Apple Security Advisory 2016-03-21-2 - watchOS 2.2 is now available and addresses memory corruption, code execution, and various other vulnerabilities.
e000b4344c6260c49d4654cae8607aac1e384c8404017451ab845c90b408cea7Apple Security Advisory 2016-03-21-1 - iOS 9.3 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
d014002b8661b674441b269148e4a0b977e33ca0eab871429b9557c64d61cff3There is an apparent use-after-free in Adobe Flash video decoding, which can be manifesting by running a specific SWF file.
723433120939057b04d68a11edd9e1ad87990051b590609ba3cc7d93f7fbcb70Red Hat Security Advisory 2016-0466-01 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.
93381a3609cbd40ea19fd90f3d6532393c3c33d49bf30bab516193963789fd55Red Hat Security Advisory 2016-0465-01 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.
ec747fbcdba74a44a4ea458f9664256110da65f71f30774569e157e19509d8deUbuntu Security Notice 2938-1 - Lael Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git.
d4a0d948833adb3e11088215135e259147bc0b69370d9650067ca30edb3e8b2cHP Security Bulletin HPSBMU03562 1 - A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Service Manager. The vulnerability could be exploited remotely to allow code execution. Revision 1 of this advisory.
a1c6b05d91e43e9dc01451c2fb600f54a3523e810077b08aec7f60a544b9b1d8Ubuntu Security Notice 2937-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
9e8b68079ff3270e979de901c8faf5bdecbde047aa6e873a355a2b80f1b1099eHP Security Bulletin HPSBGN03560 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HP Operations Orchestration. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
dabf88562c3d568574f16c9869668dd905462c090a231336b8ec7d56f2e5c20aHP Security Bulletin HPSBGN03551 1 - HPE Helion Development Platform has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.
6a5c6e511c9ded81cb50fa7de880a49ca9815f8fa2566a142a513c72014743b9Debian Linux Security Advisory 3524-1 - It was discovered that the ActiveMQ Java message broker performs unsafe deserialisation.
026b81c4d359d32407cfe76c07ba260baa12c3e323b769a5d33716a3084332f1Debian Linux Security Advisory 3523-1 - This update disables the Graphite font shaping library in Iceweasel, Debian's version of the Mozilla Firefox web browser.
9f095db66403e6e64901b6b96e7c04301c954031a92adbe3c56644313c733be4Debian Linux Security Advisory 3522-1 - Alex Rousskov from The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not properly handle errors for certain malformed HTTP responses. A remote HTTP server can exploit this flaw to cause a denial of service (assertion failure and daemon exit).
58240e40d13b60c6570f863ede1323dd5c628f7d8e2318d7a363cb0785cd9fc2Gentoo Linux Security Advisory 201603-15 - Multiple vulnerabilities have been found in OpenSSL, the worst allowing remote attackers to decrypt TLS sessions. Versions less than 1.0.2g-r2 are affected.
6f0722d9e284f07b269abf7998e9e52da12fdf8dcb8e32ab4f709a7b253f0481AsusTEK asio.sys driver accepts IOCTLs that allow the user to freely manipulate MSRs.
325593d3acbc08d615dd99f440693508f61114fcd70ff4a0997008168a95e16cNetgear DGNv2200 suffers from authentication bypass, memory corruption, and cross site request forgery vulnerabilities.
296e35b157692cccfcf1d5b18bf0d85519166c302d3e42c4cbe9e05b4677ee2bDebian Linux Security Advisory 3521-1 - Lael Cellier discovered two buffer overflow vulnerabilities in git, a fast, scalable, distributed revision control system, which could be exploited for remote execution of arbitrary code.
46ec78cd04db91be6d28705ff766c6c3e38dbbceacb349ca0705d85b151da1e9HP Security Bulletin HPSBGN03438 1 - A potential security vulnerability has been identified in HP Support Assistant. This vulnerability could be exploited locally to allow authentication bypass. Revision 1 of this advisory.
07400e92384da3334d67e6a03571dee46f89f2e7c29f2288543dfcec99f778acDebian Linux Security Advisory 3520-1 - Multiple security issues have been found in Icedove, Debian's version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.
53de96b333ff377c5997fb4d7b6d5264d5653d98b5c2d56677ffc75f61f65361A certain remote message parsing function inside the Dameware Mini Remote Control service does not properly validate the input size of an incoming string before passing it to wsprintfw. As a result, a specially crafted message can overflow into the bordering format field and subsequently overflow the stack frame. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the dwmrcs daemon.
390aaf7607e85e8afb085d15df6d452b7949bc6e25747b8967ebc5477a0bd05bXOOPS version 2.5.7.2 uses weak one way hash crypto MD5 along with unsalted passwords stored in the database.
5671c965146caf650a197ba8bd998b42a8f8678ee755c3c18fe39b0d594be1f2Grandstream VoIP products deploy a remote provisioning mechanism that allows to automatically set configuration elements on app startup. By default, an insecure connection to `fm.grandstream.com` is used to obtain the provisioning profile. However, even if an HTTPS URL is configured, the certificate is not validated, allowing an active attacker to successfully impersonate the provisioning server with an invalid, mismatching or outdated certificate.
e07ded7e5b842693413e62a615f10b879e181af670786c29c60e322c6aec3f73Ubuntu Security Notice 2935-3 - USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. Various other issues were also addressed.
3e9933c3392df31758f731285c88184afdd9639579d77bb96ea3bdb624d50473Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
485b9171a90d97d3535702a0ede0b959ebbd40967e2461c3bd36d33eeda6ebd6Debian Linux Security Advisory 3519-1 - Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure.
83c773cd1a9d89c83c1cadc236dc7ddc69687ff0afc1fa763fc23b17d53cd00c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed