BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 35 min 29 sec ago

APPLE-SA-2016-09-20-2 Safari 10

September 20, 2016 - 4:45pm

Posted by Apple Product Security on Sep 20

APPLE-SA-2016-09-20-2 Safari 10

Safari 10 is now available and addresses the following:

Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618 : an anonymous researcher...
Categories:

ESA-2016-093: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability

September 20, 2016 - 10:26am

Posted by EMC Product Security Response Center on Sep 20

ESA-2016-093: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2016-093

CVE Identifier: CVE-2016-0925

Severity Rating: CVSS v3 Score: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products:

RSA Adaptive Authentication (On-Premise) versions earlier than 7.3 (exclusive)

Unaffected Products:

RSA Adaptive Authentication (On-Premise) version 7.3 and later

Summary:

RSA Adaptive...
Categories:

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

September 19, 2016 - 1:21pm

Posted by EMC Product Security Response Center on Sep 19

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

EMC Identifier: ESA-2016-096
CVE Identifier: CVE-2016-0917
Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected products:
EMC Software: EMC VNX2 File OE versions prior to 8.1.9.155
EMC Software: EMC VNX1 File OE versions prior to 7.1.80.3
EMC Software: EMC VNXe (all supported versions)
EMC Software: EMC Celerra...
Categories:

ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities

September 19, 2016 - 1:06pm

Posted by EMC Product Security Response Center on Sep 19

ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities

EMC Identifier: ESA-2016-065
CVE Identifier: CVE-2016-0903, CVE-2016-0904, CVE-2016-0905, CVE-2016-0920, CVE-2016-0921
Severity Rating: See below for individual scores for each CVE

Affected products:
• EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions prior to 7.3.0

Summary:
EMC Avamar Data Store (ADS) and Avamar Virtual...
Categories: