Debian Linux Security Advisory 3701-2 - The update for nginx issued as DSA-3701-1 to address CVE-2016-1247 introduced a packaging issue, which prevents nginx from being reinstalled or upgraded to a subsequent release. Updated packages are now available to address this problem.
c6f8c4c108e93298ad8357b758fb00ddea690c42be17e52b058750dde9d4d075Red Hat Security Advisory 2016-2124-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
583c9262cd833df9ea9a6338f42e103bcfcb9dc8eee2293a0d6668ad40f068a1Lupusec XT1 alarm system version 1.0.80 suffers from cross site request forgery, cross site scripting, insecure transit, and denial of service vulnerabilities.
fbecfed3f109bd160d9f55aa41dc3945ae1969cf15d279a1575d8d43d248f32fK7 TotalSecurity version 15.1.0.289 suffers from an unquoted service path privilege escalation vulnerability.
e4e1925f14069c34fd9fc8d74cd27e0486f57e239bc7f945c34c0d26c4af622bUbuntu Security Notice 3112-1 - Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
b8d665c1a846400e1f7e964a15a632b19104b1717e44ba9ec8f2ec975496481ePanda Internet Security version 17.0.1 suffers from an unquoted service path privilege escalation vulnerability.
85c6106ae7d20271fb395f192579ec70aa06342ae7d88ad6c992ceda7befb047Apple Security Advisory 2016-10-27-3 - iTunes 12.5.2 for Windows is now available and addresses information disclosure and code execution vulnerabilities.
7837c6aba83c29572d902438c64faefb1b3d10d188308858e81f998ce2d4c8a1Apple Security Advisory 2016-10-27-2 - iCloud for Windows v6.0.1 is now available and addresses input validation and memory corruption vulnerabilities.
e6b2f11e487a13140de9459c76fdb0c2c16e535686e8418040177a9a2db898d1IObit Uninstaller version 6.0.2.156 suffers from an unquoted service path privilege escalation vulnerability.
447134b844e1efc83b8c50c6c0e26f3c7afd3d86c54102d0f962ec0c22554e43Apple Security Advisory 2016-10-27-1 - Xcode 8.1 is now available and addresses code execution vulnerabilities.
df4e9e18d07031af03162429c5cf5f429609a92fcbc73263b3a265198afd9ef3The bulletin summary for October 2016 has been updated to include an additional out-of-band bulletin, MS16-128.
0c3532bb83dda985a21572cb64d52961cc762b700e7fc383723f46b26c70262bWonderShare Filmora version 7.5.0 suffers from a dll hijacking vulnerability.
3f776e347660267a429faf6e4144c2837a7e4ba0bf215d2e647f9b3d2675c8f7Vivaldi version 1.4.589.11 suffers from a DLL hijacking vulnerability.
cf886466c9c1d14450df4d7944e36410e55f380f972d4348a5d0cf7c1a15d39fVideoCharge Studio suffers from a DLL hijacking vulnerability.
1e836755b711a0b91fabb7ee064fa9c854ec157c63a0c2254ac4530dd2b6bd3bABT Blog version 2.0 suffers from a database disclosure vulnerability.
7c6375cb0f74c04acd20b88fd2f00b9bf454663c2c184a063dace58525d2f8c6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed