|
|
Colapse all |
Post message
APPLE-SA-2016-07-18-6 iTunes 12.4.2 2016-07-19 Apple Product Security (product-security-noreply lists apple com) APPLE-SA-2016-07-18-5 Safari 9.1.2 2016-07-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-5 Safari 9.1.2 Safari 9.1.2 is now available and addresses the following: WebKit Available for: OS X El Capitan v10.11.6 Impact: Visiting a malicious website may disclose image data from another website Description: A timing i [ more ] [ reply ] APPLE-SA-2016-07-18-4 tvOS 9.2.2 2016-07-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-4 tvOS 9.2.2 tvOS 9.2.2 is now available and addresses the following: CoreGraphics Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue [ more ] [ reply ] APPLE-SA-2016-07-18-3 watchOS 2.2.2 2016-07-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-3 watchOS 2.2.2 watchOS 2.2.2 is now available and addresses the following: CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execut [ more ] [ reply ] APPLE-SA-2016-07-18-2 iOS 9.3.3 2016-07-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-2 iOS 9.3.3 iOS 9.3.3 is now available and addresses the following: Calendar Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted calendar invite may cause a [ more ] [ reply ] APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 2016-07-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following: apache_mod_php Available for: OS X Yosemite v10.10.5 and OS X El Capita [ more ] [ reply ] [SECURITY] [DSA 3622-1] python-django security update 2016-07-18 Salvatore Bonaccorso (carnil debian org) [CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking 2016-07-18 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, this is basically a followup to <http://seclists.org/oss-sec/2016/q1/58> CVE-2016-1281 is NOT FIXED! I've retested the current "VeraCrypt Setup 1.17.exe" on a fully patched Windows 7, and it is STILL (or AGAIN) vulnerable there. The following DLLs are loaded from the "application directo [ more ] [ reply ] [SECURITY] [DSA 3621-1] mysql-connector-java security update 2016-07-18 Salvatore Bonaccorso (carnil debian org) [Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon 2016-07-18 bashis (mcw noemail eu) #!/usr/bin/env python2.7 # # [SOF] # # [Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon # Research and development by bashis <mcw noemail eu> 2016 # # This format string vulnerability has following characteristic: # - Heap Based (Exploiting string locat [ more ] [ reply ] Multiple vulns in Vodafone EasyBox 804 2016-07-17 Tim Schughart (info prosec-networks com) Hi@all #### General Information ## Report history: Since 01.05. we have contacted the support of Vodafone 3 times. There has been no response until today. Toady we release the vulnerabilities in hope that Vodafone will react. ## Vendor Information: Vodafone is worldwide operating ISP. Quotation of [ more ] [ reply ] [security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-07-14 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05054565 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05054565 Version: 3 HPSBMU03562 r [ more ] [ reply ] [ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability 2016-07-14 ERPScan inc (erpscan online gmail com) Application: SAP NetWeaver Enqueue Server Versions Affected: SAP NetWeaver Enqueue Server 7.4 Vendor URL: http://SAP.com Bug: denial of service Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2258784 [ more ] [ reply ] [ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability 2016-07-14 ERPScan inc (erpscan online gmail com) Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: http://SAP.com Bug: XXE Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2254389 Author: Vahagn Vardanyan (ER [ more ] [ reply ] [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability 2016-07-14 ERPScan inc (erpscan online gmail com) Application: SAP xMII Versions Affected: SAP xMII 15 Vendor URL: http://SAP.com Bugs: XSS Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2201295 Author: Nursultan Abubakirov (ERPScan) , Vahagn Vardanyan ( [ more ] [ reply ] Cross-Site Scripting vulnerability in Google Forms WordPress Plugin 2016-07-13 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Google Forms WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------ [ more ] [ reply ] Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin 2016-07-13 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ---------------------------------------------------- [ more ] [ reply ] Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress 2016-07-13 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress ------------------------------------------------------------------------ Yorick Koster, July 2016 ---------------------------------------------- [ more ] [ reply ] Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin 2016-07-13 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability 2016-07-13 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability Advisory ID: cisco-sa-20160713-ncs6k Revision 1.0 For Public Release 2016 July 13 16:00 UTC (GMT) +------------------------------------------------- [ more ] [ reply ] Open-Xchange Security Advisory 2016-07-13 2016-07-13 Martin Heiland (martin heiland lists open-xchange com) Product: OX App Suite Vendor: OX Software GmbH Internal reference: 45796 / 45811 (Bug ID) Vulnerability type: Cross Site Scripting (CWE-80) Vulnerable version: 7.8.1 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.2-rev44, [ more ] [ reply ] missing input validation in pmount: arbitrary mount as non-root 2016-07-13 Imre RAD (imre rad search-lab hu) Summary: -------- pmount is a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry. Due to a missing input validation check local users could mount devices to arbitrary destinations and thus taking over the targeted syste [ more ] [ reply ] [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers 2016-07-12 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installers of Flash Player released 2016-06-15 fixed CVE-2016-1014 in the second attempt, but another vulnerability remained: they create(d) and use(d) UNSAFE temporary subdirectories into which they copy/ied themselves and extract(ed) a file "fpb.tmp" which they load(ed) and [ more ] [ reply ] Easy Forms for MailChimp Local File Inclusion vulnerability 2016-07-12 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Easy Forms for MailChimp Local File Inclusion vulnerability ------------------------------------------------------------------------ Yorick Koster, July 2016 -------------------------------------------------------------------- [ more ] [ reply ] WP Fastest Cache Member Local File Inclusion vulnerability 2016-07-12 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ WP Fastest Cache Member Local File Inclusion vulnerability ------------------------------------------------------------------------ Yorick Koster, July 2016 --------------------------------------------------------------------- [ more ] [ reply ] Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin 2016-07-12 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 --------------------------------------------------------- [ more ] [ reply ] Cross-Site Scripting vulnerability in Email Users WordPress Plugin 2016-07-12 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Email Users WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------- [ more ] [ reply ] Cross-Site Scripting vulnerability in Master Slider WordPress Plugin 2016-07-12 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Master Slider WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ----------------------------------------------------------- [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
APPLE-SA-2016-07-18-6 iTunes 12.4.2
iTunes 12.4.2 for Windows is now available and addresses the following:
libxml2
Impact: Multiple vulnerabilities in libxml2
Description: Multiple memory corruption issues were addressed
through improved memory h
[ more ] [ reply ]