Apple Security Advisory 2016-03-21-2 - watchOS 2.2 is now available and addresses memory corruption, code execution, and various other vulnerabilities.
e000b4344c6260c49d4654cae8607aac1e384c8404017451ab845c90b408cea7
Apple Security Advisory 2016-03-21-1 - iOS 9.3 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
d014002b8661b674441b269148e4a0b977e33ca0eab871429b9557c64d61cff3
There is an apparent use-after-free in Adobe Flash video decoding, which can be manifesting by running a specific SWF file.
723433120939057b04d68a11edd9e1ad87990051b590609ba3cc7d93f7fbcb70
Red Hat Security Advisory 2016-0466-01 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.
93381a3609cbd40ea19fd90f3d6532393c3c33d49bf30bab516193963789fd55
Red Hat Security Advisory 2016-0465-01 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.
ec747fbcdba74a44a4ea458f9664256110da65f71f30774569e157e19509d8de
Ubuntu Security Notice 2938-1 - Lael Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git.
d4a0d948833adb3e11088215135e259147bc0b69370d9650067ca30edb3e8b2c
HP Security Bulletin HPSBMU03562 1 - A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Service Manager. The vulnerability could be exploited remotely to allow code execution. Revision 1 of this advisory.
a1c6b05d91e43e9dc01451c2fb600f54a3523e810077b08aec7f60a544b9b1d8
Ubuntu Security Notice 2937-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
9e8b68079ff3270e979de901c8faf5bdecbde047aa6e873a355a2b80f1b1099e
HP Security Bulletin HPSBGN03560 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HP Operations Orchestration. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
dabf88562c3d568574f16c9869668dd905462c090a231336b8ec7d56f2e5c20a
HP Security Bulletin HPSBGN03551 1 - HPE Helion Development Platform has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.
6a5c6e511c9ded81cb50fa7de880a49ca9815f8fa2566a142a513c72014743b9
Debian Linux Security Advisory 3524-1 - It was discovered that the ActiveMQ Java message broker performs unsafe deserialisation.
026b81c4d359d32407cfe76c07ba260baa12c3e323b769a5d33716a3084332f1
Debian Linux Security Advisory 3523-1 - This update disables the Graphite font shaping library in Iceweasel, Debian's version of the Mozilla Firefox web browser.
9f095db66403e6e64901b6b96e7c04301c954031a92adbe3c56644313c733be4
Debian Linux Security Advisory 3522-1 - Alex Rousskov from The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not properly handle errors for certain malformed HTTP responses. A remote HTTP server can exploit this flaw to cause a denial of service (assertion failure and daemon exit).
58240e40d13b60c6570f863ede1323dd5c628f7d8e2318d7a363cb0785cd9fc2
Gentoo Linux Security Advisory 201603-15 - Multiple vulnerabilities have been found in OpenSSL, the worst allowing remote attackers to decrypt TLS sessions. Versions less than 1.0.2g-r2 are affected.
6f0722d9e284f07b269abf7998e9e52da12fdf8dcb8e32ab4f709a7b253f0481
AsusTEK asio.sys driver accepts IOCTLs that allow the user to freely manipulate MSRs.
325593d3acbc08d615dd99f440693508f61114fcd70ff4a0997008168a95e16c
Netgear DGNv2200 suffers from authentication bypass, memory corruption, and cross site request forgery vulnerabilities.
296e35b157692cccfcf1d5b18bf0d85519166c302d3e42c4cbe9e05b4677ee2b
Debian Linux Security Advisory 3521-1 - Lael Cellier discovered two buffer overflow vulnerabilities in git, a fast, scalable, distributed revision control system, which could be exploited for remote execution of arbitrary code.
46ec78cd04db91be6d28705ff766c6c3e38dbbceacb349ca0705d85b151da1e9
HP Security Bulletin HPSBGN03438 1 - A potential security vulnerability has been identified in HP Support Assistant. This vulnerability could be exploited locally to allow authentication bypass. Revision 1 of this advisory.
07400e92384da3334d67e6a03571dee46f89f2e7c29f2288543dfcec99f778ac
Debian Linux Security Advisory 3520-1 - Multiple security issues have been found in Icedove, Debian's version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.
53de96b333ff377c5997fb4d7b6d5264d5653d98b5c2d56677ffc75f61f65361
A certain remote message parsing function inside the Dameware Mini Remote Control service does not properly validate the input size of an incoming string before passing it to wsprintfw. As a result, a specially crafted message can overflow into the bordering format field and subsequently overflow the stack frame. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the dwmrcs daemon.
390aaf7607e85e8afb085d15df6d452b7949bc6e25747b8967ebc5477a0bd05b
XOOPS version 2.5.7.2 uses weak one way hash crypto MD5 along with unsalted passwords stored in the database.
5671c965146caf650a197ba8bd998b42a8f8678ee755c3c18fe39b0d594be1f2
Grandstream VoIP products deploy a remote provisioning mechanism that allows to automatically set configuration elements on app startup. By default, an insecure connection to `fm.grandstream.com` is used to obtain the provisioning profile. However, even if an HTTPS URL is configured, the certificate is not validated, allowing an active attacker to successfully impersonate the provisioning server with an invalid, mismatching or outdated certificate.
e07ded7e5b842693413e62a615f10b879e181af670786c29c60e322c6aec3f73
Ubuntu Security Notice 2935-3 - USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. Various other issues were also addressed.
3e9933c3392df31758f731285c88184afdd9639579d77bb96ea3bdb624d50473
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
485b9171a90d97d3535702a0ede0b959ebbd40967e2461c3bd36d33eeda6ebd6
Debian Linux Security Advisory 3519-1 - Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure.
83c773cd1a9d89c83c1cadc236dc7ddc69687ff0afc1fa763fc23b17d53cd00c