|
|
Colapse all |
Post message
APPLE-SA-2016-01-19-3 Safari 9.0.3 2016-01-19 Apple Product Security (product-security-noreply lists apple com) APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 2016-01-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 OS X El Capitan 10.11.3 and Security Update 2016-001 is now available and addresses the following: AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 to v10 [ more ] [ reply ] APPLE-SA-2016-01-19-1 iOS 9.2.1 2016-01-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-01-19-1 iOS 9.2.1 iOS 9.2.1 is now available and addresses the following: Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary [ more ] [ reply ] [security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS) 2016-01-19 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04945270 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04945270 Version: 1 HPSBGN03534 r [ more ] [ reply ] Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe 2016-01-19 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installers PANDAIS16.exe, PANDAAP16.exe, PANDAGL16.exe and PANDAGP16.exe available from <www.pandasecurity.com> load and execute (at least) UXTheme.dll, RichEd20.dll and RichEd32.dll from their "application directory". For software downloaded with a web browser the applicati [ more ] [ reply ] [CORE-2016-0001] - Intel Driver Update Utility MiTM 2016-01-19 CORE Advisories Team (advisories coresecurity com) 1. Advisory Information Title: Intel Driver Update Utility MiTM Advisory ID: CORE-2016-0001 Advisory URL: http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm Date published: 2016-01-19 Date of last update: 2016-01-14 Vendors contacted: Intel Release mode: Coordinated release 2. [ more ] [ reply ] Advanced Electron Forum v1.0.9 RFI / CSRF 2016-01-18 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AEF-RFI.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ================================ Advanced Electron Forum v1.0.9 (AEF) Exploit patched [ more ] [ reply ] Advanced Electron Forum v1.0.9 Persistent XSS 2016-01-18 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AEF-XSS.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 (AEF) Exploit patc [ more ] [ reply ] Advanced Electron Forum v1.0.9 CSRF 2016-01-18 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AEF-CSRF.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 (AEF) Exploit pat [ more ] [ reply ] [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-16 urikanonov gmail com Subject: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 Vulnerability Description ========================= The vulnerability allows disclosure of Data-at-Rest of Samsung KNOX 1.0 containers. KNOX container data is encrypted using eCryptFS containers. T [ more ] [ reply ] [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-16 urikanonov gmail com Subject: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 Vulnerability Description ========================= The vulnerability allows disclosure of Data-in-Motion of Samsung KNOX 1.0 containers. In KNOX 1.0.0 the applications inside the container us [ more ] [ reply ] [KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability 2016-01-15 Egidio Romano (research karmainsecurity com) --------------------------------------------------------------- CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability --------------------------------------------------------------- [-] Software Link: http://cakephp.org [-] Affected Versions: Version 3.2.0 RC1 and prior 3.x versions. [ more ] [ reply ] Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? 2016-01-15 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, in 2009/2010, after beeing hit by "carpet bombing" and "binary planting" alias "DLL hijacking/spoofing/preloading" (see <https://blogs.technet.com/b/srd/archive/2009/04/14/ms09-014-addressing- the-safari-carpet-bomb-vulnerability.aspx> and <https://technet.microsoft.com/en-us/library/2269637 [ more ] [ reply ] Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution 2016-01-15 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installers python-3.5.1-webinstall.exe and python-3.5.1.exe available on <https://www.python.org/downloads/windows/> load and execute multiple DLLs from their "application directory". For software downloaded with a web browser the application directory is typically the user [ more ] [ reply ] [slackware-security] openssh (SSA:2016-014-01) 2016-01-15 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssh (SSA:2016-014-01) New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-16:07.openssh 2016-01-15 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD bsnmpd information disclosure 2016-01-15 Pierre Kim (pierre kim sec gmail com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ## Advisory Information Title: FreeBSD bsnmpd information disclosure Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-5677-freebsd-bsnmpd.txt Blog URL: https://pierrekim.github.io/blog/2016-01-15-cve-2015-5677-freebsd-bsnmpd .html Date pu [ more ] [ reply ] Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability 2016-01-13 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability Advisory ID: cisco-sa-20160113-wlc Revision: 1.0 For Public Release 2016 January 13 16:00 GMT +------------------------------------------------------------- [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-16:05.tcp 2016-01-14 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-16:01.sctp 2016-01-14 FreeBSD Security Advisories (security-advisories freebsd org) Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability 2016-01-13 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability Advisory ID: cisco-sa-20160113-aironet Revision 1.0 For Public Release 2016 January 13 16:00 UTC (GMT) +--------------------------------------------------------------------- Sum [ more ] [ reply ] [slackware-security] dhcp (SSA:2016-012-01) 2016-01-13 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] dhcp (SSA:2016-012-01) New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patch [ more ] [ reply ] Remote Code Execution in Roundcube 2016-01-13 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23283 Product: Roundcube Vendor: Roundcube.net Vulnerable Version(s): 1.1.3 and probably prior Tested Version: 1.1.3 Advisory Publication: December 21, 2015 [without technical details] Vendor Notification: December 21, 2015 Vendor Patch: December 26, 2015 Public Disclosure: Janua [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-16:04.linux 2016-01-14 FreeBSD Security Advisories (security-advisories freebsd org) [security bulletin] HPSBUX03359 SSRT102094 rev.3 - HP-UX pppoec, local elevation of privilege 2016-01-13 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04718530 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04718530 Version: 3 HPSBUX03359 S [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-01-19-3 Safari 9.0.3
Safari 9.0.3 is now available and addresses the following:
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.2
Impact: Visiting a maliciously crafted website
[ more ] [ reply ]