|
|
Colapse all |
Post message
[SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure 2017-01-05 Mark Thomas (markt apache org) CVE-2016-8745 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M13 Apache Tomcat 8.5.0 to 8.5.8 Apache Tomcat 8.0.0.RC1 to 8.0.39 (new) Apache Tomcat 7.0.0 to 7.0.73 (new) Apache Tomcat 6.0.16 to 6.0 [ more ] [ reply ] ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities 2017-01-05 EMC Product Security Response Center (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities EMC Identifier: ESA-2016-157 CVE Identifier: CVE-2016-9867, CVE-2016-9868, CVE-2016-9869 Severity Rating: CVSS v3Base Score: See below for individual scores Affected products: EMC Scale [ more ] [ reply ] [security bulletin] HPSBGN03688 rev.1 - HPE Operations Orchestration, Remote Code Execution 2017-01-03 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053619 44 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05361944 Version: 1 HPSBGN03688 rev.1 [ more ] [ reply ] [SECURITY] [DSA 3750-2] libphp-phpmailer regression update 2017-01-03 Thijs Kinkhorst (thijs debian org) 0-day: QNAP NAS Devices suffer of heap overflow 2016-12-31 bashis (mcw noemail eu) Greetings, Twice I tried to use the QNAP Web page (https://aid.qnap.com/event/_module/nas/safe_report/) for reporting vulnerability, and twice I got mailer-daemon back. So, Iâ??ll post my vulnerabilities here instead (Was not meant to be 0-dayâ?¦ whatever). Have a nice day (and happy new ye [ more ] [ reply ] [SECURITY] [DSA 3750-1] libphp-phpmailer security update 2016-12-31 Thijs Kinkhorst (thijs debian org) [slackware-security] seamonkey (SSA:2016-365-03) 2016-12-30 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2016-365-03) New seamonkey packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packag [ more ] [ reply ] Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability 2016-12-31 Pedro Santos (pedrosans gmail com) Forwarding the message em plain text mode to: - be accepted by securityfocus's mail server ( didn't accepted MIME Content-Type 'multipart/alternative' ) - add oss-security (at) lists.openwall (dot) com [email concealed] at the open receiver ( openwall is not accepting emails if in BCC) - adding missing Apache's security team ( [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2016-365-02) 2016-12-30 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2016-365-02) New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +---------------------- [ more ] [ reply ] [slackware-security] libpng (SSA:2016-365-01) 2016-12-30 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libpng (SSA:2016-365-01) New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +---------------------- [ more ] [ reply ] [CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage 2016-12-28 Oleksandr Rudyy (orudyy gmail com) PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) 2016-12-28 Dawid Golunski (dawid legalhackers com) PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Discovered by Dawid Golunski (@dawid_golunski) https://legalhackers.com Desc: I discovered that the current PHPMailer versions (< 5.2.20) were still vulnerable to RCE as it is possible t [ more ] [ reply ] PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] 2016-12-27 Dawid Golunski (dawid legalhackers com) PHPMailer < 5.2.18 Remote Code Execution CVE-2016-10033 Here's an updated version of the advisory with more details + simple PoC. Still incomplete. There will be more updates/exploits soon at: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-C VE-2016-10033-Vuln.html https:/ [ more ] [ reply ] [SECURITY] [DSA 3746-1] graphicsmagick security update 2016-12-24 Luciano Bello (luciano debian org) [slackware-security] expat (SSA:2016-359-01) 2016-12-24 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] expat (SSA:2016-359-01) New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +------------------------- [ more ] [ reply ] [slackware-security] openssh (SSA:2016-358-02) 2016-12-24 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssh (SSA:2016-358-02) New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------- [ more ] [ reply ] [slackware-security] httpd (SSA:2016-358-01) 2016-12-24 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2016-358-01) New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] XAMPP Control Panel Memory Corruption Denial Of Service 2016-12-24 apparitionsec gmail com (HYP3RLINX) [+] Credits: John Page (hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/XAMPP-CONTROL-PANEL-MEMORY-CO RRUPTION-DOS.txt [+] ISR: ApparitionSec Vendor: ===================== www.apachefriends.org Product: =================== XAMPP Cont [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-16:39.ntp 2016-12-22 FreeBSD Security Advisories (security-advisories freebsd org) CVE-2014-4138: MSIE 11 MSHTML CPasteÂCommand::ConvertÂBitmaptoÂPng heap-based buffer overflow 2016-12-21 Berend-Jan Wever (berendj nwever nl) Since November I have been releasing details on all vulnerabilities I found that I have not released before. This is the 37th entry in the series. This information is available in more detail on my blog at http://blog.skylined.nl/20161221001.html. There you can find a repro that triggered this issue [ more ] [ reply ] ASP.NET Core 5-RC1 HTTP Header Injection 2016-12-21 Advisories (advisories compass-security com) ############################################################# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # ############################################################# # # Product: ASP.NET Core # Vendor: Microsoft https://www.microsoft.com # CSNC ID: CSNC [ more ] [ reply ] [SECURITY] [DSA 3743-1] python-bottle security update 2016-12-20 Sebastien Delafond (seb debian org) CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free 2016-12-20 Berend-Jan Wever (berendj nwever nl) Since November I have been releasing details on all vulnerabilities I found that I have not released before. This is the 36th entry in the series. This information is available in more detail on my blog at http://blog.skylined.nl/20161220001.html. There you can find a repro that triggered this issue [ more ] [ reply ] Samsung DVR credentials encoded in base64 in cookie header 2016-12-17 Jacobo Avariento (spinfoo vuln gmail com) Product: Samsung DVR Impact: High Intro ~~~~~~~~~~~~~~~ Samsung DVR Web Viewer is by default using HTTP (port 80) and transmits the credentials encoded in the Cookie header using very bad security practice, just encoding the login and password in BASE64 codification. It is trivial to decode those [ more ] [ reply ] [security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities 2016-12-16 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053563 63 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05356363 Version: 1 HPSBMU03684 rev.1 [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3753-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 05, 2017
[ more ] [ reply ]