[security bulletin] HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access Restriction Bypass

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05257711 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05257711 Version: 1 HPSBST03640 rev.1 - HP XP7

[security bulletin] HPSBGN03572 rev.1 - HPE Performance Center, Remote User Validation Failure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05269356 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05269356 Version: 1 HPSBGN03572 rev.1 - HPE

ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability EMC Identifier: ESA-2016-108 CVE Identifier: CVE-2016-6644 Severity Rating: CVSS v3 Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected products: EMC Documentum D2

ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities EMC Identifier: ESA-2016-104 CVE Identifier: CVE-2016-0922, CVE-2016-6641, CVE-2016-6642, CVE-2016-6643 Severity Rating: CVSS v3 Base Score: See below for CVSSv3 scores for individual CVEs

[ANNOUNCE][CVE-2016-6802] Apache Shiro 1.3.2 released

The Shiro team is pleased to announce the release of Apache Shiro version 1.3.2. This security release contains 1 fix since the 1.3.1 release and is available for Download now [1]. CVE-2016-6802: Apache Shiro before 1.3.2, when using a non-root servlet context path, specifically

Multiple DoS vulnerabilities in libosip2-4.1.0

Antisip's libosip2 v4.1.0 is vulnerable to heap buffer overflows in the following functions while parsing SIP messages and leads to a DoS if glibc hardening is enabled. 1. *osip_body_to_str* 2. *_osip_message_to_str* All files for reproducing the issues have been filed in the bug tracker [1][2]

Open-Xchange Security Advisory 2016-09-13 (2)

Product: OX Guard Vendor: OX Software GmbH Internal reference: 47878 (Bug ID) Vulnerability type: Cross Site Scripting (CWE-80) Vulnerable version: 2.4.2 and earlier Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.4.0-rev11, 2.4.2-rev5

Open-Xchange Security Advisory 2016-09-13

Product: OX App Suite Vendor: OX Software GmbH Internal reference: 46484 (Bug ID) Vulnerability type: Cross Site Scripting (CWE-80) Vulnerable version: 7.8.2 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.2-rev46,