BugTraq Mode:
(Page 15 of 1715)  < Prev  10 11 12 13 14 15 16 17 18 19 20  Next >
[SECURITY] [DSA 3738-1] tomcat7 security update 2016-12-18
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3738-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
December 18, 2016

[ more ]  [ reply ]
Samsung DVR credentials encoded in base64 in cookie header 2016-12-17
Jacobo Avariento (spinfoo vuln gmail com)
Product: Samsung DVR
Impact: High

Intro
~~~~~~~~~~~~~~~

Samsung DVR Web Viewer is by default using HTTP (port 80) and transmits
the credentials encoded in the Cookie header using very bad security
practice, just encoding the login and password in BASE64 codification.
It is trivial to decode those

[ more ]  [ reply ]
[security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities 2016-12-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053563
63

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05356363

Version: 1

HPSBMU03684 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 3736-1] libupnp security update 2016-12-16
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3736-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
December 16, 2016

[ more ]  [ reply ]
CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom 2016-12-16
unlimitsec gmail com
Description of the potential vulnerability:Lack of appropriate exception handling in some receivers of the Telecom application allows attackers crash the system easily resulting in a possible DoS attack
Affected versions: L(5.0/5.1), M(6.0)
Disclosure status: Privately disclosed.
The patch prevents

[ more ]  [ reply ]
CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free 2016-12-16
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 34th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161216001.html. There you can find a repro
that triggered this issue

[ more ]  [ reply ]
MSIE 9 IEFRAME CMarkup­Pointer::Move­To­Gap use-after-free 2016-12-15
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 33rd entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161215001.html. There you can find a repro
that triggered this issue

[ more ]  [ reply ]
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] 2016-12-15
Dawid Golunski (dawid legalhackers com)
Vulnerability:
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution

CVE-2016-9565

Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Severity: High

Nagios Core comes with a PHP/CGI front-end which allows to view status
of the monitored hosts.
This fr

[ more ]  [ reply ]
Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability 2016-12-14
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ADOBE-ANIMATE-MEMORY-CORRUPTI
ON-VULNERABILITY.txt

[+] ISR: ApparitionSec

Vendor:
=============
www.adobe.com

Product(s):
=============================
Adobe An

[ more ]  [ reply ]
Secunia Research: Microsoft Windows Type 1 Font Processing Vulnerability 2016-12-14
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2016/12/14

Microsoft Windows Type 1 Font Processing Vulnerability

======================================================================

Table of Contents

Affected Software......

[ more ]  [ reply ]
CVE-2013-3143: MSIE 9 IEFRAME CMarkup..Remove­Pointer­Pos use-after-free 2016-12-14
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 32nd entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161214001.html. There you can find a repro
that triggered this issue

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-348-01) 2016-12-13
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-348-01)

New mozilla-firefox packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
pa

[ more ]  [ reply ]
MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free 2016-12-13
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the thirty-first entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161213001.html. There you can find a repro
that triggered th

[ more ]  [ reply ]
APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-7 Additional information for
APPLE-SA-2016-12-12-2 watchOS 3.1.1

watchOS 3.1.1 addresses the following:

Accounts
Available for: All Apple Watch models
Impact: An issue existed which did not reset the authorization
settings on ap

[ more ]  [ reply ]
APPLE-SA-2016-12-13-8 Transporter 1.9.2 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-8 Transporter 1.9.2

Transporter 1.9.2 is now available and addresses the following:

iTMSTransporter
Available for: iTunes Producer 3.1.1, OS X v10.6 and later (64 bit),
Windows 7 and later (32 bit), and Red Hat Enterprise Linux (

[ more ]  [ reply ]
APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-5 Additional information for
APPLE-SA-2016-12-12-1 iOS 10.2

iOS 10.2 addresses the following:

Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby u

[ more ]  [ reply ]
APPLE-SA-2016-12-13-2 Safari 10.0.2 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-2 Safari 10.0.2

Safari 10.0.2 is now available and addresses the following:

Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Enabling the Safari Reader feature on a

[ more ]  [ reply ]
APPLE-SA-2016-12-13-3 iTunes 12.5.4 2016-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-13-3 iTunes 12.5.4

iTunes 12.5.4 is now available and addresses the following:

WebKit
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addres

[ more ]  [ reply ]
[slackware-security] kernel (SSA:2016-347-01) 2016-12-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kernel (SSA:2016-347-01)

New kernel packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-347-03) 2016-12-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-347-03)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
Apple iOS/tvOS/watchOS Remote memory corruption through certificate 2016-12-12
submit cxsec org
Apple iOS/tvOS/watchOS Remote memory corruption through certificate file
Source:
https://cxsecurity.com/issue/WLB-2016110046

------------------------------------------------------------------------
--------------
0. Short description
Special crafted certificate file may lead to memory corruption of

[ more ]  [ reply ]
APPLE-SA-2016-12-12-2 watchOS 3.1.1 2016-12-12
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-12-2 watchOS 3.1.1

watchOS 3.1.1 is now available and addresses the following:

Accounts
Available for: All Apple Watch models
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: Thi

[ more ]  [ reply ]
APPLE-SA-2016-12-12-3 tvOS 10.1 2016-12-12
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-12-3 tvOS 10.1

tvOS 10.1 is now available and addresses the following:

Profiles
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory c

[ more ]  [ reply ]
APPLE-SA-2016-12-12-1 iOS 10.2 2016-12-12
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-12-12-1 iOS 10.2

iOS 10.2 is now available and addresses the following:

Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby user may be able to overhear

[ more ]  [ reply ]
[SECURITY] CVE-2016-8745 Apache Tomcat Information Disclosure 2016-12-12
Mark Thomas (markt apache org)
CVE-2016-8745 Apache Tomcat Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M13
Apache Tomcat 8.5.0 to 8.5.8
Earlier versions are not affected.

Description
The refactoring of the Connector code for 8.5.x onwards

[ more ]  [ reply ]
[SECURITY] [DSA 3730-1] icedove security update 2016-12-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3730-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 11, 2016

[ more ]  [ reply ]
MSIE 9 MSHTML CElement::Has­Flag memory corruption 2016-12-09
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the twenty-ninth entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161209001.html. There you can find a repro
that triggered th

[ more ]  [ reply ]
Symantec VIP Access Desktop Arbitrary DLL Execution 2016-12-09
apparitionsec gmail com - hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-VIP-ACCESS-ARBITRARY
-DLL-EXECUTION.txt

[+] ISR: ApparitionSec

Vendor:
================
www.symantec.com

Product:
===================
Symantec VIP Acce

[ more ]  [ reply ]
AST-2016-009: <br> 2016-12-08
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - ASTERISK-2016-009

Product Asterisk
Summary
Nature of Advisory Authentication Bypass
Susceptibility Remote unauthenticated s

[ more ]  [ reply ]
AST-2016-008: Crash on SDP offer or answer from endpoint using Opus 2016-12-08
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2016-008

Product Asterisk
Summary Crash on SDP offer or answer from endpoint using
Opus

[ more ]  [ reply ]
(Page 15 of 1715)  < Prev  10 11 12 13 14 15 16 17 18 19 20  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus