BugTraq Mode:
(Page 14 of 1709)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >
Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability 2016-11-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability

Advisory ID: cisco-sa-20161102-cms

Revision: 1.0

For Public Release 2016 November 2 16:00 UTC (GMT)

+-----------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability 2016-11-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20161102-tl1

Revision: 1.0

For Public Release 2016 November 2 16:00 UTC (GMT)

+-------------------------------------------

[ more ]  [ reply ]
Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details 2016-11-01
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the first
entry in that series.
The below information is also available on my blog at
http://blog.skylined.nl/20161101001.html. There you can find a repro
that triggered

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-305-04) 2016-11-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-305-04)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
[slackware-security] mariadb (SSA:2016-305-03) 2016-11-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mariadb (SSA:2016-305-03)

New mariadb packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/m

[ more ]  [ reply ]
CfP and Special Session :: CyberSec2017 2016-11-01
Jackie Blanco (jackie sdiwc info)
You are invited to participate in the following conference:

THE FIFTH INTERNATIONAL CONFERENCE ON CYBER SECURITY, CYBER WELFARE AND
DIGITAL FORENSIC (CyberSec2017)

Venue: St. Mary's University, Addis Ababa, Ethiopia
Dates: April 22-24, 2017
URL:
http://sdiwc.net/conferences/6th-international-cyb

[ more ]  [ reply ]
[slackware-security] x11 (SSA:2016-305-02) 2016-11-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] x11 (SSA:2016-305-02)

New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
OS-S 2016-23 - Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic()) 2016-10-31
Ralf Spenneberg (info os-t de)
OS-S Security Advisory 2016-23
Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic())

Date:
October 31th, 2016
Authors:
Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE:
Not yet assigned
CVSS:
4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Severity:
Critical
Ease of Exploitation:
Trivial
Vulne

[ more ]  [ reply ]
[HITB-Announce] HITB2017AMS CFP 2016-10-31
Hafez Kamal (aphesz hackinthebox org)
The Call for Papers for the 8th annual Hack In The Box Security
Conference in The Netherlands is now open!

Call for Papers: https://cfp.hackinthebox.org/
Event Website: https://conference.hitb.org/hitbsecconf2017ams/

HITBSecConf has always been an attack oriented deep-knowledge research
event aime

[ more ]  [ reply ]
October 2016 - Crowd - Critical Security Advisory 2016-10-31
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Note: the current version of this advisory can be found at
https://confluence.atlassian.com/x/wykQMw .

CVE ID:
* CVE-2016-6496 - Crowd LDAP Java Object Injection

Product: Crowd

Affected Crowd Versions:
1.4.1 <= version < 2.8.8
2.9.0 <= version < 2.

[ more ]  [ reply ]
[SECURITY] [DSA 3691-2] ghostscript regression update 2016-10-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3691-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
October 28, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3701-2] nginx regression update 2016-10-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3701-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
October 28, 2016

[ more ]  [ reply ]
APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows 2016-10-27
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows

iTunes 12.5.2 for Windows is now available and addresses the
following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of use

[ more ]  [ reply ]
[security bulletin] HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information 2016-10-27
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053201
49

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05320149

Version: 1

HPSBMU03653 rev.1

[ more ]  [ reply ]
[security bulletin] HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege 2016-10-27
HP Security Alert (hp-security-alert hp com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0523964
6

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05239646
Version: 1

HPSBHF3549 ThinkPwn UEFI BI

[ more ]  [ reply ]
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation 2016-10-26
Dawid Golunski (dawid legalhackers com)
I added a simple PoC video for the CVE-2016-1240 vulnerability.

In the PoC I used Ubuntu 16.04 with the latest tomcat7 package
(version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos
which appears vulnerable still.

The video poc can be found at:

http://legalhackers.com/videos/Apache-

[ more ]  [ reply ]
[SECURITY] [DSA 3700-1] asterisk security update 2016-10-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3700-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
October 25, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3701-1] nginx security update 2016-10-25
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3701-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
October 25, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED] 2016-10-25
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:15.sysarch [REVISED] Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
CVE-2016-6804 Apache OpenOffice Windows Installer Untrusted Search Path 2016-10-25
Dennis E. Hamilton (orcmid apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2016-6804
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6804>
Apache OpenOffice Advisory
<https://www.openoffice.org/security/cves/CVE-2016-6804.html>

Title: Windows Installer Execution of Arbitrary Code with Elevated Privileges

Version

[ more ]  [ reply ]
wincvs-2.0.2.4 Privilege Escalation 2016-10-25
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WINCVS-PRIVILEGE-ESCALATION.t
xt

[+] ISR: ApparitionSec

Vendor:
======================
cvsgui.sourceforge.net
www.wincvs.org

Product:
===========
WinCvs v2.1.1.1

[ more ]  [ reply ]
APPLE-SA-2016-10-24-3 Safari 10.0.1 2016-10-24
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-10-24-3 Safari 10.0.1

Safari 10.0.1 is now available and addresses the following:

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12
Impact: Processing maliciously crafted web content may le

[ more ]  [ reply ]
[SECURITY] [DSA 3698-1] php5 security update 2016-10-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3698-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
October 24, 2016

[ more ]  [ reply ]
Puppet Enterprise Web Interface Authentication Redirect 2016-10-22
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIREC
T.txt

[+] ISR: ApparitionSec

Vendor:
==============
www.puppet.com

Product:
================================
Puppet Enterprise Web

[ more ]  [ reply ]
Puppet Enterprise Web Interface User Enumeration 2016-10-21
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-USER-ENUMERATION.txt

[+] ISR: ApparitionSec

Vendor:
==============
www.puppet.com

Product:
===============================
Puppet Enterprise Web Interfa

[ more ]  [ reply ]
Puppet Enterprise Web Interface Authentication Redirect 2016-10-21
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIREC
T.txt

[+] ISR: ApparitionSec

Vendor:
==============
www.puppet.com

Product:
================================
Puppet Enterprise Web

[ more ]  [ reply ]
Oracle Netbeans IDE v8.1 Import Directory Traversal 2016-10-21
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY
-TRAVERSAL.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.oracle.com

Product:
=================
Netbeans IDE v8.1

Vulne

[ more ]  [ reply ]
ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability 2016-10-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

EMC Identifier: ESA-2016-111

CVE Identifier: CVE-2016-0909

Severity Rating: CVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affe

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update 2016-10-20
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

since more than a year now, Windows Update fails (not only, but most
notably) on FRESH installations of Windows 7/8/8.1 (especially their
32-bit editions), which then get NO security updates at all [°]!

One of the many possible causes: Windows Update Client runs out of
(virtual) memory dur

[ more ]  [ reply ]
[CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability 2016-10-20
dirtycow dirtcow ninja
Debian: https://security-tracker.debian.org/tracker/CVE-2016-5195

Redhat: https://access.redhat.com/security/cve/cve-2016-5195

FAQ: https://dirtycow.ninja/

[ more ]  [ reply ]
(Page 14 of 1709)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus