BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 9 min 33 sec ago

SECUREDROP >= 0.3 - Possible Backdoor & Privileges Escalation by Unauth User

April 1, 2015 - 2:36pm

Posted by ~~~ Elliptic TAO Team ~~~ on Apr 01

___________.__ .__ .__ __ .__ ________________ ________
\_ _____/| | | | |__|______/ |_|__| ____ \__ ___/ _ \ \_____ \
| __)_ | | | | | \____ \ __\ |/ ___\ | | / /_\ \ / | \
| \| |_| |_| | |_> > | | \ \___ | |/ | \/ | \
/_______ /|____/____/__| __/|__| |__|\___ > |____|\____|__ /\_______ /
\/ |__| \/...
Categories:

[security bulletin] HPSBST03298 rev.2 - HP XP Service Processor Software for Windows, Multiple Vulnerabilities

April 1, 2015 - 1:52pm

Posted by security-alert on Apr 01

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04600552

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04600552
Version: 2

HPSBST03298 rev.2 - HP XP Service Processor Software for Windows, Multiple
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-03-13...
Categories:

[security bulletin] HPSBGN03307 rev.1 - HP Intelligent Provisioning, Disclosure of Information

April 1, 2015 - 12:54pm

Posted by security-alert on Apr 01

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04626732

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04626732
Version: 1

HPSBGN03307 rev.1 - HP Intelligent Provisioning, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-04-01
Last Updated:...
Categories:

[security bulletin] HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and Windows, Remote Disclosure of Information

April 1, 2015 - 12:48pm

Posted by security-alert on Apr 01

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04624296

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04624296
Version: 1

HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and
Windows, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[SECURITY] [DSA 3211-1] iceweasel security update

April 1, 2015 - 12:41pm

Posted by Salvatore Bonaccorso on Apr 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-3211-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 01, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2015-0801 CVE-2015-0807...
Categories:

Cisco Security Advisory: Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability

April 1, 2015 - 12:31pm

Posted by Cisco Systems Product Security Incident Response Team on Apr 01

Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability

Advisory ID: cisco-sa-20150401-dcnm

Revision 1.0

For Public Release 2015 April 1 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Prime Data Center Network Manager (DCNM) contains a file
information disclosure vulnerability that could allow an
unauthenticated, remote attacker to retrieve arbitrary...
Categories:

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection

April 1, 2015 - 12:23pm

Posted by Cisco Systems Product Security Incident Response Team on Apr 01

Multiple Vulnerabilities in Cisco Unity Connection

Advisory ID: cisco-sa-20150401-cuc

Revision 1.0

For Public Release 2015 April 1 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Unity Connection contains multiple vulnerabilities, when it is
configured with Session Initiation Protocol (SIP) trunk integration.

The vulnerabilities described in this advisory are denial of service...
Categories:

ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability

April 1, 2015 - 10:00am

Posted by Security Alert on Apr 01

ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability

EMC Identifier: ESA-2015-056

CVE Identifier: CVE-2015-0529

Severity Rating: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected products:

• EMC PowerPath Virtual Appliance (vApp) versions 1.x

Summary:

EMC PowerPath vApp contains undocumented user accounts that may potentially be utilized by malicious users to gain
limited...
Categories:

[SECURITY ANNOUNCEMENT] CVE-2015-0225

April 1, 2015 - 9:50am

Posted by Jake Luciani on Apr 01

CVE-2015-0225: Apache Cassandra remote execution of arbitrary code

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Cassandra 1.2.0 to 1.2.19
Cassandra 2.0.0 to 2.0.13
Cassandra 2.1.0 to 2.1.3

Description:
Under its default configuration, Cassandra binds an unauthenticated
JMX/RMI interface to all network interfaces. As RMI is an API for the
transport and remote execution of serialized Java, anyone with access
to...
Categories:

[SECURITY] [DSA 3210-1] wireshark security update

March 31, 2015 - 12:45pm

Posted by Moritz Muehlenhoff on Mar 31

-------------------------------------------------------------------------
Debian Security Advisory DSA-3210-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
March 31, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2015-2188 CVE-2015-2189...
Categories:

[ MDVSA-2015:186 ] phpmyadmin

March 31, 2015 - 10:37am

Posted by security on Mar 31

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:186
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : phpmyadmin
Date : March 31, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

A...
Categories:

[ MDVSA-2015:185 ] dokuwiki

March 31, 2015 - 10:30am

Posted by security on Mar 31

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:185
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : dokuwiki
Date : March 31, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[security bulletin] HPSBHF03271 rev.1 - HP PCs and Workstations Running Windows 7 with NVidia Graphics Driver, Elevation of Privileges

March 31, 2015 - 10:24am

Posted by security-alert on Mar 31

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04577892

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04577892
Version: 1

HPSBHF03271 rev.1 - HP PCs and Workstations Running Windows 7 with NVidia
Graphics Driver, Elevation of Privileges

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[SECURITY] [DSA 3209-1] openldap security update

March 31, 2015 - 10:12am

Posted by Yves-Alexis Perez on Mar 31

-------------------------------------------------------------------------
Debian Security Advisory DSA-3209-1 security () debian org
http://www.debian.org/security/ Yves-Alexis Perez
March 30, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openldap
CVE ID : CVE-2013-4449 CVE-2014-9713...
Categories:

[security bulletin] HPSBGN03270 rev.1 - HP Operations Analytics, Remote Execution of Code

March 31, 2015 - 10:02am

Posted by security-alert on Mar 31

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04577814

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04577814
SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04577814
Version: 1

HPSBGN03270 rev.1 - HP Operations Analytics, Remote Execution of Code

NOTICE: The information in this Security Bulletin should be acted upon as...
Categories: