Security News

Bugtraq: [SECURITY] [DSA 3611-1] libcommons-fileupload-java security update

Security Focus Vulnerabilities - 1 July, 2016 - 08:50
[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update

[CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c

Bug Traq - 1 July, 2016 - 06:21

Posted by wpengfeinudt on Jul 01

I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I’d like to
make an anouncement here.

This was found in Linux kernel file Linux-4.5/drivers/s390/char/sclp_ctl.c, and crafted user space data change under
race condition will lead to consequences like over-boundary access on the kernel buffer, and information leakage....

[CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c

Bug Traq - 1 July, 2016 - 06:11

Posted by wpengfeinudt on Jul 01

I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I’d like to
make an anouncement here.

This was found in Linux kernel file Linux-4.5/drivers/misc/mic/host/mic_virtio.c, and crafted user space data change
under race condition will lead to consequences like over-boundary access on the kernel buffer, information leakage or
kernel crash....

CA20160627-01: Security Notice for Release Automation

Bug Traq - 1 July, 2016 - 06:00

Posted by Kotas, Kevin J on Jul 01

CA20160627-01: Security Notice for Release Automation

Issued: June 27, 2016
Last Updated: June 27, 2016

CA Technologies Support is alerting customers to multiple potential risks
with CA Release Automation. Three vulnerabilities exist that can allow a
remote attacker to potentially gain sensitive information or cause a
denial of service condition. CA has fixes available.

The first vulnerability, CVE-2015-7370, occurs due to the inclusion of a...

Bugtraq: BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs

Security Focus Vulnerabilities - 1 July, 2016 - 05:10
BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs

Bugtraq: [SECURITY] [DSA 3610-1] xerces-c security update

Security Focus Vulnerabilities - 1 July, 2016 - 05:10
[SECURITY] [DSA 3610-1] xerces-c security update

Bugtraq: [SECURITY] [DSA 3609-1] tomcat8 security update

Security Focus Vulnerabilities - 1 July, 2016 - 05:10
[SECURITY] [DSA 3609-1] tomcat8 security update

Global Commission On Internet Governance report

Daily Dave - 30 June, 2016 - 08:16

Posted by Matthieu Suiche on Jun 30

https://www.ourinternet.org/report

Global Commission On Internet Governance chaired by formed Swedish PM, Carl
Bildt just released their report.

Given its first audience, and the fact they highlight issues related to
internet security and privacy - I thought it would be worth sharing for
open-comments.

"*Recommendations:* Consistent with the International Covenant on Civil and
Political Rights, no one should be subject to arbitrary...

[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update

Bug Traq - 30 June, 2016 - 04:30

Posted by Salvatore Bonaccorso on Jun 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-3611-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 30, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libcommons-fileupload-java
CVE ID : CVE-2016-3092...

Bugtraq: [SECURITY] [DSA 3608-1] libreoffice security update

Security Focus Vulnerabilities - 30 June, 2016 - 04:30
[SECURITY] [DSA 3608-1] libreoffice security update

Bugtraq: Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

Security Focus Vulnerabilities - 30 June, 2016 - 02:50
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

Bugtraq: Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability

Security Focus Vulnerabilities - 30 June, 2016 - 02:50
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability

[SECURITY] [DSA 3610-1] xerces-c security update

Bug Traq - 30 June, 2016 - 02:26

Posted by Salvatore Bonaccorso on Jun 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-3610-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 29, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xerces-c
CVE ID : CVE-2016-4463
Debian Bug :...

BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs

Bug Traq - 30 June, 2016 - 02:16

Posted by Blue Frost Security Research Lab on Jun 30


[SECURITY] [DSA 3608-1] libreoffice security update

Bug Traq - 29 June, 2016 - 15:15

Posted by Moritz Muehlenhoff on Jun 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3608-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 29, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2016-4324

Aleksandar...

[SECURITY] [DSA 3609-1] tomcat8 security update

Bug Traq - 29 June, 2016 - 15:05

Posted by Moritz Muehlenhoff on Jun 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3609-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 29, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tomcat8
CVE ID : CVE-2015-5174 CVE-2015-5345...

Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

Bug Traq - 29 June, 2016 - 12:05

Posted by Cisco Systems Product Security Incident Response Team on Jun 29

Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

Advisory ID: cisco-sa-20160629-piauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved
Programmable Network Manager...

Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability

Bug Traq - 29 June, 2016 - 11:53

Posted by Cisco Systems Product Security Incident Response Team on Jun 29

Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20160629-cpcpauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Lightweight Directory Access Protocol (LDAP) authentication for Cisco Prime Collaboration
Provisioning could...

Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability

Bug Traq - 29 June, 2016 - 11:42

Posted by Cisco Systems Product Security Incident Response Team on Jun 29

Cisco Firepower System Software Static Credential Vulnerability

Advisory ID: cisco-sa-20160629-fp

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to log in to the
device with a default account. This account does not have full administrator...

CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD

Bug Traq - 29 June, 2016 - 10:36

Posted by Cantor, Scott on Jun 29

CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Xerces-C XML Parser library versions
prior to V3.1.4

Description: The Xerces-C XML parser fails to successfully parse a
DTD that is deeply nested, and this causes a stack overflow, which
makes a denial of service attack against many applications possible
by an unauthenticated attacker....
Syndicate content