BugTraq Mode:
(Page 12 of 1715)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5

iTunes for Windows 12.5.5 is now available and addresses the
following:

WebKit
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corru

[ more ]  [ reply ]
APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1

iCloud for Windows 6.1.1 is now available and addresses the
following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution

[ more ]  [ reply ]
APPLE-SA-2017-01-23-2 macOS 10.12.3 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-2 macOS 10.12.3

macOS 10.12.3 is now available and addresses the following:

apache_mod_php
Available for: macOS Sierra 10.12.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP
version

[ more ]  [ reply ]
APPLE-SA-2017-01-23-5 Safari 10.0.3 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-5 Safari 10.0.3

Safari 10.0.3 is now available and addresses the following:

Safari
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.3
Impact: Visiting a malicious website may lead to addres

[ more ]  [ reply ]
APPLE-SA-2017-01-23-4 tvOS 10.1.1 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-4 tvOS 10.1.1

tvOS 10.1.1 is now available and addresses the following:

Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer ov

[ more ]  [ reply ]
APPLE-SA-2017-01-23-3 watchOS 3.1.3 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-3 watchOS 3.1.3

watchOS 3.1.3 is now available and addresses the following:

Accounts
Available for: All Apple Watch models
Impact: Uninstalling an app did not reset the authorization settings
Description: An issue existed which

[ more ]  [ reply ]
APPLE-SA-2017-01-23-1 iOS 10.2.1 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-1 iOS 10.2.1

iOS 10.2.1 is now available and addresses the following:

Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Wa

[ more ]  [ reply ]
ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability 2017-01-23
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2016-150

CVE Identifier: CVE-2016-8215

Severity Rating: CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Produ

[ more ]  [ reply ]
ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability 2017-01-23
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

EMC Identifier: ESA-2016-146

CVE Identifier: CVE-2016-8214

Severity Rating: CVSSv3 Base Score: 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affe

[ more ]  [ reply ]
Microsoft Remote Desktop Client for Mac Remote Code Execution - Update 2017-01-23
Filippo Cavallarin (filippo cavallarin wearesegment com)

Advisory ID: SGMA16-004
Title: Microsoft Remote Desktop Client for Mac Remote Code Execution
Product: Microsoft Remote Desktop Client for Mac
Version: 8.0.36 and probably prior
Vendor: www.microsoft.com
Type: Arbi

[ more ]  [ reply ]
[SECURITY] [DSA 3770-1] mariadb-10.0 security update 2017-01-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3770-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 22, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3769-1] libphp-swiftmailer security update 2017-01-22
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3769-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 22, 2017

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution 2017-01-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers of "Pelle's C",
<http://smorgasbordet.com/pellesc/800/setup64.exe> and,
<http://smorgasbordet.com/pellesc/800/setup.exe>, available
from <http://smorgasbordet.com/pellesc/index.htm>, are vulnerable
to DLL hijacking: they load (tested on Windows 7) at least the
foll

[ more ]  [ reply ]
NTOPNG Web Interface v2.4 CSRF Token Bypass 2017-01-21
apparitionsec gmail com (hyp3rlinx)
[+]#####################################################################
################
[+] Credits / Discovery: John Page AKA Hyp3rlinX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/NTOPNG-CSRF-TOKEN-BYPASS.txt
[+] ISR: ApparitionSEC
[+]############

[ more ]  [ reply ]
[SECURITY] [DSA 3767-1] mysql-5.5 security update 2017-01-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3767-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 19, 2017

[ more ]  [ reply ]
Novel Contributions to the field - How I broke MySQL's code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day 2017-01-19
Nicholas Lemonias. (lem nikolas googlemail com)
************************************************************************
************
*
*
* Copyright (c) 2017, Advanced Information Security Corp / Oracle Inc. *
*
*
*

[ more ]  [ reply ]
Novel Contributions to the Field - How I broke MySQL's codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day 2017-01-18
lem nikolas gmail com
**************************************************
(c) 2017 Advanced Information Security Corporation and Oracle Inc.

**************************************************

Author: Nicholas Lemonias
Date: 17/01/2017

MySQL Remote 0day / Remote Buffer Overflows in 'NDBAPI' Cluster

Full report

[ more ]  [ reply ]
[RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection 2017-01-18
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Mattermost
Vendor URL: www.mattermost.org
Type: Cross-site Scripting [CWE-79]
Date found: 02/12/2016
Date published: 16/01/2017
CVSSv3 Score: 4.7 (CVSS:3.0/AV:N/AC:

[ more ]  [ reply ]
[security bulletin] HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities 2017-01-18
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053769
17

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05376917

Version: 1

HPSBMU03685 rev.1

[ more ]  [ reply ]
ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability 2017-01-18
EMC Product Security Response Center (Security_Alert emc com)

----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability

EMC Identifier: ESA-2016-161

CVE Identifier: CVE-2016-9870

Severity Rating: CVSS v3 Base Score: 6.0 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

Affected products:

? EMC Isilon

[ more ]  [ reply ]
ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability 2017-01-18
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2016-143

CVE Identifier: CVE-2016-8213

Severity Rating: CVSS v3 Base Score: 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)

Affected p

[ more ]  [ reply ]
[SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue 2017-01-16
Joe Witt (joewitt apache org)
CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
Apache NiFi 1.0.0
Apache NiFi 1.1.0

Description: There is a cross-site scripting vulnerability in
connection details dialog when accessed by an

[ more ]  [ reply ]
[SECURITY] [DSA 3765-1] icoutils security update 2017-01-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3765-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 14, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3743-2] python-bottle regression update 2017-01-15
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3743-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 15, 2017

[ more ]  [ reply ]
[security bulletin] HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click Jacking 2017-01-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053701
00

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05370100

Version: 1

HPSBGN03689 rev.1

[ more ]  [ reply ]
[security bulletin] HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities 2017-01-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053332
97

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05333297

Version: 2

HPSBST03671 rev.2

[ more ]  [ reply ]
[SECURITY] [DSA 3764-1] pdns security update 2017-01-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3764-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2017

[ more ]  [ reply ]
[security bulletin] HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information 2017-01-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053694
03

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05369403

Version: 1

HPSBGN03694 rev.1

[ more ]  [ reply ]
ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers) 2017-01-12
Fernando Gont (fgont si6networks com)
Folks,

I'm curious about whether folks are filtering ICMPv6 PTB<1280
and/or IPv6 fragments targeted to BGP routers (off-list datapoints are
welcome).

In any case, you mind find it worth reading to check if you're affected
(from Section 2 of recently-published RFC8021):

---- cut here ----
The s

[ more ]  [ reply ]
[SECURITY] [DSA 3760-1] ikiwiki security update 2017-01-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3760-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 12, 2017

[ more ]  [ reply ]
(Page 12 of 1715)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus