what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-12-14

Apple Security Advisory 2016-12-13-8
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-8 - Transporter 1.9.2 is now available and addresses an information disclosure vulnerability.

tags | advisory, info disclosure
systems | apple
advisories | CVE-2016-7666
SHA-256 | a15c7b8671a1b605dfb13cba0b47053d45b9312355517a08c8952b2087599eda
Apple Security Advisory 2016-12-13-7
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-7 - This advisory provides additional information in regards to watchOS 3.1.1 fixes as originally documented in APPLE-SA-2016-12-12-2.

tags | advisory
systems | apple
advisories | CVE-2016-4688, CVE-2016-4691, CVE-2016-4693, CVE-2016-7588, CVE-2016-7589, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7606, CVE-2016-7607, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7619, CVE-2016-7621, CVE-2016-7626, CVE-2016-7627, CVE-2016-7636, CVE-2016-7637, CVE-2016-7643, CVE-2016-7644, CVE-2016-7651, CVE-2016-7657, CVE-2016-7658, CVE-2016-7659, CVE-2016-7660, CVE-2016-7662, CVE-2016-7663
SHA-256 | 1e75ac1d7e84337d43fda5523d2559c90e0014064b306b2c2c06c43e2fb37d94
Apple Security Advisory 2016-12-13-4
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-4 - iCloud for Windows v6.1 is now available and addresses memory corruption, arbitrary code execution, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | windows, apple
advisories | CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7614, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656
SHA-256 | f9f2e0e3cd17cfbd20fb428973c02abebf6c74592c089a643061a74e1f8412a4
Apple Security Advisory 2016-12-13-5
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-5 - This advisory provides additional information in regards to iOS 10.2 fixes as originally documented in APPLE-SA-2016-12-12-1.

tags | advisory
systems | cisco, apple, ios
advisories | CVE-2016-4688, CVE-2016-4689, CVE-2016-4690, CVE-2016-4691, CVE-2016-4692, CVE-2016-4693, CVE-2016-4743, CVE-2016-4781, CVE-2016-7586, CVE-2016-7587, CVE-2016-7588, CVE-2016-7589, CVE-2016-7591, CVE-2016-7592, CVE-2016-7594, CVE-2016-7595, CVE-2016-7597, CVE-2016-7598, CVE-2016-7599, CVE-2016-7601, CVE-2016-7606, CVE-2016-7607, CVE-2016-7610, CVE-2016-7611, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7619
SHA-256 | c76b2facaf88977456f7443e4116d5d542dddbae7939376c8c47ecf19fcff957
Apple Security Advisory 2016-12-13-6
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-6 - This advisory provides additional information in regards to tvOS 10.1 fixes as originally documented in APPLE-SA-2016-12-12-3.

tags | advisory
systems | apple
advisories | CVE-2016-4688, CVE-2016-4691, CVE-2016-4692, CVE-2016-4693, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7588, CVE-2016-7589, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7598, CVE-2016-7599, CVE-2016-7606, CVE-2016-7607, CVE-2016-7610, CVE-2016-7611, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7619, CVE-2016-7621, CVE-2016-7626, CVE-2016-7627, CVE-2016-7632, CVE-2016-7635, CVE-2016-7636
SHA-256 | 29a768aaf01478b8d97cab781144a949c5f45c52011168e14464b7f343949ef0
Apple Security Advisory 2016-12-13-3
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-3 - iTunes 12.5.4 is now available and addresses memory corruption, arbitrary code execution, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656
SHA-256 | 407486bf89d0f2e73b35a0728f1320d49145c9383f340da1734d4a06a1e90a34
Apple Security Advisory 2016-12-13-2
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-2 - Safari 10.0.2 is now available and addresses cross site scripting, arbitrary code execution, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution, xss
systems | apple
advisories | CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7650, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656
SHA-256 | 986fc3ac166c04825882fb3e3f511652563a6bd564900b0b853d90834b050dff
Apple Security Advisory 2016-12-13-1
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-1 - macOS 10.12.2 is now available and addresses arbitrary code execution, denial of service, and various other vulnerabilities.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2016-1777, CVE-2016-1823, CVE-2016-4688, CVE-2016-4691, CVE-2016-4693, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-6303, CVE-2016-6304, CVE-2016-7141, CVE-2016-7167, CVE-2016-7411, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7596, CVE-2016-7600, CVE-2016-7602, CVE-2016-7603, CVE-2016-7604
SHA-256 | 68bf50743be919151d9547b2351d633298a9bfe57d7160fac7541f89315f5b98
Ubuntu Security Notice USN-3155-1
Posted Dec 14, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3155-1 - Multiple security vulnerabilities were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903, CVE-2016-9904
SHA-256 | b6364d5c8c628bdd3dd607dcd630f92aac73f757ae6bad2d66a2c640a03b6bf8
Red Hat Security Advisory 2016-2945-01
Posted Dec 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2945-01 - Red Hat Single Sign-On 7.0 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for Red Hat Single Sign-On 7.0. Security Fix: It was found that Keycloak did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.

tags | advisory, web, info disclosure
systems | linux, redhat
advisories | CVE-2016-8609
SHA-256 | bbad4c80114dd4575132480519035b653d18cbdfd472eef285d492efc8e3fa92
Ubuntu Security Notice USN-3156-1
Posted Dec 14, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3156-1 - Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-1252
SHA-256 | b7eb80c0b70482b71b386b58b45e73716f7e3508503ad770ba34c88879d48914
McAfee Virus Scan Enterprise For Linux Remote Code Execution
Posted Dec 14, 2016
Authored by Andrew Fasano

McAfee Virus Scan Enterprise for Linux suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution, virus
systems | linux
advisories | CVE-2016-8016, CVE-2016-8017, CVE-2016-8018, CVE-2016-8019, CVE-2016-8020, CVE-2016-8021, CVE-2016-8022, CVE-2016-8023, CVE-2016-8024, CVE-2016-8025
SHA-256 | 26d7834cf5815b1060880e6f39aced196e9baa8ba2abaefb8044358b1c90a16b
Samsung Devices KNOX Extensions OTP TrustZone Trustlet Stack Buffer Overflow
Posted Dec 14, 2016
Authored by Google Security Research

As a part of the KNOX extensions available on Samsung devices, Samsung provides a TrustZone trustlet which allows the generation of OTP tokens. The tokens themselves are generated in a TrustZone application within the TEE (UID: fffffffff0000000000000000000001e), which can be communicated with using the "OTP" service, published by "otp_server". Many of the internal commands supported by the trustlet must either unwrap or wrap a token. They do so by calling the functions "otp_unwrap" and "otp_wrap", correspondingly. Both functions copy the internal token data to a local stack based buffer before attempting to wrap or unwrap it. However, this copy operation is performed using a length field supplied in the user's buffer (the length field's offset changes according to the calling code-path), which is not validated at all. This means an attacker can supply a length field larger than the stack based buffer, causing the user-controlled token data to overflow the stack buffer. There is no stack cookie mitigation in MobiCore trustlets. On the device I'm working on (SM-G925V), the "OTP" service can be accessed from any user, including from the SELinux context "untrusted_app". Successfully exploiting this vulnerability should allow a user to elevate privileges to the TrustZone TEE.

tags | exploit, overflow, local
SHA-256 | fdac4762f7c4537ec554207fd8fe7e51deeb9d222a47b7996bddc9ce87274962
apt Repository Signing Bypass
Posted Dec 14, 2016
Authored by Jann Horn, Google Security Research

apt suffers from a repository signing bypass via memory allocation failure.

tags | exploit
advisories | CVE-2016-1252
SHA-256 | c29167700d9cf86ba6d903c347e03b32af971e7cb4e71b156fcea3249a80e545
Microsoft Security Bulletin Revision Increment For December, 2016
Posted Dec 14, 2016
Site microsoft.com

This bulletin summary lists six bulletins that have undergone a major revision increment.

tags | advisory
SHA-256 | 9fe3fb9f429d28ef6a35efab92cdd602042c8180af7711201f091bd2fa8ec90c
Microsoft Security Bulletin Summary For December, 2016
Posted Dec 14, 2016
Site microsoft.com

This bulletin summary lists twelve released Microsoft security bulletins for December, 2016.

tags | advisory
SHA-256 | e2e2cc6fd20761047644c7fbbd0fe22ab731670844b479b2148be246699651b4
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close