|
|
Colapse all |
Post message
[slackware-security] libevent (SSA:2016-085-01) 2016-03-25 Slackware Security Team (security slackware com) [CVE-2016-2163] Stored Cross Site Scripting in Event description 2016-03-25 Maxim Solodovnik (solomax apache org) Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7 Description: When creating an event, it is possible to create clickable URL links in the event description. These links will be present inside the event details once a participant enters [ more ] [ reply ] [CVE-2016-2164] Arbitrary file read via SOAP API 2016-03-25 Maxim Solodovnik (solomax apache org) Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7 Description: When attempting to upload a file via the API using the importFileByInternalUserId or importFile methods in the FileService, it is possible to read arbitrary files from the s [ more ] [ reply ] [CVE-2016-0783] Predictable password reset token 2016-03-25 Maxim Solodovnik (solomax apache org) Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0 Description: The hash generated by the external password reset function is generated by concatenating the user name and the current system time, and then hashing it using MD5. This is hi [ more ] [ reply ] [security bulletin] HPSBGN03563 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Local Denial of Service (DoS), Disclosure of Information 2016-03-25 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05052990 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05052990 Version: 1 HPSBGN03563 r [ more ] [ reply ] [security bulletin] HPSBMU03562 rev.2 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-03-24 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05054565 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05054565 Version: 2 HPSBMU03562 r [ more ] [ reply ] [SYSS-2016-016] innovaphone IP222 - Improper Input Validation 2016-03-24 sven freund syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-016 Product: innovaphone IP222 Manufacturer: innovaphone AG Affected Version(s): 11r2 sr9 Tested Version(s): 11r2 sr9 Vulnerability Type: Improper Input Validation (CWE-20) Risk Level: High Solution Status: Fixed Manufacturer No [ more ] [ reply ] [SYSS-2016-018] innovaphone IP222 - Improper Restriction of Excessive Authentication Attempts 2016-03-24 sven freund syss de [SYSS-2016-017] innovaphone IP222 - Improper Input Validation 2016-03-24 sven freund syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-017 Product: innovaphone IP222 Manufacturer: innovaphone AG Affected Version(s): 11r2 sr9 Tested Version(s): 11r2 sr9 Vulnerability Type: Improper Input Validation (CWE-20) Risk Level: High Solution Status: Fixed Manufacturer No [ more ] [ reply ] XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section 2016-03-24 netizen01k gmail com * Exploit Title: XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section * Discovery Date: 2016/02/19 * Public Disclosure Date: 2016/03/24 * Exploit Author: Imran Khan * Contact: netizen01k [at] gmail.com * Vendor link: http://www.lithium.com/ * Te [ more ] [ reply ] Cisco Security Advisory: Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability 2016-03-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability Advisory ID: cisco-sa-20160323-l4f Revision 1.0 For Public Release 2016 March 23 16:00 GMT +--------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability 2016-03-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20160323-lisp Revision 1.0 For Public Release 2016 March 23 16:00 GMT +----------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability 2016-03-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability Advisory ID: cisco-sa-20160323-smi Revision 1.0 For Public Release 2016 March 23 16:00 GMT +----------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability 2016-03-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability Advisory ID: cisco-sa-20160323-ios-ikev2 Revision 1.0 For Public Release 2016 March 23 16:00 GMT +--------------- [ more ] [ reply ] Cisco Security Advisory: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability 2016-03-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability Advisory ID: cisco-sa-20160323-sip Revision 1.0 For Public Release 2016 March 23 16:00 GMT +---- [ more ] [ reply ] Cisco Security Advisory: Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability 2016-03-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability Advisory ID: cisco-sa-20160323-dhcpv6 Revision 1.0 For Public Release 2016 March 23 16:00 GMT +--------------------------------------------------- [ more ] [ reply ] Hardcoded root password in Zyxel MAX3XX series Wimax CPEs 2016-03-23 Gianni Carabelli (giannicarabelli gmail com) ######################################## #Vulnerability Title: Hardcoded root password in Zyxel MAX3XX series Wimax CPEs #Date: 23/03/2016 #Product: Zyxel MAX3XX series CPEs #Vendor: www.zyxel.com #Affected Firmware: Latest version at the time of disclosure v 2.00 and below (tested) #Patch: Unpatc [ more ] [ reply ] CA20160323-01: Security Notice for CA Single Sign-On Web Agents 2016-03-23 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CA20160323-01: Security Notice for CA Single Sign-On Web Agents Issued: March 23, 2016 Last Updated: March 23, 2016 CA Technologies Support is alerting customers to potential risks with CA Single Sign-On (CA SSO), formerly known as CA SiteMinder. Mi [ more ] [ reply ] CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for 'amqps' if SSL/TLS not supported 2016-03-23 Ken Giusti (kgiusti redhat com) Remote Code Execution in DVR affecting over 70 different vendors 2016-03-23 rotem kerner (nullfield gmail com) 0day exploit affecting CCTV DVR of over 70 different vendors. Attached is a link to the research containing the vulnerability description and a working exploit. In addition, It discuss the problem in performing responsible disclosure with white label products. Full research - http://www.kerneronsec [ more ] [ reply ] [RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2 2016-03-22 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Cross-site Scripting in Securimage 3.6.2 RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability in the Securimage CAPTCHA software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details ======= Product: Securimage Affected Versions: >= [ more ] [ reply ] APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 2016-03-22 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following: apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 [ more ] [ reply ] APPLE-SA-2016-03-21-6 Safari 9.1 2016-03-22 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-6 Safari 9.1 Safari 9.1 is now available and addresses the following: libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead [ more ] [ reply ] APPLE-SA-2016-03-21-3 tvOS 9.2 2016-03-22 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-3 tvOS 9.2 tvOS 9.2 is now available and addresses the following: FontParser Available for: Apple TV (4th generation) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] libevent (SSA:2016-085-01)
New libevent packages are available for Slackware 14.1 and -current to
fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/libeve
[ more ] [ reply ]