DLA-676-1 nspr - security update

Bulletin has no description...

Debian DSA-3687-1 : nspr - security update

Two vulnerabilities were reported in NSPR, a library to abstract over operating system interfaces developed by the Mozilla project. - CVE-2016-1951 q1 reported that the NSPR implementation of sprintf-style string formatting function miscomputed memory allocation sizes, potentially leading to...

[SECURITY] [DSA 3687-1] nspr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3687-1 [email protected] https://www.debian.org/security/ Florian Weimer October 05, 2016 https://www.debian.org/security/faq -...

DSA-3687-1 nspr - security update

Bulletin has no description...

Debian Security Advisory DSA 3688-1 (nss - security update)

Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of da...

Cybozu Office vulnerable to information disclosure

Overview Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in...

JVN#09736331: Cybozu Office vulnerable to information disclosure

Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page...

Apple OS X Perl Security Bypass Vulnerability

Apple OS X is a special operating system developed by Apple for Mac computers. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. A security bypass vulnerability exists in Perl in Apple OS X versions prior to 10.12, which can be exploited ...

CVE-2016-7543

An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances...

CVE-2016-4749

Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file...

CVE-2016-4749

Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file...

Design/Logic Flaw

Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file...

CVE-2016-4749

Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file...

CVE-2016-3862

media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjheadjni, which allows remote attackers to execute arbitrary code or cause a denial of service...

Memory corruption

media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjheadjni, which allows remote attackers to execute arbitrary code or cause a denial of service...

CVE-2016-6639: PHP Buildpack exposes .profile file | Cloud Foundry

CVE-2016-6639: PHP Buildpack exposes .profile file Medium Vendor Cloud Foundry Foundation Versions Affected PHP Buildpack versions prior to v4.3.18 Cf-release versions prior to v242 Description The .profile file, which can potentially include environment variables and credentials, is exposed by...

Cross-Site Scripting

Overview Affected versions of nunjucks do not properly escape specially structured user input in template vars when in auto-escape mode, resulting in a cross-site scripting vulnerability. Proof of Concept By using an array for the keys in a template var, escaping is bypassed. javascript name=aler...

Boozt Fashion AB: PHP info page disclosure on http://www.day.dk/

Hi, Boozt team. Description: phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. Step to reproduce: 1. Go to http://www.day.dk/check.php An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version...

Windows FLR fails with "Failed to create or open file [C:\Windows\system32\config\systemprofile\"

Challenge When attempting to perform a Guest OS File Level Restore from a Windows Filesystem the mount Backup Browser displays the error: The system cannot find the path specified. Failed to create or open file C:\Windows\system32\config\systemprofile...\veeamflr-.flat. Agent failed to process...

CVE-2016-3862

media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjheadjni, which allows remote attackers to execute arbitrary code or cause a denial of service...