BugTraq Mode:
(Page 1 of 1693)  1 2 3 4 5 6 7 8 9 10 11  Next >
ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability 2016-09-23
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability

EMC Identifier: EMC-2016-097

CVE Identifier: CVE-2016-0918

Severity Rating: CVSS v3 Base Score: 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

[ more ]  [ reply ]
Recon Europe 2017 Call For Papers - January 27 - 29, 2017 - Brussels, Belgium 2016-09-22
cfpbrussels2017 recon cx

` . R E C O N * B R U S S E L S .
. . C F P ' .
' https://recon.cx
. 27 - 29 January 2017 . .
. ' Brussels, Belgium .

[ more ]  [ reply ]
[SECURITY] [DSA 3674-1] firefox-esr security update 2016-09-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3674-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 22, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3673-1] openssl security update 2016-09-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3673-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 22, 2016

[ more ]  [ reply ]
Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK 2016-09-22
Jamie R (jamie riden gmail com)
BT Wifi Extenders - 300, 600 and 1200 models - Cross Site Scripting
leading to disclosure of PSK.

A firmware update is required to resolve this issue.

The essential problem is that if you hit the following URL on your
wifi extender, it will pop up a whole load of private data, including
your PSK.

[ more ]  [ reply ]
IE11 is not following CORS specification for local files 2016-09-22
Ricardo Iramar dos Santos (riramar gmail com)
IE11 is not following CORS specification for local files like Chrome
and Firefox.
I've contacted Microsoft and they say this is not a security issue so
I'm sharing it.
From my tests IE11 is not following CORS specifications for local
files as supposed to be.
In order to prove I've created a maliciou

[ more ]  [ reply ]
[slackware-security] irssi (SSA:2016-265-03) 2016-09-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] irssi (SSA:2016-265-03)

New irssi packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+-------------------------

[ more ]  [ reply ]
[security bulletin] HPSBHF03646 rev.1 - HPE Comware 7 (CW7) Network Products running NTP, Multiple Remote Vulnerabilities 2016-09-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052708
39

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05270839
Version: 1

HPSBHF03646 rev.1 - HPE Comw

[ more ]  [ reply ]
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla 2016-09-21
Larry W. Cashdollar (larry0 me com)

Title: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
Author: Larry W. Cashdollar, @_larry0
Date: 2016-09-15
Download Site: http://huge-it.com/joomla-video-gallery/
Vendor: www.huge-it.com, fixed v1.1.0
Vendor Notified: 2016-09-17
Vendor Contact: info (at) huge-it (dot) com [email concealed]
Descripti

[ more ]  [ reply ]
[security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access 2016-09-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052735
84

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05273584
Version: 2

HPSBGN03645 rev.2 - HPE Heli

[ more ]  [ reply ]
[slackware-security] pidgin (SSA:2016-265-01) 2016-09-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] pidgin (SSA:2016-265-01)

New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+-----------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3672-1] irssi security update 2016-09-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3672-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 21, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability 2016-09-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160921-csp2100-2

Revision 1.0

Published: 2016 September 21 16:00 GMT
+-----------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability 2016-09-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability

Advisory ID: cisco-sa-20160921-csp2100-1

Revision 1.0

Published: 2016 September 21 16:00 GMT
+------------------------------------------------------------

[ more ]  [ reply ]
APPLE-SA-2016-09-20-6 tvOS 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-6 tvOS 10

The tvOS 10 advisory has been released to describe the entries below:

Audio
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue

[ more ]  [ reply ]
APPLE-SA-2016-09-20-5 watchOS 3 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-5 watchOS 3

The watchOS 3 advisory has been updated to include additional entries
as noted below.

Audio
Available for: All Apple Watch models
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory c

[ more ]  [ reply ]
APPLE-SA-2016-09-20-4 macOS Server 5.2 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-4 macOS Server 5.2

macOS Server 5.2 is now available and addresses the following:

apache
Available for: macOS 10.12 Sierra
Impact: A remote attacker may be able to proxy traffic through an
arbitrary server
Description: An issue

[ more ]  [ reply ]
APPLE-SA-2016-09-20-3 iOS 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-3 iOS 10

The iOS 10 advisory has been updated to include additional entries as
noted below.

AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A

[ more ]  [ reply ]
APPLE-SA-2016-09-20-2 Safari 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-2 Safari 10

Safari 10 is now available and addresses the following:

Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Enabling the Safari Reader feature on a maliciousl

[ more ]  [ reply ]
ESA-2016-093: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability 2016-09-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-093: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2016-093

CVE Identifier: CVE-2016-0925

Severity Rating: CVSS v3 Score: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

[ more ]  [ reply ]
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2016-09-19
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

EMC Identifier: ESA-2016-096

CVE Identifier: CVE-2016-0917

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affec

[ more ]  [ reply ]
ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities 2016-09-19
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities

EMC Identifier: ESA-2016-065

CVE Identifier: CVE-2016-0903, CVE-2016-0904, CVE-2016-0905, CVE-2016-0920, CVE-2016-0921

Severity Rating: See below for indi

[ more ]  [ reply ]
Call for Papers - WorldCIST'17 - 5th World Conference on Information Systems and Technologies (Published by Springer) 2016-09-18
ML (marialemos72 gmail com)
*
** Apologize if you receive multiple copies of this email, or if its content is irrelevant for you.
*
** Please forward for your contacts. Thank you very much!
*

---------
WorldCIST'17 - 5th World Conference on Information Systems and Technologies
Porto santo Isalnd, Madeira, Portugal
11th-13th

[ more ]  [ reply ]
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)
Apologies for the duplicate, this report has a correction over the previous version sent earlier.

#######################################################
CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell

Severity: moderate

Vendor:
The Apache Software Foundation

Versions Affec

[ more ]  [ reply ]
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)
############################################################
CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell

Severity: moderate

Vendor:
The Apache Software Foundation

Versions Affected:
ZooKeeper 3.4.0 to 3.4.8
ZooKeeper 3.5.0 to 3.5.2
The unsupported ZooKeeper 1.x through 3

[ more ]  [ reply ]
[slackware-security] curl (SSA:2016-259-01) 2016-09-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2016-259-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3669-1] tomcat7 security update 2016-09-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3669-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2016

[ more ]  [ reply ]
ESA-2016-094: RSA BSAFE® Micro Edition Suite Multiple Vulnerabilities 2016-09-15
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

EMC Identifier: ESA-2016-094

CVE Identifier: CVE-2016-0923, CVE-2016-0924

Affected Products:

? RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5

? RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.9

[ more ]  [ reply ]
Cisco EPC 3925 Multiple Vulnerabilities 2016-09-15
msg patrykbogdan com
# Title: Cisco EPC 3925 Multiple Vulnerabilities
# Vendor: http://www.cisco.com/
# Vulnerable Version(s): Cisco EPC3925 (EuroDocsis 3.0 2-PORT Voice Gateway)
# Date: 15.09.2016
# Author: Patryk Bogdan

========

Vulnerability list:
1. HTTP Response Injection via 'Lang' Cookie
2. DoS via 'Lang' Cook

[ more ]  [ reply ]
Insecure transmission of data in Android applications developed with Adobe AIR [CVE-2016-6936] 2016-09-14
research nightwatchcybersecurity com
Original at:
https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-tr
ansmission-of-data-in-android-applications-developed-with-adobe-air-cve-
2016-6936/

Summary

Android applications developed with Adobe AIR send data back to Adobe servers without HTTPS while running. This can allow

[ more ]  [ reply ]
(Page 1 of 1693)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus