-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05257711
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05257711
Version: 1
HPSBST03640 rev.1 - HP XP7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05269356
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05269356
Version: 1
HPSBGN03572 rev.1 - HPE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability
EMC Identifier: ESA-2016-108
CVE Identifier: CVE-2016-6644
Severity Rating: CVSS v3 Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected products:
EMC Documentum D2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities
EMC Identifier: ESA-2016-104
CVE Identifier: CVE-2016-0922, CVE-2016-6641, CVE-2016-6642, CVE-2016-6643
Severity Rating: CVSS v3 Base Score: See below for CVSSv3 scores for
individual CVEs
The Shiro team is pleased to announce the release of Apache Shiro version 1.3.2.
This security release contains 1 fix since the 1.3.1 release and is
available for Download now [1].
CVE-2016-6802:
Apache Shiro before 1.3.2, when using a non-root servlet context path,
specifically
Antisip's libosip2 v4.1.0 is vulnerable to heap buffer overflows in the
following functions while parsing SIP messages and leads to a DoS if glibc
hardening is enabled.
1. *osip_body_to_str*
2. *_osip_message_to_str*
All files for reproducing the issues have been filed in the bug tracker [1][2]
Product: OX Guard
Vendor: OX Software GmbH
Internal reference: 47878 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 2.4.2 and earlier
Vulnerable component: guard
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.4.0-rev11, 2.4.2-rev5
Product: OX App Suite
Vendor: OX Software GmbH
Internal reference: 46484 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.8.2 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev46,