Security News

Vuln: JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability

Security Focus Vulnerabilities - 24 December, 2016 - 00:00
JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability

Vuln: Autodesk Design Review CVE-2015-8571 Remote Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 8 December, 2016 - 00:00
Autodesk Design Review CVE-2015-8571 Remote Buffer Overflow Vulnerability

Vuln: mod_nss Module CVE-2015-5244 Security Bypass Vulnerability

Security Focus Vulnerabilities - 14 September, 2016 - 23:00
mod_nss Module CVE-2015-5244 Security Bypass Vulnerability

Bugtraq: APPLE-SA-2016-08-25-1 iOS 9.3.5

APPLE-SA-2016-08-25-1 iOS 9.3.5

Bugtraq: SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise

SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise

Bugtraq: WebKitGTK+ Security Advisory WSA-2016-0005

WebKitGTK+ Security Advisory WSA-2016-0005

Bugtraq: nullcon 8-bit Call for Papers is open

nullcon 8-bit Call for Papers is open

More rss feeds from SecurityFocus

News, Infocus, Columns, Vulnerabilities, Bugtraq ...

APPLE-SA-2016-08-25-1 iOS 9.3.5

Bug Traq - 25 August, 2016 - 15:03

Posted by Apple Product Security on Aug 25

APPLE-SA-2016-08-25-1 iOS 9.3.5

iOS 9.3.5 is now available and addresses the following:

Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input sanitization.
CVE-2016-4655: Citizen Lab and Lookout

Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th...

Bugtraq: [slackware-security] gnupg (SSA:2016-236-01)

Security Focus Vulnerabilities - 25 August, 2016 - 15:00
[slackware-security] gnupg (SSA:2016-236-01)

Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure

Full Disclosure - 25 August, 2016 - 14:51

Posted by Matías Mevied on Aug 25

Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could retrive the administration user and passwords from
the Server Manager compromising the whole JDE landscape hence all of its information and processes.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date:...

APPLE-SA-2016-08-25-1 iOS 9.3.5

Full Disclosure - 25 August, 2016 - 14:50

Posted by Apple Product Security on Aug 25

APPLE-SA-2016-08-25-1 iOS 9.3.5

iOS 9.3.5 is now available and addresses the following:

Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input sanitization.
CVE-2016-4655: Citizen Lab and Lookout

Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th...

Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure

Full Disclosure - 25 August, 2016 - 13:04

Posted by Onapsis Research on Aug 25

Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could retrive the administration user and passwords from
the Server Manager compromising the whole JDE landscape hence all of its information and processes.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date:...

Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS

Full Disclosure - 25 August, 2016 - 13:02

Posted by Onapsis Research on Aug 25

Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could remotely shutdown the entire JD Edwards
infrastructure.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/28/2016
- Last Revised: 07/28/2016
- Security Advisory ID: ONAPSIS-2016-014
- Onapsis SVS ID: ONAPSIS-00175
-...

Onapsis Security Advisory ONAPSIS-2016-012: JD Edwards JDENET function DoS

Full Disclosure - 25 August, 2016 - 12:59

Posted by Onapsis Research on Aug 25

Onapsis Security Advisory ONAPSIS-2016-012: JD Edwards JDENET function DoS

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could remotely shutdown the entire JD Edwards
infrastructure.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/28/2016
- Last Revised: 07/28/2016
- Security Advisory ID: ONAPSIS-2016-012
- Onapsis SVS ID: ONAPSIS-00176
-...

Onapsis Security Advisory ONAPSIS-2016-011: JD Edwards Server Manager Create users

Full Disclosure - 25 August, 2016 - 12:55

Posted by Onapsis Research on Aug 25

Onapsis Security Advisory ONAPSIS-2016-011: JD Edwards Server Manager Create users

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could create users in the Server Manager, ultimately
compromising the whole JDE landscape hence all of its information and processes.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 07/28/2016
- Last Revised:...

Onapsis Security Advisory ONAPSIS-2016-010: JD Edwards Server Manager Shutdown

Full Disclosure - 25 August, 2016 - 12:49

Posted by Onapsis Research on Aug 25

Onapsis Security Advisory ONAPSIS-2016-010: JD Edwards Server Manager Shutdown

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could Shutdown the Server Manager

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/28/2016
- Last Revised: 07/28/2016
- Security Advisory ID: ONAPSIS-2016-010
- Onapsis SVS ID: ONAPSIS-00173
- CVE: CVE-2016-0421
-...

nullcon 8-bit Call for Papers is open

Daily Dave - 25 August, 2016 - 12:46

Posted by nullcon on Aug 25

Dear Hackers and Security Pros,

Welcome to nullcon 8-bit!
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world and the universe , working on the next
big thing in security and request everyone to submit their new
research.

What is 8-bit?
As a tradition of...

Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure

Full Disclosure - 25 August, 2016 - 12:17

Posted by Onapsis Research on Aug 25

Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could get the administration password getting full
compromise of the system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 07/28/2016
- Last Revised: 07/28/2016
- Security Advisory ID: ONAPSIS-2016-009
- Onapsis...

Bugtraq: [security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities

Security Focus Vulnerabilities - 25 August, 2016 - 03:55
[security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities
Syndicate content