BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 12 min 54 sec ago

CVE-2015-0223: anonymous access to qpidd cannot be prevented

January 27, 2015 - 4:17am

Posted by Gordon Sim on Jan 27

Apache Software Foundation - Security Advisory

anonymous access to qpidd cannot be prevented

CVE-2015-0223 CVS: 5.8

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version 0.30

Description:

An attacker can gain access to qpidd as an anonymous user, even if the
ANONYMOUS mechanism is disallowed.

Solution:

A patch is available (...
Categories:

CVE-2015-0224: qpidd can be crashed by unauthenticated user

January 27, 2015 - 4:10am

Posted by Gordon Sim on Jan 27

Apache Software Foundation - Security Advisory

qpidd can be crashed by unauthenticated user

CVE-2015-0224 CVS: 7.8

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version 0.30

Description:

In CVE-2015-0203 it was announced that certain unexpected protocol
sequences cause the broker process to crash due to insufficient
checking, but that authentication...
Categories:

[CORE-2015-0002] - Android WiFi-Direct Denial of Service

January 27, 2015 - 4:02am

Posted by CORE Advisories Team on Jan 27

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Android WiFi-Direct Denial of Service

1. *Advisory Information*

Title: Android WiFi-Direct Denial of Service
Advisory ID: CORE-2015-0002
Advisory URL:
http://www.coresecurity.com/advisories/android-wifi-direct-denial-service
Date published: 2015-01-26
Date of last update: 2015-01-26
Vendors contacted: Android Security Team
Release mode: User release

2. *Vulnerability...
Categories:

WebKitGTK+ Security Advisory WSA-2015-0001

January 27, 2015 - 3:52am

Posted by Carlos Alberto Lopez Perez on Jan 27

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0001
------------------------------------------------------------------------

Date reported : January 26, 2015
Advisory ID : WSA-2015-0001
Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html
Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8.
CVE identifiers :...
Categories: