Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

56 messages starting Dec 21 16 and ending Dec 16 16
Date index | Thread index | Author index

Advisories

ASP.NET Core 5-RC1 HTTP Header Injection Advisories (Dec 21)

apparitionsec

Symantec VIP Access Desktop Arbitrary DLL Execution apparitionsec (Dec 08)
Microsoft Windows Media Center "ehshell.exe" XML External Entity apparitionsec (Dec 05)
Microsoft MSINFO32.EXE ".NFO" Files XML External Entity apparitionsec (Dec 05)

Apple Product Security

APPLE-SA-2016-12-13-2 Safari 10.0.2 Apple Product Security (Dec 14)
APPLE-SA-2016-12-13-8 Transporter 1.9.2 Apple Product Security (Dec 14)
APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1 Apple Product Security (Dec 14)
APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2 Apple Product Security (Dec 14)
APPLE-SA-2016-12-12-2 watchOS 3.1.1 Apple Product Security (Dec 12)
APPLE-SA-2016-12-13-3 iTunes 12.5.4 Apple Product Security (Dec 13)
APPLE-SA-2016-12-12-1 iOS 10.2 Apple Product Security (Dec 12)
APPLE-SA-2016-12-12-3 tvOS 10.1 Apple Product Security (Dec 12)

Asterisk Security Team

AST-2016-009: <br> Asterisk Security Team (Dec 08)
AST-2016-008: Crash on SDP offer or answer from endpoint using Opus Asterisk Security Team (Dec 08)

Berend-Jan Wever

CVE-2013-3143: MSIE 9 IEFRAME CMarkup..Remove­Pointer­Pos use-after-free Berend-Jan Wever (Dec 14)
Re: CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption Berend-Jan Wever (Dec 06)
MSIE 9 IEFRAME CMarkup­Pointer::Move­To­Gap use-after-free Berend-Jan Wever (Dec 15)
CVE-2015-1730: MSIE jscript9 Java­Script­Stack­Walker memory corruption details and PoC Berend-Jan Wever (Dec 06)
CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free Berend-Jan Wever (Dec 16)
CVE-2013-1306: MSIE 9 MSHTML CDisp­Node::Insert­Sibling­Node use-after-free details Berend-Jan Wever (Dec 08)
MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free Berend-Jan Wever (Dec 14)
CVE-2014-4138: MSIE 11 MSHTML CPaste­Command::Convert­Bitmapto­Png heap-based buffer overflow Berend-Jan Wever (Dec 22)
MSIE 9 MSHTML CElement::Has­Flag memory corruption Berend-Jan Wever (Dec 09)
CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free Berend-Jan Wever (Dec 20)

Dawid Golunski

PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski (Dec 27)
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Dawid Golunski (Dec 27)
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] Dawid Golunski (Dec 15)

Eissing Stefan

CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used Eissing Stefan (Dec 05)

ESNC Security

[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security ESNC Security (Dec 07)

Filippo Cavallarin

Microsoft Remote Desktop Client for Mac Remote Code Execution Filippo Cavallarin (Dec 07)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-16:39.ntp FreeBSD Security Advisories (Dec 22)

HYP3RLINX

XAMPP Control Panel Memory Corruption Denial Of Service HYP3RLINX (Dec 25)
Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability hyp3rlinx (Dec 14)

Jacobo Avariento

Samsung DVR credentials encoded in base64 in cookie header Jacobo Avariento (Dec 19)

Luciano Bello

[SECURITY] [DSA 3746-1] graphicsmagick security update Luciano Bello (Dec 25)

Mark Thomas

[SECURITY] CVE-2016-8745 Apache Tomcat Information Disclosure Mark Thomas (Dec 12)

Micha Borrmann

[SYSS-2016-115] Cisco Expressway: Security Bypass Vulnerability (CWE-20) Micha Borrmann (Dec 19)

Oleksandr Rudyy

[CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage Oleksandr Rudyy (Dec 28)

Salvatore Bonaccorso

[SECURITY] [DSA 3744-1] libxml2 security update Salvatore Bonaccorso (Dec 23)
[SECURITY] [DSA 3730-1] icedove security update Salvatore Bonaccorso (Dec 12)

Sebastien Delafond

[SECURITY] [DSA 3738-1] tomcat7 security update Sebastien Delafond (Dec 19)
[SECURITY] [DSA 3743-1] python-bottle security update Sebastien Delafond (Dec 21)
[SECURITY] [DSA 3732-2] php-ssh2 regression update Sebastien Delafond (Dec 21)
[SECURITY] [DSA 3736-1] libupnp security update Sebastien Delafond (Dec 16)

Secunia Research

Secunia Research: Microsoft Windows Type 1 Font Processing Vulnerability Secunia Research (Dec 14)

security-alert

[security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information security-alert (Dec 07)
[security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities security-alert (Dec 16)

Slackware Security Team

[slackware-security] mozilla-firefox (SSA:2016-348-01) Slackware Security Team (Dec 14)
[slackware-security] openssh (SSA:2016-358-02) Slackware Security Team (Dec 25)
[slackware-security] httpd (SSA:2016-358-01) Slackware Security Team (Dec 25)
[slackware-security] php (SSA:2016-347-03) Slackware Security Team (Dec 13)
[slackware-security] kernel (SSA:2016-347-01) Slackware Security Team (Dec 13)
[slackware-security] mozilla-firefox (SSA:2016-336-01) Slackware Security Team (Dec 01)
[slackware-security] expat (SSA:2016-359-01) Slackware Security Team (Dec 25)

submit

Apple iOS/tvOS/watchOS Remote memory corruption through certificate submit (Dec 13)

unlimitsec

CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom unlimitsec (Dec 16)

Previous period

Next period