BugTraq Mode:
(Page 9 of 1653)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
[security bulletin] HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches, Remote Denial of Service (DoS), Unauthorized Access. 2015-12-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04779492

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04779492
Version: 1

HPSBHF03419 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03526 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, Unauthorized Modification 2015-12-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04926463

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04926463
Version: 1

HPSBGN03526 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03527 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass 2015-12-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04926482

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04926482
Version: 1

HPSBGN03527 r

[ more ]  [ reply ]
[SECURITY] [DSA 3429-1] foomatic-filters security update 2015-12-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3429-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 21, 2015

[ more ]  [ reply ]
ESA-2015-177: RSA SecurID(r) Web Agent Authentication Bypass Vulnerability 2015-12-21
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-177: RSA SecurID® Web Agent Authentication Bypass Vulnerability

EMC Identifier: ESA-2015-177

CVE Identifier: CVE-2015-6851

Severity Rating: 6.6 (AV:L/AC:L/Au:N/C:C/I:C/A:N)

Affected Products:

- RSA SecurID® Web Agent version

[ more ]  [ reply ]
giflib: heap overflow in giffix (CVE-2015-7555) 2015-12-21
Hans Jerry Illikainen (hji dyntopia com)

About
=====

giflib[1] is a library for working with GIF images. It also provides
several command-line utilities.

CVE-2015-7555
=============

A heap overflow may occur in the giffix utility included in giflib-5.1.1
when processing records of the type `IMAGE_DESC_RECORD_TYPE' due to the
allocate

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege 2015-12-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installer [°] of ESET's NOD32 antivirus,
eset_nod32_antivirus_live_installer_.exe, loads and executes
(at least) the rogue/bogus/malicious Cabinet.dll and DbgHelp.dll
eventually found in the directory it is started from ['] (the
"application directory").

For software downloa

[ more ]  [ reply ]
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies 2015-12-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in <http://seclists.org/fulldisclosure/2015/Nov/101> I showed
general mitigations for DLL hijacking via runtime dependencies
(<https://msdn.microsoft.com/en-us/library/ms685090.aspx>).

DLL hijacking is but also possible via load-time dependencies
(<https://msdn.microsoft.com/en-us/library/

[ more ]  [ reply ]
KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password 2015-12-18
KoreLogic Disclosures (disclosures korelogic com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password

Title: Seagate GoFlex Satellite Remote Telnet Default Password
Advisory ID: KL-001-2015-007
Publication Date: 2015.12.18
Publication URL: https://www.korelogic.com/Resources/Ad

[ more ]  [ reply ]
[SECURITY] [DSA 3427-1] blueman security update 2015-12-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3427-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 18, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3428-1] tomcat8 security update 2015-12-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3428-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 18, 2015

[ more ]  [ reply ]
KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address 2015-12-18
KoreLogic Disclosures (disclosures korelogic com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address

Title: Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address
Advisory ID: KL-001-2015-008
Publication Date: 2015.12.18
Publication URL

[ more ]  [ reply ]
[slackware-security] grub (SSA:2015-351-01) 2015-12-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] grub (SSA:2015-351-01)

New grub packages are available for Slackware 14.1 and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/grub-2.00-i48

[ more ]  [ reply ]
[slackware-security] libpng (SSA:2015-351-02) 2015-12-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libpng (SSA:2015-351-02)

New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege 2015-12-18
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

avira_registry_cleaner_en.exe, available from
<https://www.avira.com/en/download/product/avira-registry-cleaner>
to clean up remnants the uninstallers of their snakeoil products
fail to remove, is vulnerable: it loads and executes WTSAPI32.dll,
UXTheme.dll and RichEd20.dll from its applicat

[ more ]  [ reply ]
[SECURITY] [DSA 3426-1] linux security update 2015-12-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3426-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 17, 2015

[ more ]  [ reply ]
ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability 2015-12-17
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability

EMC Identifier: ESA-2015-148

CVE Identifier: CVE-2015-4545

Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Affected products:

? EMC Isilon

[ more ]  [ reply ]
[oCERT 2015-011] PyAMF input sanitization errors (XXE) 2015-12-17
Daniele Bianco (danbia ocert org)

#2015-011 PyAMF input sanitization errors (XXE)

Description:

PyAMF is a Python module that implements the Action Message Format (AMF)
protocol, allowing Flash interoperation with various web frameworks.

PyAMF suffers from insufficient AMF input payload sanitization which
results in the XML parse

[ more ]  [ reply ]
[SECURITY] [DSA 3425-1] tryton-server security update 2015-12-17
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3425-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 17, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3425-1] tryton-server security update 2015-12-17
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3425-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 17, 2015

[ more ]  [ reply ]
CVE-2015-5348 - Apache Camel medium disclosure vulnerability 2015-12-17
Claus Ibsen (claus ibsen gmail com)
Apache Camel's Jetty/Servlet usage is vulnerable to Java object
de-serialisation vulnerability

If using camel-jetty, or camel-servlet as a consumer in Camel routes,
then Camel will automatic de-serialize HTTP requests that uses the
content-header: application/x-java-serialized-object.

Please study

[ more ]  [ reply ]
[SECURITY] [DSA 3337-2] gdk-pixbuf security update 2015-12-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3337-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 17, 2015

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2015-349-03) 2015-12-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2015-349-03)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 3424-1] subversion security update 2015-12-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3424-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 16, 2015

[ more ]  [ reply ]
[security bulletin] HPSBHF03528 rev.1 - HP Network Products running VCX, Remote Unauthorized Modification 2015-12-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04923929

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04923929
Version: 1

HPSBHF03528 r

[ more ]  [ reply ]
[SECURITY] [DSA 3423-1] cacti security update 2015-12-16
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3423-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 16, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3421-1] grub2 security update 2015-12-16
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3421-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 16, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3422-1] iceweasel security update 2015-12-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3422-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 16, 2015

[ more ]  [ reply ]
Shutdown UX DLL side loading vulnerability 2015-12-16
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Shutdown UX DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, November 2015

------------------------------------------------------------------------

Abstract

[ more ]  [ reply ]
Shockwave Flash Object DLL side loading vulnerability 2015-12-16
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Shockwave Flash Object DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, August 2015

------------------------------------------------------------------------

[ more ]  [ reply ]
(Page 9 of 1653)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus