CVE-2015-7318
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses. Date published : 2017-09-25 https://bugzilla.redhat.com/show_bug.cgi?id=1264796 https://plone.org/security/hotfix/20150910
Monthly Archive: September 2017
CVE-2015-7317
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. Date published : 2017-09-25 https://bugzilla.redhat.com/show_bug.cgi?id=1264799 https://plone.org/security/hotfix/20150910
CVE-2015-7316
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1. Date published : 2017-09-25 https://bugzilla.redhat.com/show_bug.cgi?id=1264788 https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone
CVE-2015-7315
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without...
CVE-2015-7293
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. Date published : 2017-09-25 https://plone.org/security/hotfix/20151006 https://pypi.python.org/pypi/plone4.csrffixes
CVE-2015-6748
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. Date published : 2017-09-25 http://www.securityfocus.com/bid/76504 https://bugzilla.redhat.com/show_bug.cgi?id=1258310
CVE-2015-6592
Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. Date published : 2017-09-25 http://www.securityfocus.com/bid/76552 http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-452865.htm
CVE-2015-5704
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. Date published : 2017-09-25 http://www.securityfocus.com/bid/76143 https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8
CVE-2015-5666
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. Date published : 2017-09-25 http://www.securityfocus.com/bid/77344 http://jvn.jp/en/jp/JVN25086409/index.html
CVE-2015-5327
Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. Date published : 2017-09-25 https://bugzilla.redhat.com/show_bug.cgi?id=1278978 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206
CVE-2015-5282
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. Date published : 2017-09-25 http://projects.theforeman.org/issues/11859 https://bugzilla.redhat.com/show_bug.cgi?id=1264221
CVE-2015-5263
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server’s TLS certificate signatures when retrieving the server’s public key upon registration. Date published : 2017-09-25 https://github.com/pulp/pulp/blob/aa432bf58497b5e3682333b1d5f5ae4f45788a61/client_consumer/pulp/client/consumer/cli.py#L103 https://github.com/pulp/pulp/commit/b542d7465f7e6e02e1ea1aec059ac607a65cefe7#diff-17110211f89c042a9267e2167dedd754
CVE-2015-5237
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. Date published : 2017-09-25 https://bugzilla.redhat.com/show_bug.cgi?id=1256426 https://github.com/google/protobuf/issues/760
CVE-2015-5184
Console: CORS headers set to allow all in Red Hat AMQ. Date published : 2017-09-25 https://bugzilla.redhat.com/show_bug.cgi?id=1249183 https://lists.apache.org/thread.html/9e3391878c6840b294155f7ba6ccb47586e317f85c1bbd15c4608bd0@%3Cdev.activemq.apache.org%3E