|
|
Colapse all |
Post message
APPLE-SA-2016-03-21-7 OS X Server 5.1 2016-03-22 Apple Product Security (product-security-noreply lists apple com) APPLE-SA-2016-03-21-4 Xcode 7.3 2016-03-22 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-4 Xcode 7.3 Xcode 7.3 is now available and addresses the following: otool Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execut [ more ] [ reply ] APPLE-SA-2016-03-21-2 watchOS 2.2 2016-03-22 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-2 watchOS 2.2 watchOS 2.2 is now available and addresses the following: Disk Images Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitr [ more ] [ reply ] APPLE-SA-2016-03-21-1 iOS 9.3 2016-03-22 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-1 iOS 9.3 iOS 9.3 is now available and addresses the following: AppleUSBNetworking Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitr [ more ] [ reply ] [security bulletin] HPSBMU03562 rev.1 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-03-21 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05054565 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05054565 Version: 1 HPSBMU03562 r [ more ] [ reply ] [security bulletin] HPSBGN03560 rev.1 - HP Operations Orchestration using Java Deserialization, Remote Arbitrary Code Execution 2016-03-21 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05050545 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05050545 Version: 1 HPSBGN03560 r [ more ] [ reply ] [security bulletin] HPSBGN03551 rev.1 - HPE Helion Development Platform using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-03-21 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05053211 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05053211 Version: 1 HPSBGN03551 r [ more ] [ reply ] AbsoluteTelnet 10.14 DLL Hijack Code Exec 2016-03-21 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ABSOLUTETELNET-DLL-HIJACK.txt Vendor: ========================== www.celestialsoftware.net Product: ===================== AbsoluteTelnet 10.14 AbsoluteTelnet / SSH is a telne [ more ] [ reply ] [security bulletin] HPSBGN03438 rev.1 - HP Support Assistant, Local Authentication Bypass 2016-03-19 HP Security Alert (hp-security-alert hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0503167 4 HPSBGN03438 rev.1 - HP Support Assistant, Local Authentication Bypass SUPPORT COMMUNICATION - SECURITY B [ more ] [ reply ] SQL Injection and RCE in WebsiteBaker 2016-03-18 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23296 Product: WebsiteBaker Vendor: WebsiteBaker Org e.V. Vulnerable Version(s): 2.8.3-SP5 and probably prior Tested Version: 2.8.3-SP5 Advisory Publication: February 24, 2016 [without technical details] Vendor Notification: February 24, 2016 Vendor Patch: February 26, 2016 Publi [ more ] [ reply ] Admin Password Reset & RCE via CSRF in Dating Pro 2016-03-18 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23294 Product: Dating Pro Vendor: DatingPro Vulnerable Version(s): Genie (2015.7) and probably prior Tested Version: Genie (2015.7) Advisory Publication: February 10, 2016 [without technical details] Vendor Notification: February 10, 2016 Vendor Patch: February 29, 2016 Public Di [ more ] [ reply ] Remote Code Execution via CSRF in iTop 2016-03-18 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23293 Product: iTop Vendor: Combodo Vulnerable Version(s): 2.2.1 and probably prior Tested Version: 2.2.1 Advisory Publication: February 10, 2016 [without technical details] Vendor Notification: February 10, 2016 Vendor Patch: February 11, 2016 Public Disclosure: March 18, 2016 [ more ] [ reply ] Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished á´?á´ á´?-2016-2324 and á´?á´ á´?â??2016â??2315) 2016-03-18 Laël Cellier (lael cellier laposte net) Oh?????????? Big mistake. I might advertised too soon. I saw changes were pushed in master, so I thought the next version (which was 2.7.1) would be the one which will include the fix. But as pointed out on https://security-tracker.debian.org/tracker/CVE-2016-2324 no versions including the fixes [ more ] [ reply ] Xoops 2.5.7.2 Directory Traversal Bypass 2016-03-18 hyp3rlinx lycos com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-DIRECTORY-TRAVERSAL.txt Vendor: ============= xoops.org Product: ================ Xoops 2.5.7.2 Vulnerability Type: =========================== Directo [ more ] [ reply ] Xoops 2.5.7.2 CSRF - Arbitrary User Deletions 2016-03-18 hyp3rlinx lycos com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-CSRF.txt Vendor: ============= xoops.org Product: ================ Xoops 2.5.7.2 Vulnerability Type: =================================== CSRF - Arbitra [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2016-077-01) 2016-03-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2016-077-01) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [CVE-2016-2345] Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability 2016-03-17 contact securifera com Document Title: =============== Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability References (Source): ==================== http://www.kb.cert.org/vuls/id/897144 https://www.securifera.com/advisories/cve-2016-2345 http://www.dameware.com/products/mini-remote-control/produc [ more ] [ reply ] Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting 2016-03-17 Derek Mahar (derek mahar gmail com) The security advisory announcement claims that ActiveMQ 5.13.1 and older versions are affected and that ActiveMQ 5.13.2 fixes the issues. On 10 March 2016 at 07:45, Christopher Shannon <christopher.l.shannon (at) gmail (dot) com [email concealed]> wrote: > There following security vulnerability was reported against Apache > Ac [ more ] [ reply ] CVE-2016-1520: GrandStream Android VoIP App Update Redirection 2016-03-17 Georg Lukas (lukas rt-solutions de) CVE-2016-1520: GrandStream Android VoIP App Update Redirection ============================================================== Affected app: [Grandstream Wave][GSWAVE] version 1.0.1.26 (and probably earlier) Classification: * [CWE-300 Channel Accessible by Non-Endpoint][CWE300] * [CWE-319 Cleart [ more ] [ reply ] CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability 2016-03-17 Georg Lukas (lukas rt-solutions de) CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability ================================================================== Affected app: [Grandstream Wave][GSWAVE] version 1.0.1.26 (and probably earlier) Classification: [CWE-295 Improper Certificate Validation][CWE295] ## Summary The [ more ] [ reply ] CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability 2016-03-17 Georg Lukas (lukas rt-solutions de) CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability ======================================================================== ==== == Affected app: [Grandstream Wave][GSWAVE] version 1.0.1.26 (and probably earlier) Affected device: [Grandstream GXV3275][GXV3275] Android de [ more ] [ reply ] Multiple (persistent) XSS in ProjectSend 2016-03-17 mail michaelhelwig de * Exploit Title: Multiple (persistent) XSS in ProjectSend * Discovery Date: 2016/02/19 * Public Disclosure Date: 2016/03/17 * Exploit Author: Michael Helwig * Contact: https://twitter.com/c0dmtr1x * Project Homepage: http://www.projectsend.org/ * Software Link: http://www.projectsend.org/download/1 [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch 2016-03-16 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-16:14.openssh 2016-03-16 FreeBSD Security Advisories (security-advisories freebsd org) |
|
Privacy Statement |
Hash: SHA512
APPLE-SA-2016-03-21-7 OS X Server 5.1
OS X Server 5.1 is now available and addresses the following:
Server App
Available for: OS X Yosemite v10.10.5 and later
Impact: An administrator may unknowingly store backups on a volume
without permissions e
[ more ] [ reply ]