|
|
Colapse all |
Post message
ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability 2017-01-25 EMC Product Security Response Center (Security_Alert emc com) OpenCart 2.3.0.2 CSRF - User Account Takeover 2017-01-25 Open Security (open opensecurity ca) ===[ Introduction ]=== OpenCart is a free open source ecommerce platform for online merchants. OpenCart provides a professional and reliable foundation from which to build a successful online store. ===[ Description ]=== There is a security vulnerability in OpenCart 2.3.0.2 which allows a hacker [ more ] [ reply ] [security bulletin] HPSBST03642 rev.3 - HPE StoreVirtual Products running LeftHand OS using OpenSSL and OpenSSH, Remote Arbitrary Code Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access 2017-01-24 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053019 46 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05301946 Version: 3 HPSBST03642 rev.3 [ more ] [ reply ] [security bulletin] HPSBHF03695 rev.1 - HPE Ethernet Adaptors, Remote Denial of Service (DoS) 2017-01-24 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053683 78 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05368378 Version: 1 HPSBHF03695 rev.1 [ more ] [ reply ] [security bulletin] HPSBHF03441 rev.2 - HPE iLO 3, iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities 2017-01-24 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052369 50 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05236950 Version: 2 HPSBHF03441 rev.2 [ more ] [ reply ] Cisco Security Advisory: Cisco WebEx Browser Extension Remote Code Execution Vulnerability 2017-01-24 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco WebEx Browser Extension Remote Code Execution Vulnerability Advisory ID: cisco-sa-20170124-webex Revision 1.0 For Public Release 2017 January 22 18:30 UTC (GMT) Last Updated 2017 January 24 18:30 UTC (GMT) +-------------------------------- [ more ] [ reply ] [security bulletin] HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information 2017-01-24 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053694 15 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05369415 Version: 1 HPSBGN03690 rev.1 [ more ] [ reply ] CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS 2017-01-24 ERPScan inc (erpscan online gmail com) Application: Java SE Vendor: Oracle Bug: DoS Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 17.01.2017 Reference: Oracle CPU Jan 2017 Author: Roman Shalymov 1. ADVISORY INFORMATION Title: Oracle OpenJDK - Java Serialization DoS Advisory ID: [ERPSCAN-17-006] Ri [ more ] [ reply ] [ERPSCAN-17-005] Oracle PeopleSoft - XSS vulnerability CVE-2017-3300 2017-01-24 ERPScan inc (erpscan online gmail com) Application: Oracle PeopleSoft Vendor: Oracle Bugs: XXS Reported: 31.10.2016 Vendor response: 1.11.2016 Date of Public Advisory: 17.01.2017 Reference: Oracle CPU Jan 2017 Authors: Vahagn Vardanyan, Dmitry Yudin 1. ADVISORY INFORMATION Title: Oracle PeopleSoft â?? XSS vulnerability Adviso [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2017-023-01) 2017-01-24 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2017-023-01) New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ pa [ more ] [ reply ] APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5 2017-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5 iTunes for Windows 12.5.5 is now available and addresses the following: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corru [ more ] [ reply ] APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1 2017-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1 iCloud for Windows 6.1.1 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution [ more ] [ reply ] APPLE-SA-2017-01-23-2 macOS 10.12.3 2017-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-2 macOS 10.12.3 macOS 10.12.3 is now available and addresses the following: apache_mod_php Available for: macOS Sierra 10.12.2 Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version [ more ] [ reply ] APPLE-SA-2017-01-23-5 Safari 10.0.3 2017-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-5 Safari 10.0.3 Safari 10.0.3 is now available and addresses the following: Safari Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3 Impact: Visiting a malicious website may lead to addres [ more ] [ reply ] APPLE-SA-2017-01-23-4 tvOS 10.1.1 2017-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-4 tvOS 10.1.1 tvOS 10.1.1 is now available and addresses the following: Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer ov [ more ] [ reply ] APPLE-SA-2017-01-23-3 watchOS 3.1.3 2017-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-3 watchOS 3.1.3 watchOS 3.1.3 is now available and addresses the following: Accounts Available for: All Apple Watch models Impact: Uninstalling an app did not reset the authorization settings Description: An issue existed which [ more ] [ reply ] APPLE-SA-2017-01-23-1 iOS 10.2.1 2017-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-1 iOS 10.2.1 iOS 10.2.1 is now available and addresses the following: Auto Unlock Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Auto Unlock may unlock when Apple Wa [ more ] [ reply ] ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability 2017-01-23 EMC Product Security Response Center (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability EMC Identifier: ESA-2016-150 CVE Identifier: CVE-2016-8215 Severity Rating: CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) Affected Produ [ more ] [ reply ] ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability 2017-01-23 EMC Product Security Response Center (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability EMC Identifier: ESA-2016-146 CVE Identifier: CVE-2016-8214 Severity Rating: CVSSv3 Base Score: 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Affe [ more ] [ reply ] Microsoft Remote Desktop Client for Mac Remote Code Execution - Update 2017-01-23 Filippo Cavallarin (filippo cavallarin wearesegment com) [SECURITY] [DSA 3770-1] mariadb-10.0 security update 2017-01-22 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 3769-1] libphp-swiftmailer security update 2017-01-22 Sebastien Delafond (seb debian org) Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution 2017-01-21 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installers of "Pelle's C", <http://smorgasbordet.com/pellesc/800/setup64.exe> and, <http://smorgasbordet.com/pellesc/800/setup.exe>, available from <http://smorgasbordet.com/pellesc/index.htm>, are vulnerable to DLL hijacking: they load (tested on Windows 7) at least the foll [ more ] [ reply ] NTOPNG Web Interface v2.4 CSRF Token Bypass 2017-01-21 apparitionsec gmail com (hyp3rlinx) [+]##################################################################### ################ [+] Credits / Discovery: John Page AKA Hyp3rlinX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NTOPNG-CSRF-TOKEN-BYPASS.txt [+] ISR: ApparitionSEC [+]############ [ more ] [ reply ] [SECURITY] [DSA 3767-1] mysql-5.5 security update 2017-01-19 Salvatore Bonaccorso (carnil debian org) Novel Contributions to the field - How I broke MySQL's code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day 2017-01-19 Nicholas Lemonias. (lem nikolas googlemail com) Novel Contributions to the Field - How I broke MySQL's codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day 2017-01-18 lem nikolas gmail com ************************************************** (c) 2017 Advanced Information Security Corporation and Oracle Inc. ************************************************** Author: Nicholas Lemonias Date: 17/01/2017 MySQL Remote 0day / Remote Buffer Overflows in 'NDBAPI' Cluster Full report [ more ] [ reply ] [RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection 2017-01-18 Julien Ahrens (info rcesecurity com) [security bulletin] HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities 2017-01-18 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053769 17 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05376917 Version: 1 HPSBMU03685 rev.1 [ more ] [ reply ] ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability 2017-01-18 EMC Product Security Response Center (Security_Alert emc com) |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability
EMC Identifier: ESA-2016-166
CVE Identifier: CVE-2016-9871
Severity Rating: CVSS v3 Base Score: 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products:
? EMC Is
[ more ] [ reply ]