Feed aggregator

Vuln: Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability

Security Focus Latest Security Advisories - March 21, 2017 - 11:00pm
Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
Categories:

Vuln: Adobe Flash Player APSB17-07 Multiple Use After Free Remote Code Execution Vulnerabilities

Security Focus Latest Security Advisories - March 21, 2017 - 11:00pm
Adobe Flash Player APSB17-07 Multiple Use After Free Remote Code Execution Vulnerabilities
Categories:

Vuln: Adobe Flash Player CVE-2017-3000 Information Disclosure Vulnerability

Security Focus Latest Security Advisories - March 21, 2017 - 11:00pm
Adobe Flash Player CVE-2017-3000 Information Disclosure Vulnerability
Categories:

Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"

BugTraq Latest Security Advisories - March 21, 2017 - 1:39pm

Posted by Stefan Kanthak on Mar 21

Hi @ll,

Windows 8 and newer versions (Windows 7 and Windows Server 2008 R2
with KB2532445 or KB3125574 installed too) don't allow unprivileged
callers to circumvent AppLocker and SAFER rules via

LoadLibraryEx(TEXT("<arbitrary DLL>"), NULL, LOAD_IGNORE_CODE_AUTHZ_LEVEL);

See <https://msdn.microsoft.com/en-us/library/ms684179.aspx>
and <https://support.microsoft.com/kb/2532445>

| LOAD_IGNORE_CODE_AUTHZ_LEVEL...
Categories:

Bugtraq: [security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access

Security Focus Latest Security Advisories - March 21, 2017 - 1:00pm
[security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access
Categories:

[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM

BugTraq Latest Security Advisories - March 21, 2017 - 8:02am

Posted by ERPScan inc on Mar 21

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component
Vendor URL: http://SAP.com
Bugs: Directory traversal
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 13.12.2016
Reference: SAP Security Note 2310790
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION
Title: [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
Advisory ID: [ERPSCAN-16-041]
Risk: medium...
Categories:

Bugtraq: CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service

Security Focus Latest Security Advisories - March 21, 2017 - 7:00am
CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service
Categories:

next-20170321: linux-next

Linux Kernel Updates - March 20, 2017 - 11:03pm
Version:next-20170321 (linux-next) Released:2017-03-21

Vuln: IBM PowerKVM CVE-2016-7076 Local Command Execution Vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 11:00pm
IBM PowerKVM CVE-2016-7076 Local Command Execution Vulnerability
Categories:

Vuln: Microsoft Internet Explorer and Edge CVE-2016-7282 Information Disclosure Vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 11:00pm
Microsoft Internet Explorer and Edge CVE-2016-7282 Information Disclosure Vulnerability
Categories:

Vuln: Microsoft Office CVE-2016-7298 Memory Corruption Vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 11:00pm
Microsoft Office CVE-2016-7298 Memory Corruption Vulnerability
Categories:

Vuln: Microsoft Auto Updater for Mac CVE-2016-7300 Local Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 11:00pm
Microsoft Auto Updater for Mac CVE-2016-7300 Local Privilege Escalation Vulnerability
Categories:

Vuln: Microsoft Windows Graphics Component CVE-2016-7272 Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 11:00pm
Microsoft Windows Graphics Component CVE-2016-7272 Remote Code Execution Vulnerability
Categories:

Vuln: Jenkins Mailer Plugin CVE-2017-2651 Security Bypass Vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 11:00pm
Jenkins Mailer Plugin CVE-2017-2651 Security Bypass Vulnerability
Categories:

Vuln: Jenkins CVE-2017-2650 Security Bypass Vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 11:00pm
Jenkins CVE-2017-2650 Security Bypass Vulnerability
Categories:

Vuln: Apache POI CVE-2017-5644 Denial Of Service Vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 11:00pm
Apache POI CVE-2017-5644 Denial Of Service Vulnerability
Categories:

Vuln: Moodle CVE-2017-2645 HTML Injection Vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 11:00pm
Moodle CVE-2017-2645 HTML Injection Vulnerability
Categories:

Vuln: Linux Kernel CVE-2016-10088 Incomplete Fix Multiple Local Memory Corruption Vulnerabilities

Security Focus Latest Security Advisories - March 20, 2017 - 11:00pm
Linux Kernel CVE-2016-10088 Incomplete Fix Multiple Local Memory Corruption Vulnerabilities
Categories:

Vuln: Linux Kernel CVE-2016-9576 Use After Free Memory Corruption Vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 11:00pm
Linux Kernel CVE-2016-9576 Use After Free Memory Corruption Vulnerability
Categories:

Vuln: Linux Kernel CVE-2016-2069 TLB Flush Local Security Bypass Vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 11:00pm
Linux Kernel CVE-2016-2069 TLB Flush Local Security Bypass Vulnerability
Categories: