Mail Index

• Thread Index

• [security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access
  • From: security-alert
• [FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues
  • From: FOXMOLE Advisories
• [security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution
  • From: security-alert
• [security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege
  • From: security-alert
• [security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection
  • From: security-alert
• [slackware-security] mozilla-firefox (SSA:2016-336-01)
  • From: Slackware Security Team
• Microsoft Windows Media Center "ehshell.exe" XML External Entity
  • From: apparitionsec
• Microsoft MSINFO32.EXE ".NFO" Files XML External Entity
  • From: apparitionsec
• CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used
  • From: Eissing Stefan
• Re: CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption
  • From: Berend-Jan Wever
• CVE-2015-1730: MSIE jscript9 Java­Script­Stack­Walker memory corruption details and PoC
  • From: Berend-Jan Wever
• [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security
  • From: ESNC Security
• Microsoft Remote Desktop Client for Mac Remote Code Execution
  • From: Filippo Cavallarin
• [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information
  • From: security-alert
• CVE-2013-1306: MSIE 9 MSHTML CDisp­Node::Insert­Sibling­Node use-after-free details
  • From: Berend-Jan Wever
• AST-2016-008: Crash on SDP offer or answer from endpoint using Opus
  • From: Asterisk Security Team
• AST-2016-009: <br>
  • From: Asterisk Security Team
• Symantec VIP Access Desktop Arbitrary DLL Execution
  • From: apparitionsec
• MSIE 9 MSHTML CElement::Has­Flag memory corruption
  • From: Berend-Jan Wever
• [SECURITY] [DSA 3730-1] icedove security update
  • From: Salvatore Bonaccorso
• [SECURITY] CVE-2016-8745 Apache Tomcat Information Disclosure
  • From: Mark Thomas
• APPLE-SA-2016-12-12-1 iOS 10.2
  • From: Apple Product Security
• APPLE-SA-2016-12-12-3 tvOS 10.1
  • From: Apple Product Security
• APPLE-SA-2016-12-12-2 watchOS 3.1.1
  • From: Apple Product Security
• Apple iOS/tvOS/watchOS Remote memory corruption through certificate
  • From: submit
• [slackware-security] php (SSA:2016-347-03)
  • From: Slackware Security Team
• [slackware-security] kernel (SSA:2016-347-01)
  • From: Slackware Security Team
• APPLE-SA-2016-12-13-3 iTunes 12.5.4
  • From: Apple Product Security
• APPLE-SA-2016-12-13-2 Safari 10.0.2
  • From: Apple Product Security
• APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2
  • From: Apple Product Security
• APPLE-SA-2016-12-13-8 Transporter 1.9.2
  • From: Apple Product Security
• APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1
  • From: Apple Product Security
• MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free
  • From: Berend-Jan Wever
• [slackware-security] mozilla-firefox (SSA:2016-348-01)
  • From: Slackware Security Team
• CVE-2013-3143: MSIE 9 IEFRAME CMarkup..Remove­Pointer­Pos use-after-free
  • From: Berend-Jan Wever
• Secunia Research: Microsoft Windows Type 1 Font Processing Vulnerability
  • From: Secunia Research
• Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability
  • From: hyp3rlinx
• Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]
  • From: Dawid Golunski
• MSIE 9 IEFRAME CMarkup­Pointer::Move­To­Gap use-after-free
  • From: Berend-Jan Wever
• CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free
  • From: Berend-Jan Wever
• CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom
  • From: unlimitsec
• [SECURITY] [DSA 3736-1] libupnp security update
  • From: Sebastien Delafond
• [security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities
  • From: security-alert
• Samsung DVR credentials encoded in base64 in cookie header
  • From: Jacobo Avariento
• [SECURITY] [DSA 3738-1] tomcat7 security update
  • From: Sebastien Delafond
• [SYSS-2016-115] Cisco Expressway: Security Bypass Vulnerability (CWE-20)
  • From: Micha Borrmann
• CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free
  • From: Berend-Jan Wever
• [SECURITY] [DSA 3743-1] python-bottle security update
  • From: Sebastien Delafond
• ASP.NET Core 5-RC1 HTTP Header Injection
  • From: Advisories
• [SECURITY] [DSA 3732-2] php-ssh2 regression update
  • From: Sebastien Delafond
• CVE-2014-4138: MSIE 11 MSHTML CPaste­Command::Convert­Bitmapto­Png heap-based buffer overflow
  • From: Berend-Jan Wever
• FreeBSD Security Advisory FreeBSD-SA-16:39.ntp
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 3744-1] libxml2 security update
  • From: Salvatore Bonaccorso
• XAMPP Control Panel Memory Corruption Denial Of Service
  • From: HYP3RLINX
• [slackware-security] httpd (SSA:2016-358-01)
  • From: Slackware Security Team
• [slackware-security] openssh (SSA:2016-358-02)
  • From: Slackware Security Team
• [slackware-security] expat (SSA:2016-359-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3746-1] graphicsmagick security update
  • From: Luciano Bello
• PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]
  • From: Dawid Golunski
• PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)
  • From: Dawid Golunski
• [CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage
  • From: Oleksandr Rudyy