|
|
Colapse all |
Post message
[CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow 2016-03-16 CORE Advisories Team (advisories coresecurity com) (1 replies) Re: [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow 2016-03-16 jungle Boogie (jungleboogie0 gmail com) [security bulletin] HPSBGN03558 rev.1 - ArcSight ESM and ESM Express, Remote Disclosure of Sensitive Information 2016-03-16 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05048753 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05048753 Version: 1 HPSBGN03558 r [ more ] [ reply ] Reflected Cross-Site Scripting (XSS) Vulnerability in Litecart CMS 2016-03-16 rsrathoreravi gmail com Product: Litecart CMS Vendor: Litecart Vendor Homepage: https://www.litecart.net/ Vulnerable Versions: 1.3.4 and probably prior Tested Version: 1.3.4 Issue Reported: Feb 24, 2016 Vendor Fix: Feb 28, 2016 Public Disclosure: June 25, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] Risk Level: M [ more ] [ reply ] [slackware-security] seamonkey (SSA:2016-075-02) 2016-03-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2016-075-02) New seamonkey packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/seam [ more ] [ reply ] [slackware-security] git (SSA:2016-075-01) 2016-03-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] git (SSA:2016-075-01) New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches [ more ] [ reply ] [ANNOUNCE][CVE-2016-0779] Apache TomEE 1.7.4 and 7.0.0-M3 releases 2016-03-15 Romain Manni-Bucau (rmannibucau apache org) The Apache Team Team is pleased to announce the availability of: Apache TomEE 7.0.0-M3 and 1.7.4 When downloading, please verify signatures using the KEYS file available at: http://www.apache.org/dist/tomee Maven artifacts are also available in the central Maven repository. The releases are prim [ more ] [ reply ] Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing 2016-03-15 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, this multipart post does not require a MIME-compliant MUA.-) Part 0: ~~~~~~~ On Windows 7 (other versions of Windows not tested for this vulnerability, but are likely vulnerable too) all executable installers/self-extractors based on Microsoft's SFXCAB [*] load and execute a rogue CryptDl [ more ] [ reply ] [security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution 2016-03-15 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05048452 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05048452 Version: 1 HPSBGN03556 r [ more ] [ reply ] Re: oss-2016-15: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) 2016-03-15 vdronov redhat com Re: oss-2016-13: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver) 2016-03-15 vdronov redhat com Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver) 2016-03-15 vdronov redhat com Re: oss-2016-17: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver) 2016-03-15 vdronov redhat com [security bulletin] HPSBMU03377 rev.2 - HP Release Control running RC4, Remote Disclosure of Information 2016-03-14 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04743784 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04743784 Version: 2 HPSBMU03377 r [ more ] [ reply ] [security bulletin] HPSBGN03373 rev.2 - HP Release Control running TLS, Remote Disclosure of Information 2016-03-14 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04740527 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04740527 Version: 2 HPSBGN03373 r [ more ] [ reply ] Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability 2016-03-14 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1781 Release Date: ============= 2016-03-07 Vulnerability Laboratory ID (VL-ID): ================================= [ more ] [ reply ] Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability 2016-03-14 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1781 Release Date: ============= 2016-03-14 Vulnerability Laboratory ID (VL-ID): ========================== [ more ] [ reply ] ChitaSoft (Web-Application) - SQL Injection Vulnerability 2016-03-14 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== ChitaSoft (Web-Application) - SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1782 Release Date: ============= 2016-03-14 Vulnerability Laboratory ID (VL-ID): ============================ [ more ] [ reply ] Reflected Cross-Site Scripiting in CuteEditor 2016-03-14 adrmm outlook com # Exploit Title: Reflected Cross-Site Scripiting in CuteEditor # Google Dork: inurl:/CuteSoft_Client/CuteEditor/ Template.aspx # Date: 2016/03/14 # CVSS Score: 5.8 # CVSS v2 Vector (AV:N/AC:M/Au:N/C:P/I:P/A:N) # CVSS https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au: N/C:P/I:N/A [ more ] [ reply ] ESA-2016-012: EMC Documentum xCP ? User Information Disclosure Vulnerability 2016-03-14 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-012: EMC Documentum xCP ? User Information Disclosure Vulnerability EMC Identifier: ESA-2016-012 CVE Identifier: CVE-2016-0886 Severity Rating: CVSS v3 Base Score: 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) Affected products: ? E [ more ] [ reply ] Re: oss-2016-17: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver) 2016-03-14 amaris redhat com Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver) 2016-03-14 amaris redhat com Re: oss-2016-15: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) 2016-03-14 amaris redhat com |
|
Privacy Statement |
Title: FreeBSD Kernel amd64_set_ldt Heap Overflow
Advisory ID: CORE-2016-0005
Advisory URL: http://www.coresecurity.com/content/freebsd-kernel-amd64_set_ldt-heap-ov
erflow
Date published: 2016-03-16
Date of last update: 2016-03-14
Vendors contacted: FreeBSD
Release mode: Coor
[ more ] [ reply ]