BugTraq Mode:
(Page 2 of 1693)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)
Apologies for the duplicate, this report has a correction over the previous version sent earlier.

#######################################################
CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell

Severity: moderate

Vendor:
The Apache Software Foundation

Versions Affec

[ more ]  [ reply ]
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)
############################################################
CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell

Severity: moderate

Vendor:
The Apache Software Foundation

Versions Affected:
ZooKeeper 3.4.0 to 3.4.8
ZooKeeper 3.5.0 to 3.5.2
The unsupported ZooKeeper 1.x through 3

[ more ]  [ reply ]
[slackware-security] curl (SSA:2016-259-01) 2016-09-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2016-259-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3669-1] tomcat7 security update 2016-09-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3669-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2016

[ more ]  [ reply ]
ESA-2016-094: RSA BSAFE® Micro Edition Suite Multiple Vulnerabilities 2016-09-15
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

EMC Identifier: ESA-2016-094

CVE Identifier: CVE-2016-0923, CVE-2016-0924

Affected Products:

? RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5

? RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.9

[ more ]  [ reply ]
Cisco EPC 3925 Multiple Vulnerabilities 2016-09-15
msg patrykbogdan com
# Title: Cisco EPC 3925 Multiple Vulnerabilities
# Vendor: http://www.cisco.com/
# Vulnerable Version(s): Cisco EPC3925 (EuroDocsis 3.0 2-PORT Voice Gateway)
# Date: 15.09.2016
# Author: Patryk Bogdan

========

Vulnerability list:
1. HTTP Response Injection via 'Lang' Cookie
2. DoS via 'Lang' Cook

[ more ]  [ reply ]
Insecure transmission of data in Android applications developed with Adobe AIR [CVE-2016-6936] 2016-09-14
research nightwatchcybersecurity com
Original at:
https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-tr
ansmission-of-data-in-android-applications-developed-with-adobe-air-cve-
2016-6936/

Summary

Android applications developed with Adobe AIR send data back to Adobe servers without HTTPS while running. This can allow

[ more ]  [ reply ]
APPLE-SA-2016-09-14-1 iOS 10.0.1 2016-09-14
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-14-1 iOS 10.0.1

iOS 10.0.1 is now available and addresses the following:

Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to disclose k

[ more ]  [ reply ]
[SECURITY] [DSA 3666-1] mysql-5.5 security update 2016-09-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3666-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 14, 2016

[ more ]  [ reply ]
[security bulletin] HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access Restriction Bypass 2016-09-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052577
11

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05257711
Version: 1

HPSBST03640 rev.1 - HP XP7 C

[ more ]  [ reply ]
[security bulletin] HPSBGN03572 rev.1 - HPE Performance Center, Remote User Validation Failure 2016-09-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052693
56

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05269356
Version: 1

HPSBGN03572 rev.1 - HPE Perf

[ more ]  [ reply ]
ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability 2016-09-13
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability

EMC Identifier: ESA-2016-108

CVE Identifier: CVE-2016-6644

Severity Rating: CVSS v3 Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected products:

EMC Documen

[ more ]  [ reply ]
ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities 2016-09-13
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities

EMC Identifier: ESA-2016-104

CVE Identifier: CVE-2016-0922, CVE-2016-6641, CVE-2016-6642, CVE-2016-6643

Severity Rating: CVSS v3 Base Score: See below for CVSSv3 scores for individual CVE

[ more ]  [ reply ]
[ANNOUNCE][CVE-2016-6802] Apache Shiro 1.3.2 released 2016-09-13
Brian Demers (bdemers apache org)
The Shiro team is pleased to announce the release of Apache Shiro version 1.3.2.

This security release contains 1 fix since the 1.3.1 release and is
available for Download now [1].

CVE-2016-6802:
Apache Shiro before 1.3.2, when using a non-root servlet context path,
specifically craft

[ more ]  [ reply ]
Multiple DoS vulnerabilities in libosip2-4.1.0 2016-09-13
bshastry sec t-labs tu-berlin de
Antisip's libosip2 v4.1.0 is vulnerable to heap buffer overflows in the following functions while parsing SIP messages and leads to a DoS if glibc hardening is enabled.
1. *osip_body_to_str*
2. *_osip_message_to_str*

All files for reproducing the issues have been filed in the bug tracker [1][2] and

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-09-13 (2) 2016-09-13
Martin Heiland (martin heiland lists open-xchange com)
Product: OX Guard
Vendor: OX Software GmbH

Internal reference: 47878 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 2.4.2 and earlier
Vulnerable component: guard
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.4.0-rev11, 2.4.2-rev5
Rese

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-09-13 2016-09-13
Martin Heiland (martin heiland lists open-xchange com)
Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 46484 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.8.2 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev46, 7.6.3-re

[ more ]  [ reply ]
AST-2016-007: RTP Resource Exhaustion 2016-09-08
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2016-007

Product Asterisk
Summary RTP Resource Exhaustion
Nature of Advisory Denial of Service

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-252-01) 2016-09-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-252-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1948

Release Date:
=============
2016-09-08

Vulnerability Laboratory ID (VL-ID):
====================

[ more ]  [ reply ]
Picosmos Shows v1.6.0 - Stack Buffer Overflow Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Picosmos Shows v1.6.0 - Stack Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1936

Release Date:
=============
2016-09-05

Vulnerability Laboratory ID (VL-ID):
==================================

[ more ]  [ reply ]
CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability 2016-09-07
Dawid Golunski (dawid legalhackers com)
Vulnerability: Adobe ColdFusion <= 11 XXE Injection
CVE: CVE-2016-4264
Vendor ID: APSB16-30
Discovered by: Dawid Golunski (http://legalhackers.com)

Adobe ColdFusion in versions 11 and below is vulnerable to XXE
Injection when processing untrusted office documents.

Depending on a web application's

[ more ]  [ reply ]
CVE-2016-6920 ffmpeg exr file Heap Overflow 2016-09-07
unlimitsec gmail com
=======

Product: ffmpeg
Affected Versions: <= 3.1.2
Vulnerability Type: Heap Overflow
Security Risk: High
Credit: Yaoguang Chen of Aliapy unLimit Security Team

Introduction
============

$ ffmpeg_debug_312/bin/ffmpeg -i tiled_with_deeptile_type.exr -y xx.png
ffmpeg version 3.1.2 Copyright (c) 20

[ more ]  [ reply ]
Infoblox Cross-site scripting vulnerabilities 2016-09-06
alex_haynes outlook com
Exploit Title: Infoblox Cross-site scripting vulnerabilities
Product: Infoblox Network Automation
Vulnerable Versions: 7.0.1 and all previous versions
Tested Version: 6.9.2
Advisory Publication: 06/09/2016
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: NONE
Credit: Alex Haynes

Ad

[ more ]  [ reply ]
[CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting 2016-09-06
alex_haynes outlook com
Exploit Title: [CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting vulnerability
Product: Infoblox Network Automation
Vulnerable Versions: 7.0.1 and all previous versions
Tested Version: 6.9.2
Advisory Publication: 06/09/2016
Vulnerability Type: [CWE-113:] Improper Neutraliz

[ more ]  [ reply ]
[SECURITY] [DSA 3661-1] charybdis security update 2016-09-06
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3661-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 06, 2016

[ more ]  [ reply ]
Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation 2016-09-04
ZeroDay (zeroday contextis co uk)
Title: Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation
Affected Software: BMC BladeLogic Server Automation for Linux <= 8.7
CVSSv2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Reference: CVE-

[ more ]  [ reply ]
[SECURITY] [DSA 3659-1] linux security update 2016-09-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3659-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 04, 2016

[ more ]  [ reply ]
Google Nexus 5X Bootloader Unauthorized Memory Dumping via USB 2016-09-04
Roee Hay (roeehay gmail com)
Vulnerable versions:
================
Android 6.0.0 MDA89E through 6.0.1 MMB29V (bootloaders bhz10i/k)

Non-vulnerable versions:
====================
Android 6.0.1 MHC19J (bootloader bhz10m) and above.

Details:
======
The attacker reboots the phone into the 'fastboot' mode. A physical
attacker can

[ more ]  [ reply ]
FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability 2016-09-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1935

Release Date:
=============
2016-09-01

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
(Page 2 of 1693)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus