The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
6f7fdc579c4c27554cc3ec99a4f16381b719faa8c9b3ea09575d872a2c46eedb
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
57646d3e4b919fa1e5c8f1c0cf5fe1215333041c493a5ebc4b8f2978dbe930f2
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
7f09319d044b0f6ee71fe3587bb873be701723ac0952cff5069046a78de8fd86
Apache Standard Taglibs version 1.2.1 suffers from XXE and remote command execution vulnerabilities via the XSL extension in JSTL XML tags.
8c2ab7316e10682e5ec4ae90bd77f5d88181ffc401373f41d68ce5954d7390c9
Tcl versions 1.0.0 through 1.16 suffer from a cross site scripting vulnerability.
730a7bdc810f6661614e8c85a4d349f300753b320e0c094481b7623cf1db1ed1
WordPress Media Cleaner plugin version 2.2.6 suffers from a cross site scripting vulnerability.
d6d74a75a7b2750fa09fb305d04f9190b5b35d816ed0e17bd581dad5ccd3abf6
Debian Linux Security Advisory 3176-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
840d3a686a95a1505364975685598e01a1f4b7e2a8c3bf734345eba944e56722
Electronic Arts Origin Client version 9.5.5 suffers from multiple privilege escalation vulnerabilities.
bdc4deb08d63ed9cd53fd413b95ebd3ad366bfd82c36adf13589b24c4c2719be
Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by other users. Jetty versions 9.2.3 through 9.2.8 are affected. Proof of concept code included.
17f918c6ed7be55415f6475ca5befcbf2d795848bb2960612e998e54f15479d5
Wireless File Transfer Pro Android suffers from a cross site request forgery vulnerability.
f709cfd1847fd656f23afa2f5a198b95fcf11abe5bc5307c2b3e6986922ffa41
Data Source: Scopus CMS suffers from a remote SQL injection vulnerability.
b800f8c298aac054e854e7dff0260d6929a4378ec6d5bbeb141735b6bb249cb1
DSS TFTP version 1.0 suffers from a path traversal vulnerability.
1659f811ad0d86f14519c3c5d8b7cf5d0467eaa4dfccab458a7219f5b85406ad
Multiple D-Link and TRENDnet devices suffer from cross site request forgery and unauthenticated access vulnerabilities. Various proof of concepts included.
d86bc02a0870f2b702d8d6cfe716a8d3945f7125fd82903e1ad431ce4f504b42
Collabtive version 2.0 suffers from a stored cross site scripting vulnerability.
51dbb48d16f19915093f913e78a13762366a085517ff044dcbe854adf5fca212
Akeneo PIM suffers from a cross site scripting vulnerability.
040796ea07e3e0dd0e31046f63c7e45cef6b91156f100b03958457fd5300859d
eFront Learning version 3.6.11 suffers from a stored cross site scripting vulnerability.
003e810011af79ee652072521748cd4aa32885be460c9e002ccdbf1dd2107972
Secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
7583c1120e911e292f22b4a1d949b32c23518038afd966d527dae87c61565283
FreeBSD Security Advisory - BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable. A remote attacker can trigger a crash of a name server that is configured to use managed keys under specific and limited circumstances. However, the complexity of the attack is very high unless the attacker has a specific network relationship to the BIND server which is targeted.
0e416654c22a1367cdad06ceb1a67ec74bb5ad43931cfbbd4d5e066547480619
FreeBSD Security Advisory - An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash.
76ae1889e6e180016123dbcd9d01a3c9f96266857a6c54bf55851337ed754719
TangoBB version 1.5.0-A3 suffers from a cross site scripting vulnerability.
f14175c8ce177339644aee54e883870979db753dec8cfea37dfd6eec3d7e585d
Enano CMS version 1.1.8pl1 suffers from a cross site scripting vulnerability.
77dfeefd90af3bf96609dca951ae09bcd4a7461ee0b4f68b894ccb8f1404c368
Ubuntu Security Notice 2512-1 - A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. Various other issues were also addressed.
3f262086df87588265dbecbb8ff0843e0cab2865cab84a7edc8442b585a2644f
Ubuntu Security Notice 2519-1 - Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the GNU C Library incorrectly handled receiving a positive answer while processing the network name when performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to hang, resulting in a denial of service. Various other issues were also addressed.
1b157586f2ed9c751bb741fa0ea8c7d75c284f263ee1da14e33f7921b5b19b1d
Ubuntu Security Notice 2520-1 - Peter De Wachter discovered that CUPS incorrectly handled certain malformed compressed raster files. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.
3f5f2c63b03a2f9dbe4401968467d5532e3781909850a2839166ccf5352b25ef
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
407ff06d90c59a8b214eeec8314e041b0b6f0f5ceb2a4b26b52d783cf39cdb87