Mail Thread Index

• Date Index

• [security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access, security-alert
• [FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues, FOXMOLE Advisories
• [security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution, security-alert
• [security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege, security-alert
• [security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection, security-alert
• [slackware-security] mozilla-firefox (SSA:2016-336-01), Slackware Security Team
• Microsoft Windows Media Center "ehshell.exe" XML External Entity, apparitionsec
• Microsoft MSINFO32.EXE ".NFO" Files XML External Entity, apparitionsec
• CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used, Eissing Stefan
• Re: CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption, Berend-Jan Wever
• CVE-2015-1730: MSIE jscript9 Java­Script­Stack­Walker memory corruption details and PoC, Berend-Jan Wever
• [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security, ESNC Security
• Microsoft Remote Desktop Client for Mac Remote Code Execution, Filippo Cavallarin
• [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information, security-alert
• CVE-2013-1306: MSIE 9 MSHTML CDisp­Node::Insert­Sibling­Node use-after-free details, Berend-Jan Wever
• AST-2016-008: Crash on SDP offer or answer from endpoint using Opus, Asterisk Security Team
• AST-2016-009: <br>, Asterisk Security Team
• Symantec VIP Access Desktop Arbitrary DLL Execution, apparitionsec
• MSIE 9 MSHTML CElement::Has­Flag memory corruption, Berend-Jan Wever
• [SECURITY] [DSA 3730-1] icedove security update, Salvatore Bonaccorso
• [SECURITY] CVE-2016-8745 Apache Tomcat Information Disclosure, Mark Thomas
• APPLE-SA-2016-12-12-1 iOS 10.2, Apple Product Security
• APPLE-SA-2016-12-12-3 tvOS 10.1, Apple Product Security
• APPLE-SA-2016-12-12-2 watchOS 3.1.1, Apple Product Security
• Apple iOS/tvOS/watchOS Remote memory corruption through certificate, submit
• [slackware-security] php (SSA:2016-347-03), Slackware Security Team
• [slackware-security] kernel (SSA:2016-347-01), Slackware Security Team
• APPLE-SA-2016-12-13-3 iTunes 12.5.4, Apple Product Security
• APPLE-SA-2016-12-13-2 Safari 10.0.2, Apple Product Security
• APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2, Apple Product Security
• APPLE-SA-2016-12-13-8 Transporter 1.9.2, Apple Product Security
• APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1, Apple Product Security
• MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free, Berend-Jan Wever
• [slackware-security] mozilla-firefox (SSA:2016-348-01), Slackware Security Team
• CVE-2013-3143: MSIE 9 IEFRAME CMarkup..Remove­Pointer­Pos use-after-free, Berend-Jan Wever
• Secunia Research: Microsoft Windows Type 1 Font Processing Vulnerability, Secunia Research
• Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability, hyp3rlinx
• Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565], Dawid Golunski
• MSIE 9 IEFRAME CMarkup­Pointer::Move­To­Gap use-after-free, Berend-Jan Wever
• CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free, Berend-Jan Wever
• CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom, unlimitsec
• [SECURITY] [DSA 3736-1] libupnp security update, Sebastien Delafond
• [security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities, security-alert
• Samsung DVR credentials encoded in base64 in cookie header, Jacobo Avariento
• [SECURITY] [DSA 3738-1] tomcat7 security update, Sebastien Delafond
• [SYSS-2016-115] Cisco Expressway: Security Bypass Vulnerability (CWE-20), Micha Borrmann
• CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free, Berend-Jan Wever
• [SECURITY] [DSA 3743-1] python-bottle security update, Sebastien Delafond
• ASP.NET Core 5-RC1 HTTP Header Injection, Advisories
• [SECURITY] [DSA 3732-2] php-ssh2 regression update, Sebastien Delafond
• CVE-2014-4138: MSIE 11 MSHTML CPaste­Command::Convert­Bitmapto­Png heap-based buffer overflow, Berend-Jan Wever
• FreeBSD Security Advisory FreeBSD-SA-16:39.ntp, FreeBSD Security Advisories
• [SECURITY] [DSA 3744-1] libxml2 security update, Salvatore Bonaccorso
• XAMPP Control Panel Memory Corruption Denial Of Service, HYP3RLINX
• [slackware-security] httpd (SSA:2016-358-01), Slackware Security Team
• [slackware-security] openssh (SSA:2016-358-02), Slackware Security Team
• [slackware-security] expat (SSA:2016-359-01), Slackware Security Team
• [SECURITY] [DSA 3746-1] graphicsmagick security update, Luciano Bello
• PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033], Dawid Golunski
• PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch), Dawid Golunski
• [CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage, Oleksandr Rudyy