
 
The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662.
2015-08-25

 
RSS for product
CVE-2012-2150 SGI Xfsprogs
 
xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.

 
RSS for product
CVE-2015-4020 Rubygems Rubygems
 
RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

 


Copyright 2015, cxsecurity.com