BugTraq Mode:
(Page 10 of 1710)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free 2016-12-13
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the thirty-first entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161213001.html. There you can find a repro
that triggered th

[ more ]  [ reply ]
APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-7 Additional information for
APPLE-SA-2016-12-12-2 watchOS 3.1.1

watchOS 3.1.1 addresses the following:

Accounts
Available for: All Apple Watch models
Impact: An issue existed which did not reset the authorization
settings on ap

[ more ]  [ reply ]
APPLE-SA-2016-12-13-8 Transporter 1.9.2 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-8 Transporter 1.9.2

Transporter 1.9.2 is now available and addresses the following:

iTMSTransporter
Available for: iTunes Producer 3.1.1, OS X v10.6 and later (64 bit),
Windows 7 and later (32 bit), and Red Hat Enterprise Linux (

[ more ]  [ reply ]
APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-5 Additional information for
APPLE-SA-2016-12-12-1 iOS 10.2

iOS 10.2 addresses the following:

Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby u

[ more ]  [ reply ]
APPLE-SA-2016-12-13-2 Safari 10.0.2 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-2 Safari 10.0.2

Safari 10.0.2 is now available and addresses the following:

Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Enabling the Safari Reader feature on a

[ more ]  [ reply ]
APPLE-SA-2016-12-13-3 iTunes 12.5.4 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-3 iTunes 12.5.4

iTunes 12.5.4 is now available and addresses the following:

WebKit
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addres

[ more ]  [ reply ]
[slackware-security] kernel (SSA:2016-347-01) 2016-12-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kernel (SSA:2016-347-01)

New kernel packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-347-03) 2016-12-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-347-03)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
Apple iOS/tvOS/watchOS Remote memory corruption through certificate 2016-12-12
submit cxsec org
Apple iOS/tvOS/watchOS Remote memory corruption through certificate file
Source:
https://cxsecurity.com/issue/WLB-2016110046

------------------------------------------------------------------------
--------------
0. Short description
Special crafted certificate file may lead to memory corruption of

[ more ]  [ reply ]
APPLE-SA-2016-12-12-2 watchOS 3.1.1 2016-12-12
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-12-2 watchOS 3.1.1

watchOS 3.1.1 is now available and addresses the following:

Accounts
Available for: All Apple Watch models
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: Thi

[ more ]  [ reply ]
APPLE-SA-2016-12-12-3 tvOS 10.1 2016-12-12
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-12-3 tvOS 10.1

tvOS 10.1 is now available and addresses the following:

Profiles
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory c

[ more ]  [ reply ]
APPLE-SA-2016-12-12-1 iOS 10.2 2016-12-12
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-12-1 iOS 10.2

iOS 10.2 is now available and addresses the following:

Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby user may be able to overhear

[ more ]  [ reply ]
[SECURITY] CVE-2016-8745 Apache Tomcat Information Disclosure 2016-12-12
Mark Thomas (markt apache org)
CVE-2016-8745 Apache Tomcat Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M13
Apache Tomcat 8.5.0 to 8.5.8
Earlier versions are not affected.

Description
The refactoring of the Connector code for 8.5.x onwards

[ more ]  [ reply ]
[SECURITY] [DSA 3730-1] icedove security update 2016-12-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3730-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 11, 2016

[ more ]  [ reply ]
MSIE 9 MSHTML CElement::Has­Flag memory corruption 2016-12-09
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the twenty-ninth entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161209001.html. There you can find a repro
that triggered th

[ more ]  [ reply ]
Symantec VIP Access Desktop Arbitrary DLL Execution 2016-12-09
apparitionsec gmail com - hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-VIP-ACCESS-ARBITRARY
-DLL-EXECUTION.txt

[+] ISR: ApparitionSec

Vendor:
================
www.symantec.com

Product:
===================
Symantec VIP Acce

[ more ]  [ reply ]
AST-2016-009: <br> 2016-12-08
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - ASTERISK-2016-009

Product Asterisk
Summary
Nature of Advisory Authentication Bypass
Susceptibility Remote unauthenticated s

[ more ]  [ reply ]
AST-2016-008: Crash on SDP offer or answer from endpoint using Opus 2016-12-08
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2016-008

Product Asterisk
Summary Crash on SDP offer or answer from endpoint using
Opus

[ more ]  [ reply ]
CVE-2013-1306: MSIE 9 MSHTML CDisp­Node::Insert­Sibling­Node use-after-free details 2016-12-08
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the twenty-eighth entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161208001.html. There you can find a repro
that triggered t

[ more ]  [ reply ]
[security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information 2016-12-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053494
99

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05349499

Version: 1

HPSBHF03674 rev.1

[ more ]  [ reply ]
Microsoft Remote Desktop Client for Mac Remote Code Execution 2016-12-07
Filippo Cavallarin (filippo cavallarin wearesegment com)

Advisory ID: SGMA16-004
Title: Microsoft Remote Desktop Client for Mac Remote Code Execution
Product: Microsoft Remote Desktop Client for Mac
Version: 8.0.36 and probably prior
Vendor: www.microsoft.com
Vulnerability type: Undisclosed
Risk level: 4 / 5
Credit: filippo.cavallarin (at) wearesegment (dot) com [email concealed]
CV

[ more ]  [ reply ]
[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security 2016-12-07
ESNC Security (secure esnc de)
[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for
SAP Security

Please refer to https://www.esnc.de for the original security
advisory, updates, and additional information.

----------------------------------------------------------------------
1. Business Impact
---------------

[ more ]  [ reply ]
CVE-2015-1730: MSIE jscript9 Java­Script­Stack­Walker memory corruption details and PoC 2016-12-06
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found in web-browsers that I had not released before. I will try to
continue to publish all my old vulnerabilities, including those not in
web-browser, as long as I can find some time to do so. If you find this
information useful,

[ more ]  [ reply ]
Re: CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption 2016-12-06
Berend-Jan Wever (berendj nwever nl)
FYI: this link to my blog was 404 until early this morning. It is now up
if you are still interested in reading it.

On 05-12-2016 11:55, Berend-Jan Wever wrote:
> Since November I have been releasing details on all vulnerabilities I
> found in web-browsers that I had not released before. I will try

[ more ]  [ reply ]
CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used 2016-12-05
Eissing Stefan (stefan eissing gmail com)
Security Advisory - Apache Software Foundation
Apache HTTPD WebServer / httpd.apache.org

Server memory can be exhausted and service denied when HTTP/2 is used

CVE-2016-8740

The Apache HTTPD web server (from 2.4.17-2.4.23) did not apply limitations
on

[ more ]  [ reply ]
Microsoft MSINFO32.EXE ".NFO" Files XML External Entity 2016-12-04
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-MSINFO32-XXE-FILE-E
XFILTRATION.txt

[+] ISR: ApparitionSec

Vendor:
=================
www.microsoft.com

Product:
==========================
Windows Sys

[ more ]  [ reply ]
Microsoft Windows Media Center "ehshell.exe" XML External Entity 2016-12-04
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MEDIA-CENTE
R-XXE-FILE-DISCLOSURE.txt

[+] ISR: ApparitionSec

Vendor:
==================
www.microsoft.com

Product:
===========================

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-336-01) 2016-12-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-336-01)

New mozilla-firefox packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
pa

[ more ]  [ reply ]
[security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection 2016-11-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247
59

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05324759

Version: 3

HPSBUX03665 rev.3

[ more ]  [ reply ]
[security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege 2016-11-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053475
41

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05347541

Version: 1

HPSBGN03680 rev.1

[ more ]  [ reply ]
(Page 10 of 1710)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus