BugTraq Mode:
(Page 9 of 1709)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
[SECURITY] [DSA 3746-1] graphicsmagick security update 2016-12-24
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3746-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 24, 2016

[ more ]  [ reply ]
[slackware-security] expat (SSA:2016-359-01) 2016-12-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] expat (SSA:2016-359-01)

New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+-------------------------

[ more ]  [ reply ]
[slackware-security] openssh (SSA:2016-358-02) 2016-12-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssh (SSA:2016-358-02)

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+---------------------

[ more ]  [ reply ]
[slackware-security] httpd (SSA:2016-358-01) 2016-12-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] httpd (SSA:2016-358-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
XAMPP Control Panel Memory Corruption Denial Of Service 2016-12-24
apparitionsec gmail com (HYP3RLINX)
[+] Credits: John Page (hyp3rlinx)

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/XAMPP-CONTROL-PANEL-MEMORY-CO
RRUPTION-DOS.txt

[+] ISR: ApparitionSec

Vendor:
=====================
www.apachefriends.org

Product:
===================
XAMPP Cont

[ more ]  [ reply ]
[SECURITY] [DSA 3744-1] libxml2 security update 2016-12-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3744-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 23, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:39.ntp 2016-12-22
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:39.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
CVE-2014-4138: MSIE 11 MSHTML CPaste­Command::Convert­Bitmapto­Png heap-based buffer overflow 2016-12-21
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 37th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161221001.html. There you can find a repro
that triggered this issue

[ more ]  [ reply ]
[SECURITY] [DSA 3732-2] php-ssh2 regression update 2016-12-21
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3732-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
December 21, 2016

[ more ]  [ reply ]
ASP.NET Core 5-RC1 HTTP Header Injection 2016-12-21
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: ASP.NET Core
# Vendor: Microsoft https://www.microsoft.com
# CSNC ID: CSNC

[ more ]  [ reply ]
[SECURITY] [DSA 3743-1] python-bottle security update 2016-12-20
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3743-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
December 20, 2016

[ more ]  [ reply ]
CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free 2016-12-20
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 36th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161220001.html. There you can find a repro
that triggered this issue

[ more ]  [ reply ]
[SECURITY] [DSA 3738-1] tomcat7 security update 2016-12-18
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3738-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
December 18, 2016

[ more ]  [ reply ]
Samsung DVR credentials encoded in base64 in cookie header 2016-12-17
Jacobo Avariento (spinfoo vuln gmail com)
Product: Samsung DVR
Impact: High

Intro
~~~~~~~~~~~~~~~

Samsung DVR Web Viewer is by default using HTTP (port 80) and transmits
the credentials encoded in the Cookie header using very bad security
practice, just encoding the login and password in BASE64 codification.
It is trivial to decode those

[ more ]  [ reply ]
[security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities 2016-12-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053563
63

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05356363

Version: 1

HPSBMU03684 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 3736-1] libupnp security update 2016-12-16
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3736-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
December 16, 2016

[ more ]  [ reply ]
CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom 2016-12-16
unlimitsec gmail com
Description of the potential vulnerability:Lack of appropriate exception handling in some receivers of the Telecom application allows attackers crash the system easily resulting in a possible DoS attack
Affected versions: L(5.0/5.1), M(6.0)
Disclosure status: Privately disclosed.
The patch prevents

[ more ]  [ reply ]
CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free 2016-12-16
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 34th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161216001.html. There you can find a repro
that triggered this issue

[ more ]  [ reply ]
MSIE 9 IEFRAME CMarkup­Pointer::Move­To­Gap use-after-free 2016-12-15
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 33rd entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161215001.html. There you can find a repro
that triggered this issue

[ more ]  [ reply ]
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] 2016-12-15
Dawid Golunski (dawid legalhackers com)
Vulnerability:
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution

CVE-2016-9565

Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Severity: High

Nagios Core comes with a PHP/CGI front-end which allows to view status
of the monitored hosts.
This fr

[ more ]  [ reply ]
Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability 2016-12-14
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ADOBE-ANIMATE-MEMORY-CORRUPTI
ON-VULNERABILITY.txt

[+] ISR: ApparitionSec

Vendor:
=============
www.adobe.com

Product(s):
=============================
Adobe An

[ more ]  [ reply ]
Secunia Research: Microsoft Windows Type 1 Font Processing Vulnerability 2016-12-14
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2016/12/14

Microsoft Windows Type 1 Font Processing Vulnerability

======================================================================

Table of Contents

Affected Software......

[ more ]  [ reply ]
CVE-2013-3143: MSIE 9 IEFRAME CMarkup..Remove­Pointer­Pos use-after-free 2016-12-14
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 32nd entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161214001.html. There you can find a repro
that triggered this issue

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-348-01) 2016-12-13
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-348-01)

New mozilla-firefox packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
pa

[ more ]  [ reply ]
MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free 2016-12-13
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the thirty-first entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161213001.html. There you can find a repro
that triggered th

[ more ]  [ reply ]
APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-7 Additional information for
APPLE-SA-2016-12-12-2 watchOS 3.1.1

watchOS 3.1.1 addresses the following:

Accounts
Available for: All Apple Watch models
Impact: An issue existed which did not reset the authorization
settings on ap

[ more ]  [ reply ]
APPLE-SA-2016-12-13-8 Transporter 1.9.2 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-8 Transporter 1.9.2

Transporter 1.9.2 is now available and addresses the following:

iTMSTransporter
Available for: iTunes Producer 3.1.1, OS X v10.6 and later (64 bit),
Windows 7 and later (32 bit), and Red Hat Enterprise Linux (

[ more ]  [ reply ]
APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-5 Additional information for
APPLE-SA-2016-12-12-1 iOS 10.2

iOS 10.2 addresses the following:

Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby u

[ more ]  [ reply ]
APPLE-SA-2016-12-13-2 Safari 10.0.2 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-2 Safari 10.0.2

Safari 10.0.2 is now available and addresses the following:

Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Enabling the Safari Reader feature on a

[ more ]  [ reply ]
APPLE-SA-2016-12-13-3 iTunes 12.5.4 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-3 iTunes 12.5.4

iTunes 12.5.4 is now available and addresses the following:

WebKit
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addres

[ more ]  [ reply ]
(Page 9 of 1709)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus