MIT krb5 Security Advisory 2015-001 - The MIT krb5 team has discovered four vulnerabilities affecting kadmind. Some of these vulnerabilities may also affect server applications which use the gssrpc library or the gss_process_context_token() function. These are implementation vulnerabilities, not vulnerabilities in the Kerberos protocol.
f28cbd6ed4a8c0e3d26bda041aee940c93d73705b7f39828878cb06bf34542dd
Red Hat Security Advisory 2015-0117-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server.
f713e3124e7c655d270501159809479899b4f19ffcc520400dd641d3d31683b8
Red Hat Security Advisory 2015-0116-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.
9c28e8f002286dc104dc7d7d69f7f6c508baa8b5d38713b1b7e42f72bdbe6384
Red Hat Security Advisory 2015-0115-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.
e664d8b1ce2c466d3fcc756c0c9f6a62d679a9b714cf6d4b9038b8c64e3036f0
Red Hat Security Advisory 2015-0118-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server.
a2a3add100f5cb765ae01f15b19c6159f481da61b3425e11f5e93a7ea141d0bc
Ubuntu Security Notice 2489-1 - Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.
0e679c8da965f25c86ac820e29fa880a3cfe75ed1f1ccf598b43444fb175f8cf
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
38fc736830de83ae345d917a6c122e2a09119ec5724b553174ddf84062cf2551
Hewlett-Packard Universal CMDB version 10.10 suffers from a jmx-console related authentication bypass vulnerability.
1f3e56ca24c0afc54d16226ea210b990c83d4e7649564d542361c4adc7866481
My Little Forum versions 2.3.3, 2.2, and 1.7 suffer from multiple cross site scripting vulnerabilities.
e3acb8a9d8474a06f086e5e0d02cc13a16b0229c133194f29d0037f76a70061f
ManageEngine Desktop Central 9 suffers from a cross site request forgery vulnerability.
2e4fb8c812586f7ef6aa7a2e697dfeb70c083d402aff24ce5320163cb6a8eb9a
HP Security Bulletin HPSBMU03232 3 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow elevation of privilege. Revision 3 of this advisory.
3241ae0a5e3723cbff328e9f5a6626fd5547ab826c02b365f1fb93c5e86b3d35
HP Security Bulletin HPSBGN03237 1 - A potential security vulnerability has been identified with HP Insight Remote Support v7 Clients running SSLv3 which may affect WBEM, WS-MAN and WMI connections from monitored devices to an HP Insight Remote Support Hosting Device, such as an HP Insight Remote Support Central Management Server (CMS). This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. HP Insight Remote Support 7.2 allows the Hosting Device administrator to disable SSLv3 ciphers. Some monitored devices may require an update to support TLS encryption, while others may not support TLS encryption at all. Disabling SSLv3 on the hosting device can result in loss of communication with such monitored devices. HP has provided the ability to address POODLE in the Insight Remote Support 7.2 release, but disabling SSLv3 requires the Hosting Device administrator to take specific actions to address this vulnerability. Revision 1 of this advisory.
635b4eda7e6f2983a2007a9cf80363f0aca06739e35f7cce1e50e4a69b33592e
HP Security Bulletin HPSBGN03247 1 - A potential security vulnerability has been identified with HP IceWall SSO Dfw using glibc. This vulnerability could be used to remotely execute arbitrary code. Revision 1 of this advisory.
c247a001fb7cb66afedf08c18c082bfb2e5d83b4265b239bdf6b2f229d6c1fa4
Debian Linux Security Advisory 3152-1 - A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact.
d75c233bc48401a828d5d7526c6215a57788b28545653b4fca0bfe314d197148
Debian Linux Security Advisory 3151-1 - Several vulnerabilities were discovered in Django, a high-level Python web development framework.
7b683d29b71f1da0f9519c53ba57afa015125ed42bb6eca2d960403993d57222