Debian Linux Security Advisory 3724-1 - Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code.
8ff0cf57f3b3288f0d4eeb96051a5dfc1fb32ac32bbcb923eced76c5d2f39456
Ubuntu Security Notice 3137-1 - It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
5dc21582c4e5438359f7e9cbf7f3f1a05d7d569e8fb102ddc0de309ed17acf4c
Ubuntu Security Notice 3136-1 - Roman Fiedler discovered a directory traversal flaw in lxc-attach. An attacker with access to an LXC container could exploit this flaw to access files outside of the container.
fa5f78b6a71df95c1a351871bfca0a6692f9f30f599849d1fa869ef3197ddce9
HP Security Bulletin HPSBHF03673 1 - Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. These vulnerabilities could be exploited remotely to conduct spoofing attacks and plaintext recovery attacks resulting in disclosure of information. Revision 1 of this advisory.
602636acd9eb352dc892bc1bded1cab28642c3e6645b73e0d9f61fe6df4d7dd2
SySS GmbH found out that the 125 kHz RFID technology used by the EASY HOME MAS-S01-09 wireless alarm system has no protection by means of authentication against rogue/cloned RFID tokens. The information stored on the used RFID tokens can be read easily in a very short time from distances up to 1 meter, depending on the used RFID reader. A working cloned RFID token is ready for use within a couple of seconds using freely available tools.
f2b5958d04f9bcacb801da8a3f95c98a49142000d47cd1feadd0ebc033c088f0
Due to an insecure implementation of the used 868 MHz radio communication, the wireless alarm system Blaupunkt Smart GSM Alarm SA 2500 Kit is vulnerable to replay attacks.
4a74349e30018d4eadb03382d40421e1c607aee428fa11c9c661fca820e654b2
Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to replay attacks.
b19e73ae566f67141fff01b385e124ffe916d02b99d2f4b1eb6581a9331a10b9
Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to brute-force attacks.
a33d718d22481da6180fc9af25a09eb7609ae79013ec68a0eb5bd6fddea35071
VMware Security Advisory 2016-0022 - VMware vCenter Server, vSphere Client, and vRealize Automation updates address information disclosure vulnerabilities.
2eb92731937c7a5f68f3b95bc7e5f57ed0efd31f7f258f98f7bf28685a4a7363
VMware Security Advisory 2016-0021 - VMware product updates address partial information disclosure vulnerability.
d9372685bd6c303cf6ae449efe2efe58514a7dbbadea4f0e2ab2d3978136abf0
Olympia Protect 9061 article number 5943 revision 03 suffers from missing protection against replay attacks.
b73813379c9c7ae3a3ca7625ea543b01df7c00b2718c1c9ba66959c0c4a4ff2d
EASY HOME Alarmanlagen-Set MAS-S01-09 suffers from missing protection against replay attacks.
aa11c4d5d771f9d150ecfead9f82a16873ca84a8146387dc50c052e29720ecb1
Red Hat Security Advisory 2016-2820-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.
09101d18a8872a1fbd6b7d886a1ccee516c5e7b8e80f40ea7d9248d12b1d8f60
Red Hat Security Advisory 2016-2819-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.
c10e120fa474ab10ba77d113aeba63c5f3226b7220d718cf61f8cbf65756abcc
Red Hat Security Advisory 2016-2816-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Security Fix: A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests.
139b9b08c711bedadc85f67290f1923e202d4dd9d564f6fee986e44d565ac765
Red Hat Security Advisory 2016-2815-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Multiple security issues have been addressed.
ef405f0bd7b17b62af6a472bc30f36f4a65f15e773f951d2de8b2b16aaddd1c8
Acunetix version 10 suffers from multiple dll hijacking vulnerabilities.
f9156bed3c4501962e7c625db7d1820c157af7c061dbcc82b917eb9966b17fcc
Multiple versions of Siemens SIMATIC suffer from a cross site request forgery vulnerability and poor cookie security settings.
26301c53dda7cca8354b059c0a9195478bf2208f7195cb4e264aa05d0d411026
Ubuntu Security Notice 3135-1 - Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program.
5d1e0d264b968b7b940c1590442ffefc50798c1586401b470059c4535715fdcc
Ubuntu Security Notice 3134-1 - It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
f4acba05d29f61abc115563263a86c66eefab809d6312eba26bddf0ab4433cc7
Ubuntu Security Notice 3132-1 - Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly overwrite arbitrary files.
82a69e51a38cce1aed5947f726654c16554c637877b98ca50d8794a1d1ad0663
Gentoo Linux Security Advisory 201611-20 - A buffer overflow in TestDisk might allow remote attackers to execute arbitrary code. Versions less than 7.0-r2 are affected.
dcdc93994e2a08593c7364a725d76d01ba45b80293d2feb7bd194282f907df0b
Gentoo Linux Security Advisory 201611-19 - A path traversal attack in Tar may lead to the remote execution of arbitrary code. Versions less than 1.29-r1 are affected.
61af9c3e2fef42cd67d49fe15711105155cf77af77c4e6aaa875cbb347291165
Gentoo Linux Security Advisory 201611-18 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 23.0.0.207 are affected.
25374cbf5545f7ef72ab04c1eb0309daf105a811087b8f8a8f20156f79f743b1
Gentoo Linux Security Advisory 201611-17 - A buffer overflow in RPCBind might allow remote attackers to cause a Denial of Service. Versions less than 0.2.3-r1 are affected.
afd05a0c233637b1e7809dcbcc7edbb1b672dd4a08a6ed63f1e333c2983b0d87