by DAN

XOIL.X XLE XOIL.X XLE OIH XOP CVX XOM XOIL.X

I want to look at energy today, oil. This ( XOIL-X ) is finding a bottom. It’s really, really trying hard to find a bottom. I remember way, way, way back in the day, back here, it was actually above $80.00. Dennis Gartman was talking about oil being $10.00 a barrel. Now he was making that forecast for other reasons, but the bottom line is, this guy could turn out to be right on this. It may take a while, but you just don’t want to be there. Don’t be trying to “bottom feed,” “bottom fish,” whatever. Don’t try to pick the bottom in oil; it’s not going to work out.

You look at these energy stocks ( NYSEARCA:XLE ); you could say, “Oh, well this is an oversold bounce.” Sure it is. Where’s the bounce? It’s just the oversold. Well this may be worth a look down here, $60.00. Well, sure, I guess; but look at these, keep an eye on these. Now watch what happens ( XOIL-X ), this was a much higher low than this ( NYSEARCA:XLE ). But we didn’t get much of a rally here. I was looking for more. But one thing, when I look for something and I don’t see it, I move on. I don’t assume that it’s there.

This is not there ( ( XOIL-X ) ). You don’t want to be here. Here ( NYSEARCA:OIH ), the same thing; Oil Services Exploration and Production ( NYSEARCA:XOP ). I don’t want to explore or produce here, I just want to get out. Oversold bounce? Sure, perhaps at 32.00. But is this your buying opportunity? I don’t think so. Look at this massive liquidation. This is not Manny, Moe, and Jack, or Jethro and Billy Bob, unloading. This is some pretty significant distribution, it’s institutional distribution. Don’t be the one to take the other side of their trade, that’s not going to work out. Chevron ( NYSE:CVX ), drifting back below the 50-day moving average; that’s not going to work.

Finally, Exxon Mobil ( NYSE:XOM ), that’s not going to work either. What a difference a week makes. This back here, look, 3.7 percent dividend. The stock is at what price? Basically $82.00. Right? So this is sure looking bullish to me. Well now, from 82.00 down to 76.00, it’s 6.21 percent down. Suddenly that 3.7 percent dividend yield that was so enticing the other day, last week, is not so enticing now. So the bottom line is, we saw a nice move in energy. It sure looked like things were going to move higher ( XOIL-X ). They didn’t. They’re not. I don’t get to make the rules, I just get to follow them. But what I’m suggesting to you is, this is an area that you DON’T want to be in right now. Just stay away. Frankly there aren’t a lot of places to hide.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology(NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit theNVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
cisco -- ios_xe	Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130.	2015-12-02	7.2	CVE-2015-6383 CISCO(link is external)
cisco -- ios	The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID CSCux14943.	2015-12-01	7.2	CVE-2015-6385 CISCO(link is external)
cyrus -- imap	The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.	2015-12-03	7.5	CVE-2015-8076 CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) MLIST(link is external) MLIST(link is external) MLIST(link is external) SUSE SUSE
cyrus -- imap	Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.	2015-12-03	7.5	CVE-2015-8077 MLIST(link is external) CONFIRM(link is external) CONFIRM(link is external) MLIST(link is external) MLIST(link is external) SUSE
cyrus -- imap	Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.	2015-12-03	7.5	CVE-2015-8078 CONFIRM(link is external) CONFIRM(link is external) MLIST(link is external) SUSE
debian -- debian_linux	The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.	2015-12-03	7.5	CVE-2015-0859 DEBIAN
debian -- dpkg	Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.	2015-12-03	7.5	CVE-2015-0860 CONFIRM MISC CONFIRM UBUNTU(link is external) DEBIAN
mcafee -- mcafee_enterprise_security_manager	McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP\|NGCP\|NGCP;" and any password.	2015-12-02	9.3	CVE-2015-8024 CONFIRM(link is external) MISC(link is external)
pcre -- perl_compatible_regular_expression_library	PCRE before 8.36 mishandles the /(((a\2)\|(a)\g<-1>))/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	7.5	CVE-2015-2327 CONFIRM CONFIRM MLIST(link is external) MISC(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	PCRE before 8.36 mishandles the /((?(R)a\|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	7.5	CVE-2015-2328 CONFIRM CONFIRM MLIST(link is external) MISC(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	7.5	CVE-2015-8380 CONFIRM MISC MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?\|(:(?\|(?'R')(\k'R')\|((?'R')))H'Rk'Rf)\|s(?'R'))))/ and /(?J:(?\|(:(?\|(?'R')(\z(?\|(?'R')(\k'R')\|((?'R')))k'R')\|((?'R')))H'Ak'Rf)\|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	7.5	CVE-2015-8381 CONFIRM CONFIRM MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	7.5	CVE-2015-8383 MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.	2015-12-01	7.5	CVE-2015-8384 MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	PCRE before 8.38 mishandles the /(?\|(\k'Pm')\|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	7.5	CVE-2015-8385 MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	7.5	CVE-2015-8386 MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	7.5	CVE-2015-8387 MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	PCRE before 8.38 mishandles the /(?=di(?<=(?1))\|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	7.5	CVE-2015-8388 MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	PCRE before 8.38 mishandles the /(?:\|a\|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	7.5	CVE-2015-8389 MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	7.5	CVE-2015-8390 MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	9.0	CVE-2015-8391 MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	PCRE before 8.38 mishandles certain instances of the (?\| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.	2015-12-01	7.5	CVE-2015-8392 MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	2015-12-01	7.5	CVE-2015-8394 MLIST(link is external) CONFIRM
pcre -- perl_compatible_regular_expression_library	PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.	2015-12-01	7.5	CVE-2015-8395 MLIST(link is external) CONFIRM
siemens -- simatic_cp_343-1_firmware	Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean devices, CP 343-1 devices, TIM 3V-IE devices, TIM 3V-IE Advanced devices, TIM 3V-IE DNP3 devices, TIM 4R-IE devices, TIM 4R-IE DNP3 devices, CP 443-1 devices, and CP 443-1 Advanced devices might allow remote attackers to obtain administrative access via a session on TCP port 102.	2015-11-27	9.7	CVE-2015-8214 CONFIRM(link is external)

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
cisco -- web_security_appliance	The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150.	2015-12-01	5.0	CVE-2015-6386 CISCO(link is external)
cisco -- unity_connection	Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741.	2015-12-02	4.3	CVE-2015-6390 CISCO(link is external)
pcre -- perl_compatible_regular_expression_library	The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))\|(((?:(?:(?:(?:abc\|(?:abcdef))))b)abcdefghi)abc)\|((ACCEPT)))/ pattern and related patterns involving (ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.	2015-12-01	6.4	CVE-2015-8382 CONFIRM(link is external) CONFIRM MLIST(link is external) MLIST(link is external) CONFIRM CONFIRM CONFIRM(link is external)
pcre -- perl_compatible_regular_expression_library	pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.	2015-12-01	5.0	CVE-2015-8393 MLIST(link is external) CONFIRM
redhat -- ceph	CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.	2015-12-03	4.3	CVE-2015-5245 REDHAT(link is external) CONFIRM(link is external) MLIST(link is external)

Eagle Business Solutions Blog

Sunday, December 13, 2015

Source: Trade Deficit Forecast-Kiplinger

Source: Retail Sales & Consumer Spending Forecast-Kiplinger

Source: Business Spending Forecast-Kiplinger

Source: Interest Rate Forecast-Kiplinger

Tuesday, December 8, 2015

Source: StockMarketMentor.com - Here is the lowdown on energy. (December 07, 2015)

by DAN

Monday, December 7, 2015

Source: Vulnerability Summary for the Week of November 30, 2015 | US-CERT

High Vulnerabilities

Medium Vulnerabilities

BookMark