BugTraq Mode:
(Page 16 of 524)  < Prev  11 12 13 14 15 16 17 18 19 20 21  Next >
[security bulletin] HPSBUX03664 SSRT110248 rev.1 - HP-UX BIND Service running named, Remote Denial of Service (DoS) 2016-11-02
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053211
07

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05321107

Version: 1

HPSBUX03664 SSRT11

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability 2016-11-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability

Advisory ID: cisco-sa-20161102-cms

Revision: 1.0

For Public Release 2016 November 2 16:00 UTC (GMT)

+-----------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability 2016-11-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20161102-tl1

Revision: 1.0

For Public Release 2016 November 2 16:00 UTC (GMT)

+-------------------------------------------

[ more ]  [ reply ]
Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details 2016-11-01
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the first
entry in that series.
The below information is also available on my blog at
http://blog.skylined.nl/20161101001.html. There you can find a repro
that triggered

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-305-04) 2016-11-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-305-04)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
[slackware-security] mariadb (SSA:2016-305-03) 2016-11-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mariadb (SSA:2016-305-03)

New mariadb packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/m

[ more ]  [ reply ]
CfP and Special Session :: CyberSec2017 2016-11-01
Jackie Blanco (jackie sdiwc info)
You are invited to participate in the following conference:

THE FIFTH INTERNATIONAL CONFERENCE ON CYBER SECURITY, CYBER WELFARE AND
DIGITAL FORENSIC (CyberSec2017)

Venue: St. Mary's University, Addis Ababa, Ethiopia
Dates: April 22-24, 2017
URL:
http://sdiwc.net/conferences/6th-international-cyb

[ more ]  [ reply ]
[slackware-security] x11 (SSA:2016-305-02) 2016-11-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] x11 (SSA:2016-305-02)

New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
OS-S 2016-23 - Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic()) 2016-10-31
Ralf Spenneberg (info os-t de)
OS-S Security Advisory 2016-23
Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic())

Date:
October 31th, 2016
Authors:
Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE:
Not yet assigned
CVSS:
4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Severity:
Critical
Ease of Exploitation:
Trivial
Vulne

[ more ]  [ reply ]
[HITB-Announce] HITB2017AMS CFP 2016-10-31
Hafez Kamal (aphesz hackinthebox org)
The Call for Papers for the 8th annual Hack In The Box Security
Conference in The Netherlands is now open!

Call for Papers: https://cfp.hackinthebox.org/
Event Website: https://conference.hitb.org/hitbsecconf2017ams/

HITBSecConf has always been an attack oriented deep-knowledge research
event aime

[ more ]  [ reply ]
October 2016 - Crowd - Critical Security Advisory 2016-10-31
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Note: the current version of this advisory can be found at
https://confluence.atlassian.com/x/wykQMw .

CVE ID:
* CVE-2016-6496 - Crowd LDAP Java Object Injection

Product: Crowd

Affected Crowd Versions:
1.4.1 <= version < 2.8.8
2.9.0 <= version < 2.

[ more ]  [ reply ]
[SECURITY] [DSA 3691-2] ghostscript regression update 2016-10-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3691-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
October 28, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3701-2] nginx regression update 2016-10-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3701-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
October 28, 2016

[ more ]  [ reply ]
APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows 2016-10-27
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows

iTunes 12.5.2 for Windows is now available and addresses the
following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of use

[ more ]  [ reply ]
[security bulletin] HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information 2016-10-27
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053201
49

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05320149

Version: 1

HPSBMU03653 rev.1

[ more ]  [ reply ]
[security bulletin] HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege 2016-10-27
HP Security Alert (hp-security-alert hp com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0523964
6

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05239646
Version: 1

HPSBHF3549 ThinkPwn UEFI BI

[ more ]  [ reply ]
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation 2016-10-26
Dawid Golunski (dawid legalhackers com)
I added a simple PoC video for the CVE-2016-1240 vulnerability.

In the PoC I used Ubuntu 16.04 with the latest tomcat7 package
(version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos
which appears vulnerable still.

The video poc can be found at:

http://legalhackers.com/videos/Apache-

[ more ]  [ reply ]
[SECURITY] [DSA 3700-1] asterisk security update 2016-10-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3700-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
October 25, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3701-1] nginx security update 2016-10-25
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3701-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
October 25, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED] 2016-10-25
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:15.sysarch [REVISED] Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
CVE-2016-6804 Apache OpenOffice Windows Installer Untrusted Search Path 2016-10-25
Dennis E. Hamilton (orcmid apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2016-6804
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6804>
Apache OpenOffice Advisory
<https://www.openoffice.org/security/cves/CVE-2016-6804.html>

Title: Windows Installer Execution of Arbitrary Code with Elevated Privileges

Version

[ more ]  [ reply ]
wincvs-2.0.2.4 Privilege Escalation 2016-10-25
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WINCVS-PRIVILEGE-ESCALATION.t
xt

[+] ISR: ApparitionSec

Vendor:
======================
cvsgui.sourceforge.net
www.wincvs.org

Product:
===========
WinCvs v2.1.1.1

[ more ]  [ reply ]
APPLE-SA-2016-10-24-3 Safari 10.0.1 2016-10-24
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-10-24-3 Safari 10.0.1

Safari 10.0.1 is now available and addresses the following:

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12
Impact: Processing maliciously crafted web content may le

[ more ]  [ reply ]
[SECURITY] [DSA 3698-1] php5 security update 2016-10-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3698-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
October 24, 2016

[ more ]  [ reply ]
Puppet Enterprise Web Interface Authentication Redirect 2016-10-22
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIREC
T.txt

[+] ISR: ApparitionSec

Vendor:
==============
www.puppet.com

Product:
================================
Puppet Enterprise Web

[ more ]  [ reply ]
Puppet Enterprise Web Interface User Enumeration 2016-10-21
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-USER-ENUMERATION.txt

[+] ISR: ApparitionSec

Vendor:
==============
www.puppet.com

Product:
===============================
Puppet Enterprise Web Interfa

[ more ]  [ reply ]
Puppet Enterprise Web Interface Authentication Redirect 2016-10-21
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIREC
T.txt

[+] ISR: ApparitionSec

Vendor:
==============
www.puppet.com

Product:
================================
Puppet Enterprise Web

[ more ]  [ reply ]
Oracle Netbeans IDE v8.1 Import Directory Traversal 2016-10-21
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY
-TRAVERSAL.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.oracle.com

Product:
=================
Netbeans IDE v8.1

Vulne

[ more ]  [ reply ]
ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability 2016-10-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

EMC Identifier: ESA-2016-111

CVE Identifier: CVE-2016-0909

Severity Rating: CVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affe

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update 2016-10-20
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

since more than a year now, Windows Update fails (not only, but most
notably) on FRESH installations of Windows 7/8/8.1 (especially their
32-bit editions), which then get NO security updates at all [°]!

One of the many possible causes: Windows Update Client runs out of
(virtual) memory dur

[ more ]  [ reply ]
[CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability 2016-10-20
dirtycow dirtcow ninja
Debian: https://security-tracker.debian.org/tracker/CVE-2016-5195

Redhat: https://access.redhat.com/security/cve/cve-2016-5195

FAQ: https://dirtycow.ninja/

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory 2016-10-20
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

on x64 editions of Windows, RegEdit.exe exists both as
%windir%\regedit.exe and %windir%\SysWOW64\regedit.exe.

<https://msdn.microsoft.com/en-us/library/aa384187.aspx> states

| [...] whenever a 32-bit application attempts to access [...]
| %windir%\regedit.exe is redirected to %windir%\Sy

[ more ]  [ reply ]
[security bulletin] HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution 2016-10-19
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053137
43

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05313743
Version: 1

HPSBGN03663 rev.1 - HPE ArcS

[ more ]  [ reply ]
Cisco Security Advisory: Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability 2016-10-19
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20161019-asa-idfw

Revision: 1.0

For Public Release 2016 October 19 16:00 GMT

+---------------------------------------------------------------------

Su

[ more ]  [ reply ]
[SECURITY] [DSA 3695-1] quagga security update 2016-10-18
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3695-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
October 18, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3694-1] tor security update 2016-10-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3694-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
October 18, 2016

[ more ]  [ reply ]
[ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability 2016-10-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver KERNEL

Versions Affected: SAP NetWeaver KERNEL 7.0-7.5

Vendor URL: http://SAP.com

Bugs: Denial of Service

Sent: 09.03.2016

Reported: 10.03.2016

Vendor response: 10.03.2016

Date of Public Advisory: 12.07.2016

Reference: SAP Security Note 2295238

Author: Dmitry

[ more ]  [ reply ]
[SECURITY] [DSA 3693-1] libgd2 security update 2016-10-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3693-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
October 14, 2016

[ more ]  [ reply ]
Evernote for Windows DLL Loading Remote Code Execution Vulnerability 2016-10-14
mehta himanshu21 gmail com
Aloha,

Summary
Evernote contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by 'Evernote_6.1.2.2292.exe' improperly. And it allows an attacker to load th

[ more ]  [ reply ]
[security bulletin] HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information 2016-10-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053075
89

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05307589
Version: 1

HPSBNS03661 rev.1 - NonStop

[ more ]  [ reply ]
Snort v2.9.7.0-WIN32 DLL Hijack 2016-10-12
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt

[+] ISR: ApparitionSec

Vendor:
=============
www.snort.org

Product:
===================
Snort v2.9.7.0-WIN32

Snort is an open-source, fre

[ more ]  [ reply ]
ZendStudio IDE v13.5.1 Privilege Escalation 2016-10-12
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ZEND-STUDIO-PRIVILEGE-ESCALAT
ION.txt

[+] ISR: ApparitionSec

Vendor:
============
www.zend.com

Product:
======================
ZendStudio IDE v13.5.1

Zend Stud

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Meeting Server Client Authentication Bypass Vulnerability 2016-10-12
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Meeting Server Client Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20161012-msc

Revision 1.0

For Public Release 2016 October 12 16:00 UTC (GMT)
Last Updated 2016 October 12 16:00 UTC (GMT)

+-------------------------------------

[ more ]  [ reply ]
Multiple Vulnerabilities in Plone CMS 2016-10-12
Sebastian Perez (s3bap3 gmail com)
[Product Description]
Plone is a free and open source content management system built on
top of the Zope application server. Plone is positioned as an
"Enterprise CMS" and is most commonly used for intranets and as part
of the web presence of large organizations

[Systems Affected]
Product

[ more ]  [ reply ]
[security bulletin] HPSBPV03516 rev.2 - HP VAN SDN Controller, Multiple Vulnerabilities 2016-10-11
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c048196
35

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04819635
Version: 2

HPSBPV03516 rev.2 - HP VAN

[ more ]  [ reply ]
Facebook API v2.1 - RFC6749 Open Redirect Vulnerability 2016-10-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Facebook API v2.1 - RFC6749 Open Redirect Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1972

Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2016/10/10/facebook-api-v21
-hit-rfc6749-

[ more ]  [ reply ]
Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities 2016-10-11
admin (at) evolution-sec (dot) com [email concealed] (admin evolution-sec com)
Document Title:
===============
Contenido v4.9.11 - (Backend) Multiple XSS Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1928

Release Date:
=============
2016-10-10

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities 2016-10-11
Gergely Eberhardt (gergely eberhardt search-lab hu)
Avtech devices multiple vulnerabilities

--------------------------------------------------

Platforms / Firmware confirmed affected:
- Every Avtech device (IP camera, NVR, DVR) and firmware version. [4]
contains the list of confirmed firmware versions, which are affected.
- Product page: http://www

[ more ]  [ reply ]
SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT) 2016-10-11
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20161011-0 >
=======================================================================
title: XML External Entity Injection (XXE)
product: RSA Enterprise Compromise Assessment Tool (ECAT)
vulnerable version: 4.1.0.1
fix

[ more ]  [ reply ]
[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2016-10-11
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-043
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient Protection against Re

[ more ]  [ reply ]
[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2016-10-10
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-043
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient Protection against Re

[ more ]  [ reply ]
Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348] 2016-10-10
Nightwatch Cybersecurity Research (research nightwatchcybersecurity com)
Original at:
https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-53
48-2/

Summary

Android devices can be crashed remotely forcing a halt and then a soft
reboot by a MITM attacker manipulating assisted GPS/GNSS data provided
by Qualcomm. This issue affects the open source code in A

[ more ]  [ reply ]
[SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks 2016-10-10
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-068
Product: Wireless Keyboard Set LX901
Manufacturer: Fujitsu
Affected Version(s): Model No. GK900
Tested Version(s): Model No. GK900
Vulnerability Type: Cryptographic Issues (CWE-310)
Missing Protection aga

[ more ]  [ reply ]
[SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) 2016-10-10
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-033
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cryptograph

[ more ]  [ reply ]
Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability 2016-10-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1850

Cyberoam ID: #1059276
Security ID: NCR-2064

Release Date:
=============
2016-10-04

Vulnerability Labor

[ more ]  [ reply ]
Clean Master v1.0 - Unquoted Path Privilege Escalation 2016-10-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Clean Master v1.0 - Unquoted Path Privilege Escalation

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1968

Release Date:
=============
2016-10-05

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
Cisco Security Advisory: Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability 2016-10-05
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20161005-dhcp2

Revision: 1.0

For Public Release: 2016 October 5 16:00 GMT

+----------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability 2016-10-05
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20161005-dhcp1

Revision: 1.0

For Public Release: 2016 October 5 16:00 GMT

+------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability 2016-10-05
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability

Advisory ID: cisco-sa-20161005-nxaaa

Revision: 1.0

For Public Release: 2016 October 5 16:00 GMT

+--------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability 2016-10-05
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability

Advisory ID: cisco-sa-20161005-bgp

Revision 1.0

For Public Release 2016 October 5 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
===

[ more ]  [ reply ]
[security bulletin] HPSBGN03639 rev.1 - HPE KeyView, Remote Code Execution 2016-10-05
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052974
77

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05297477
Version: 1

HPSBGN03639 rev.1 - HPE KeyV

[ more ]  [ reply ]
KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service 2016-10-05
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial
of Service

Title: Cisco Firepower Threat Management Console Authenticated Denial of Service
Advisory ID: KL-001-2016-004
Publication Date: 2016.10.05
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-0

[ more ]  [ reply ]
KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials 2016-10-05
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL
Credentials

Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials
Advisory ID: KL-001-2016-005
Publication Date: 2016.10.05
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-201

[ more ]  [ reply ]
[SECURITY] [DSA 3688-1] nss security update 2016-10-05
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3688-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
October 05, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3687-1] nspr security update 2016-10-05
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3687-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
October 05, 2016

[ more ]  [ reply ]
September 2016 - HipChat Plugin for various products - Critical Security Advisory 2016-10-06
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the following advisory pages:

* Bitbucket Server - https://confluence.atlassian.com/x/0QkcMg
* Confluence - https://confluence.atlassian.com/x/yIGbMg
* JIRA - https://confluence.atlassian.com/x/w4GbMg

CVE ID:
* CVE-2016-6668 - T

[ more ]  [ reply ]
ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities 2016-10-04
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities

EMC Identifier: ESA-2016-121

CVE Identifier: CVE-2016-6645, CVE-2016-6646

Severity Rating: CVSS v3 Base Score: See below for individual CVE

[ more ]  [ reply ]
ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability 2016-10-04
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability

EMC Identifier: ESA-2016-063

CVE Identifier: CVE-2016-0913

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:

[ more ]  [ reply ]
Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities 2016-10-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1942

Release Date:
=============
2016-10-04

Vulnerability Laboratory ID (VL-ID):
================

[ more ]  [ reply ]
AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit 2016-10-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1966

Release Date:
=============
2016-10-04

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
TeempIp XSS Cookie Theft 2016-10-03
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/TEEMIP-XSS-COOKIE-THEFT.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.combodo.com

Product:
==============
TeemIp v2.0.2

Offer your customers a professional and eco

[ more ]  [ reply ]
[SECURITY] [DSA 3684-1] libdbd-mysql-perl security update 2016-10-03
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3684-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
October 03, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3681-2] wordpress regression update 2016-10-01
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3681-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
October 01, 2016

[ more ]  [ reply ]
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation 2016-10-01
Dawid Golunski (dawid legalhackers com)
CVE: CVE-2016-1240
Vulnerability: Tomcat packaging on Debian-based distros - Local Root
Privilege Escalation
Affected packages: Tomcat 6/7/8 deb packages (up to 8.0.36-2)
Systems affected: Debian & Ubuntu & possibly others (using the
affected deb packages)

Discovered by:
Dawid Golunski (http://lega

[ more ]  [ reply ]
Multiple exposures in Sophos UTM 2016-09-30
Tim Schughart (t schughart prosec-networks com)
Hello @all,

together with my colleague we found two uncritical vulnerabilities you'll find below.

Product: Sophos UTM
Vendor: Sophos ltd.

Internal reference: ? (Bug ID)
Vulnerability type: Information Disclosure
Vulnerable version: 9.405-5, 9.404-5 and possible other versions affected (not test

[ more ]  [ reply ]
[SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345) 2016-09-30
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-060
Product: M520 (Mouse of Wireless Combo MK520)
Manufacturer: Logitech
Affected Version(s): Model Y-R0012
Tested Version(s): Model Y-R0012
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)

[ more ]  [ reply ]
Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability 2016-09-29
Mike Kienenberger (mkienenb gmail com)
Clarification: The first line in this CVE [1] was a copy&paste error
during message composition and is not part of the CVE. This line can
make it sound as if CVE-2016-5019 is only an information disclosure
vulnerability rather than a deserialization attack vector. I
apologize for the confusion.

O

[ more ]  [ reply ]
Persistent XSS in Abus Security Center - CVSS 8.0 2016-09-29
Tim Schughart (t schughart prosec-networks com)
Hi@all,

Product: Abus Security Cams
Vendor:Abus Group

Internal reference: -
Vulnerability type: Cross Site Scripting
Vulnerable version: 0101a and possible other versions affected (not tested)
Vulnerable component: FTP
Report confidence: Confirmed
Solution status: Not fixed by Vendor, will n

[ more ]  [ reply ]
[security bulletin] HPSBGN03650 rev.1 - HPE Network Automation Software, Local Arbitrary File Modification 2016-09-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052817
39

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05281739
Version: 1

HPSBGN03650 rev.1 - HPE Netw

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability

Advisory ID: cisco-sa-20160928-smi

Revision: 1.0

For Public Release: 2016 September 28 16:00 GMT

+----------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20160928-msdp

Revision: 1.0

For Public Release: 2016 September 28 16:00 GMT

+---------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability

Advisory ID: cisco-sa-20160928-ios-ikev1

Revision: 1.0

For Public Release: 2016 September 28 16:00 GMT

+--------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability

Advisory ID: cisco-sa-20160928-esp-nat

Revision: 1.0

For Public Release: 2016 September 28 16:00 GMT

+------------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability

Advisory ID: cisco-sa-20160928-cip

Revison: 1.0

For Public Release: 2016 September 28 16:00 GMT

+-------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability

Advisory ID: cisco-sa-20160928-aaados

Revision: 1.0

For Public Release: 2016 September 28 16:00 GMT

+-----------------------------------------------

[ more ]  [ reply ]
[REVIVE-SA-2016-002] Revive Adserver - Multiple vulnerabilities 2016-09-28
Matteo Beccati (matteo beccati com)
========================================================================

Revive Adserver Security Advisory REVIVE-SA-2016-002
========================================================================

http://www.revive-adserver.com/security/revive-sa-2016-002
======================

[ more ]  [ reply ]
Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...) 2016-09-28
Pierre Kim (pierre kim sec gmail com)
Hello,

Please find a text-only version below sent to security mailing lists.

The complete version on analysing the security in Dlink 932B LTE
routers is posted here:
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-v
ulnerabilities.html

=== text-version of the advisory w

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 2016-09-27
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016

Advisory ID: cisco-sa-20160927-openssl

Revision: 1.0

For Public Release 2016 September 27 22:40 UTC (GMT)

+----------------------------------------------------------------

[ more ]  [ reply ]
[slackware-security] bind (SSA:2016-271-01) 2016-09-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2016-271-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3680-1] bind9 security update 2016-09-27
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3680-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
September 27, 2016

[ more ]  [ reply ]
ESA-2016-127: EMC ViPR SRM Stored Cross-Site Scripting Vulnerability 2016-09-27
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

EMC Identifier: ESA-2016-127

CVE Identifier: CVE-2016-6647

Severity Rating: CVSS v3 Base Score: 7.6 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)

Affected products:

EMC ViPR SRM versions prior to 4.0.1

Summary:

EMC ViPR SRM 4.0.1 contains

[ more ]  [ reply ]
[SECURITY] [DSA 3679-1] jackrabbit security update 2016-09-27
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3679-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
September 27, 2016

[ more ]  [ reply ]
[security bulletin] HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons FileUpload, Remote Denial of Service (DoS) 2016-09-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052898
40

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05289840
Version: 1

HPSBHF03652 rev.1 - HPE iMC

[ more ]  [ reply ]
[security bulletin] HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple Remote Vulnerabilities 2016-09-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052899
35

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05289935
Version: 1

HPSBHF03654 rev.1 - HPE iMC

[ more ]  [ reply ]
[security bulletin] HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities 2016-09-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052899
84

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05289984
Version: 1

HPSBHF03655 rev.1 - HPE iMC

[ more ]  [ reply ]
[SECURITY] [DSA 3678-1] python-django security update 2016-09-26
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3678-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
September 26, 2016

[ more ]  [ reply ]
[slackware-security] openssl (SSA:2016-270-01) 2016-09-26
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2016-270-01)

New openssl packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl

[ more ]  [ reply ]
[security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS) 2016-09-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052788
82

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05278882
Version: 1

HPSBGN03648 rev.1 - HPE Load

[ more ]  [ reply ]
OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10) 2016-09-24
Ralf Spenneberg (info os-t de)
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
info (at) os-s (dot) net [email concealed]

OS-S Security Advisory 2016-19

Title: Epson WorkForce multi-function printers do not use signed
firmware images and allow unauthorized malicious firmware-updates
Authors: Yves-Noel Weweler <y.weweler (at) gmail (dot) com [email concealed]>, Ralf

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-267-01) 2016-09-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-267-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
(Page 16 of 524)  < Prev  11 12 13 14 15 16 17 18 19 20 21  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus