APPLE-SA-2015-10-21-8 OS X Server 5.0.15

APPLE-SA-2015-10-21-8 OS X Server 5.0.15 OS X Server 5.0.15 is now available and addresses the following: BIND Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.1 or later Impact: Multiple vulnerabilities in BIND Description: Multiple vulnerabilities existed in BIND versions prior to...

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following: Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a...

Fortinet FortiClient multiple security vulnerabilities

Multiple privilege escalations...

Zhone routers multiple security vulnerabilities

Authentication bypass, information disclosure, code execution...

WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability

Document Title: =============== WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1595 Release Date: ============= 2015-09-23 Vulnerability Laboratory ID VL-ID:...

Apple Safari / Webkit multiple security vulnerabilities

Information spoofing, information disclosure, restriction bypass, race conditions, memory corruptions...

Apple Keynote, Pages, Numbers, iWork multiple security vulnerabilities

Restrictions bypass, memory corruptions...

APPLE-SA-2015-10-21-5 iTunes 12.3.1

APPLE-SA-2015-10-21-5 iTunes 12.3.1 iTunes 12.3.1 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may result in unexpected application termination or arbitrary code execution...

Vulnerabilities in Callisto 821+R3 ADSL Router

Hello 3APA3A! In 2011 I wrote 22 advisories about vulnerabilities in Callisto 821+ ADSL Router http://seclists.org/fulldisclosure/2011/Aug/1. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devices are vulnerable as well, so in August I...

KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation Title: SiS Windows VGA Display Manager Multiple Privilege Escalation Advisory ID: KL-001-2015-003 Publication Date: 2015.09.01 Publication URL:...

[USN-2780-2] MiniUPnP vulnerability

========================================================================== Ubuntu Security Notice USN-2780-2 October 23, 2015 miniupnpc vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

SAP Netwaver - XML External Entity Injection

Title: SAP Netwaver - XML External Entity Injection Author: Lukasz Miedzinski GPG: Public key provided in attachment Date: 29/10/2014 CVE: CVE-2015-7241 Affected software : =================== SAP Netwear : 7.01 Vendor advisories only for customers: =================== External ID : 851975 2014...

MiniUPnP library buffer overflow

Buffer overflow on network request processing...

Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability

Document Title: =============== Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2015-09-28 Vulnerability Laboratory ID VL-ID:...

APPLE-SA-2015-10-21-3 Safari 9.0.1

APPLE-SA-2015-10-21-3 Safari 9.0.1 Safari 9.0.1 is now available and addresses the following: WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple...

[CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability

Vulnerability title Microsoft: Trusted Boot Security Feature Bypass Vulnerability CVE: CVE-2015-2552 Vendor: Microsoft Product: Windows NT series 8.0+ Affected versions: See "systems affected". Reported by: "Myria" Vulnerability Summary: ===================== An attacker with administrative acces...

KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Title: XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-004 Publication Date: 2015.09.01 Publication URL:...

CSRF vulnerabilities in Callisto 821+R3 ADSL Router

Hello 3APA3A! After all my advisories about vulnerabilities in Callisto 821+ http://seclists.org/fulldisclosure/2011/Aug/1 and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devic...

XSS and CSRF vulnerabilities in ASUS RT-G32

Hello 3APA3A! There are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in ASUS Wireless Router RT-G32. ------------------------- Affected products: ------------------------- Vulnerable is the next model: ASUS RT-G32 with different versions of firmware. I checked in ASUS RT-G3...

Apache Commons HttpClient DoS

No timeout on handshake...

APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002

APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 Mac EFI Security Update 2015-002 is now available and addresses the following: EFI Available for: OS X Mavericks v10.9.5 Impact: An attacker can exercise unused EFI functions Description: An issue existed with EFI argument handling. This was...

Microsoft Windows multiple security vulnerabilities

Internet Explorer / Edge multiple security vulnerabilities, VBScript / Jscript code execution, Windows Shell code execution, kernel privilege escsalation...

Apple watchOS security vulnerabilities

Information disclosure, memory corruptions, multiple vulnerabilities in different libraries...

[USN-2767-1] GDK-PixBuf vulnerabilities

========================================================================== Ubuntu Security Notice USN-2767-1 October 13, 2015 gdk-pixbuf vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

[SECURITY] [DSA 3363-1] owncloud-client security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3363-1 [email protected] https://www.debian.org/security/ Luciano Bello September 20, 2015 https://www.debian.org/security/faq...

owncloud client server spoofing

Server certificate spoofing is possible...

Apple iTunes multiple security vulnerabilities

Multiple memory corruptions, DLL injections, multiple WebKit vulnerabilities, information disclosure...

Apple iOS multiple security vulnerabilities

Screen unlock, information disclosure, restrictions bypass, multiple memory corruptions, weak encryption, multiple vulnerabilities in different libraries...

Vulnerabilities in Callisto 821+R3 ADSL Router

Hello 3APA3A! After all my advisories about vulnerabilities in Callisto 821+ http://seclists.org/fulldisclosure/2011/Aug/1 and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devic...

Google Chrome / Chromium / Oxide multiple security vulnerabilities

Restrictions bypass, memory corruptions, information disclosure...

[SECURITY] [DSA 3376-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3376-1 [email protected] https://www.debian.org/security/ Michael Gilbert October 20, 2015 https://www.debian.org/security/faq -...

Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities

Code execution, information disclosure, restrictions bypass, multiple memory corruptions, multiple libraries vulnerabilities...

[USN-2722-1] GDK-PixBuf vulnerability

========================================================================== Ubuntu Security Notice USN-2722-1 August 26, 2015 gdk-pixbuf vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

GDK-PixBuf security vulnerabilities

Buffer overflow, integer overflow, on graphic formats processing...

Ubuntu Click restrictions bypass

It's possible to trick user into giving escalated privileges...

Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)

Qualys Security Advisory LibreSSL CVE-2015-5333 and CVE-2015-5334 ======================================================================== Contents ======================================================================== Summary Memory Leak CVE-2015-5333 Buffer Overflow CVE-2015-5334...

[USN-2772-1] PostgreSQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2772-1 October 16, 2015 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities ========================================================================== A security issue affects these...

PostgreSQL security vulnerabilities

Information disclosure, DoS...

LibreSSL security vulnerabilities

DoS, buffer overflow...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Memory corruptions, information disclosure, DoS, buffer overflow, restrictions bypass...

[USN-2771-1] Click vulnerability

========================================================================== Ubuntu Security Notice USN-2771-1 October 15, 2015 click vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

libvirt / qemu multiple security vulnerabilities

DoS, memory corruptions...

Tripwire IP360 authentication bypass

Authentication bypass, privilege escalation...

Cisco TelePresence Server DoS

Conference Control Protocol API buffer overflow...

Microsoft Exchange Information Disclosure

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MS-EXCHANGE-INFO-DISCLOSURE.txt Vendor: ================================ www.microsoft.com Product: ================================ Microsoft Exchange Outlook Web Vulnerability Type:...

NVidia graphics drivers privilege escalation

Privilege escalation via IOCTL processing...

Cisco IOS / Cisco IOS XE multiple security vulnerabilities

Authentication bypass, DoS...

CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability

Document Title ================ Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Affected Products =================== Vendor: Tripwire Software/Appliance: IP360 VnE Vulnerability Manager Affected verified versions: v7.2.2 - v7.2.5 CVE =====...

ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities EMC Identifier: ESA-2015-152 CVE Identifier: CVE-2015-4547, CVE-2015-4548 Severity Rating: CVSS v2 Base Score: View details below for individual CVSS v2 scores Affected Products: · RSA® W...

[USN-2741-1] Unity Settings Daemon vulnerability

========================================================================== Ubuntu Security Notice USN-2741-1 September 16, 2015 unity-settings-daemon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...