Feed aggregator

Vuln: libxml2 CVE-2015-8710 Out-of-bounds Memory Access Vulnerability

Security Focus Latest Security Advisories - December 31, 2016 - 12:00am
libxml2 CVE-2015-8710 Out-of-bounds Memory Access Vulnerability
Categories:

Vuln: JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability

Security Focus Latest Security Advisories - December 24, 2016 - 12:00am
JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability
Categories:

Vuln: Autodesk Design Review CVE-2015-8571 Remote Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - December 8, 2016 - 12:00am
Autodesk Design Review CVE-2015-8571 Remote Buffer Overflow Vulnerability
Categories:

Bugtraq: KL-001-2016-003 : SQLite Tempdir Selection Vulnerability

KL-001-2016-003 : SQLite Tempdir Selection Vulnerability
Categories:

Bugtraq: Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking

Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
Categories:

Bugtraq: Logic security flaw in TP-LINK - tplinklogin.net

Logic security flaw in TP-LINK - tplinklogin.net
Categories:

Bugtraq: [CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c

[CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c
Categories:

More rss feeds from SecurityFocus

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Categories:

[security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam

BugTraq Latest Security Advisories - 2 hours 36 min ago

Posted by security-alert on Jul 01

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05193083

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05193083
Version: 1

HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of
Information Logjam

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

Bugtraq: CA20160627-01: Security Notice for Release Automation

CA20160627-01: Security Notice for Release Automation
Categories:

KL-001-2016-003 : SQLite Tempdir Selection Vulnerability

BugTraq Latest Security Advisories - 4 hours 28 min ago

Posted by KoreLogic Disclosures on Jul 01

KL-001-2016-003 : SQLite Tempdir Selection Vulnerability

Title: SQLite Tempdir Selection Vulnerability
Advisory ID: KL-001-2016-003
Publication Date: 2016.07.01
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt

1. Vulnerability Details

Affected Vendor: SQLite/Hwaci
Affected Product: SQLite
Affected Version: All versions prior to 3.13.0
Platform: UNIX, GNU/Linux
CWE Classification:...
Categories:

Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking

BugTraq Latest Security Advisories - 6 hours 35 min ago

Posted by Stefan Kanthak on Jul 01

Hi @ll,

the executable installer for Microsoft's Visual Studio 2015
Community Edition, available from <https://www.visualstudio.com/>,
is vulnerable to DLL hijacking: on a fully patched Windows 7 SP1
it loads the following DLLs from its "application directory"
instead of Windows' "system directory":
Version.dll, AppHelp.dll, NTMARTA.dll, CryptSP.dll, RPCRTRemote.dll

Additionally it loads...
Categories:

Logic security flaw in TP-LINK - tplinklogin.net

BugTraq Latest Security Advisories - 6 hours 46 min ago

Posted by Info on Jul 01

TP-LINK forgot to buy the domain www.tplinklogin.net which is beings used to configure many of the hardwares they
have, like routers configuration.

The domain is available to buy via escort service, so potential attacker can get it, it's all about money.

There is unknown holder who have the domain right now, and has been confirmed to be out of the company.

As for now, the company decided to make minor fixes. Yet - they don't like...
Categories:

Bugtraq: [CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c

[CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c
Categories:

Bugtraq: [SECURITY] [DSA 3611-1] libcommons-fileupload-java security update

[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update
Categories:

[CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c

BugTraq Latest Security Advisories - 9 hours 20 min ago

Posted by wpengfeinudt on Jul 01

I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I’d like to
make an anouncement here.

This was found in Linux kernel file Linux-4.5/drivers/s390/char/sclp_ctl.c, and crafted user space data change under
race condition will lead to consequences like over-boundary access on the kernel buffer, and information leakage....
Categories:

[CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c

BugTraq Latest Security Advisories - 9 hours 30 min ago

Posted by wpengfeinudt on Jul 01

I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I’d like to
make an anouncement here.

This was found in Linux kernel file Linux-4.5/drivers/misc/mic/host/mic_virtio.c, and crafted user space data change
under race condition will lead to consequences like over-boundary access on the kernel buffer, information leakage or
kernel crash....
Categories:

CA20160627-01: Security Notice for Release Automation

BugTraq Latest Security Advisories - 9 hours 41 min ago

Posted by Kotas, Kevin J on Jul 01

CA20160627-01: Security Notice for Release Automation

Issued: June 27, 2016
Last Updated: June 27, 2016

CA Technologies Support is alerting customers to multiple potential risks
with CA Release Automation. Three vulnerabilities exist that can allow a
remote attacker to potentially gain sensitive information or cause a
denial of service condition. CA has fixes available.

The first vulnerability, CVE-2015-7370, occurs due to the inclusion of a...
Categories:

Bugtraq: BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs

BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs
Categories:

Bugtraq: [SECURITY] [DSA 3610-1] xerces-c security update

[SECURITY] [DSA 3610-1] xerces-c security update
Categories: