|
|
Colapse all |
Post message
Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability 2016-09-29 Mike Kienenberger (mkienenb gmail com) Persistent XSS in Abus Security Center - CVSS 8.0 2016-09-29 Tim Schughart (t schughart prosec-networks com) Hi@all, Product: Abus Security Cams Vendor:Abus Group Internal reference: - Vulnerability type: Cross Site Scripting Vulnerable version: 0101a and possible other versions affected (not tested) Vulnerable component: FTP Report confidence: Confirmed Solution status: Not fixed by Vendor, will n [ more ] [ reply ] [security bulletin] HPSBGN03650 rev.1 - HPE Network Automation Software, Local Arbitrary File Modification 2016-09-29 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052817 39 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05281739 Version: 1 HPSBGN03650 rev.1 - HPE Netw [ more ] [ reply ] Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability 2016-09-28 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability Advisory ID: cisco-sa-20160928-smi Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +---------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities 2016-09-28 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities Advisory ID: cisco-sa-20160928-msdp Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +--------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability 2016-09-28 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-ios-ikev1 Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +-------- [ more ] [ reply ] Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability 2016-09-28 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-esp-nat Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------ [ more ] [ reply ] Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability 2016-09-28 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-cip Revison: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability 2016-09-28 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-aaados Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +----------------------------------------------- [ more ] [ reply ] [REVIVE-SA-2016-002] Revive Adserver - Multiple vulnerabilities 2016-09-28 Matteo Beccati (matteo beccati com) Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...) 2016-09-28 Pierre Kim (pierre kim sec gmail com) Hello, Please find a text-only version below sent to security mailing lists. The complete version on analysing the security in Dlink 932B LTE routers is posted here: https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-v ulnerabilities.html === text-version of the advisory w [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 2016-09-27 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 Advisory ID: cisco-sa-20160927-openssl Revision: 1.0 For Public Release 2016 September 27 22:40 UTC (GMT) +---------------------------------------------------------------- [ more ] [ reply ] [slackware-security] bind (SSA:2016-271-01) 2016-09-27 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2016-271-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +-------------------------- [ more ] [ reply ] ESA-2016-127: EMC ViPR SRM Stored Cross-Site Scripting Vulnerability 2016-09-27 EMC Product Security Response Center (Security_Alert emc com) [security bulletin] HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons FileUpload, Remote Denial of Service (DoS) 2016-09-26 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052898 40 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05289840 Version: 1 HPSBHF03652 rev.1 - HPE iMC [ more ] [ reply ] [security bulletin] HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple Remote Vulnerabilities 2016-09-26 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052899 35 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05289935 Version: 1 HPSBHF03654 rev.1 - HPE iMC [ more ] [ reply ] [security bulletin] HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities 2016-09-26 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052899 84 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05289984 Version: 1 HPSBHF03655 rev.1 - HPE iMC [ more ] [ reply ] [slackware-security] openssl (SSA:2016-270-01) 2016-09-26 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2016-270-01) New openssl packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl [ more ] [ reply ] [security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS) 2016-09-26 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052788 82 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05278882 Version: 1 HPSBGN03648 rev.1 - HPE Load [ more ] [ reply ] OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10) 2016-09-24 Ralf Spenneberg (info os-t de) OpenSource Security Ralf Spenneberg Am Bahnhof 3-5 48565 Steinfurt info (at) os-s (dot) net [email concealed] OS-S Security Advisory 2016-19 Title: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates Authors: Yves-Noel Weweler <y.weweler (at) gmail (dot) com [email concealed]>, Ralf [ more ] [ reply ] [slackware-security] php (SSA:2016-267-01) 2016-09-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2016-267-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php [ more ] [ reply ] ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability 2016-09-23 EMC Product Security Response Center (Security_Alert emc com) Recon Europe 2017 Call For Papers - January 27 - 29, 2017 - Brussels, Belgium 2016-09-22 cfpbrussels2017 recon cx Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK 2016-09-22 Jamie R (jamie riden gmail com) BT Wifi Extenders - 300, 600 and 1200 models - Cross Site Scripting leading to disclosure of PSK. A firmware update is required to resolve this issue. The essential problem is that if you hit the following URL on your wifi extender, it will pop up a whole load of private data, including your PSK. [ more ] [ reply ] IE11 is not following CORS specification for local files 2016-09-22 Ricardo Iramar dos Santos (riramar gmail com) IE11 is not following CORS specification for local files like Chrome and Firefox. I've contacted Microsoft and they say this is not a security issue so I'm sharing it. From my tests IE11 is not following CORS specifications for local files as supposed to be. In order to prove I've created a maliciou [ more ] [ reply ] |
|
Privacy Statement |
during message composition and is not part of the CVE. This line can
make it sound as if CVE-2016-5019 is only an information disclosure
vulnerability rather than a deserialization attack vector. I
apologize for the confusion.
O
[ more ] [ reply ]