Hi @ll,
the just released QuickTime 7.7.7 and iTunes 12.2 for Windows still
have quite some of the BLOODY beginners errors I already documented
in the past.
QuickTime 7.7.7, QuickTime.msi
unquoted pathname of executables in command line
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities
EMC Identifier: ESA-2015-108
CVE Identifier: CVE-2015-0547, CVE-2015-0548
Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual
CVEs
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2015-06-30-5 QuickTime 7.7.7
QuickTime 7.7.7 is now available and addresses the following:
QT Media Foundation
Available for: Windows 7 and Windows Vista
Impact: Processing a maliciously crafted file may lead to an
unexpected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-3298-1 secur...@debian.org
https://www.debian.org/security/ Markus Koschany
July 01, 2015
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2015-06-30-6 iTunes 12.2
iTunes 12.2 is now available and addresses the following:
WebKit
Available for: Windows 8 and Windows 7
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected
Document Title:
===
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1535
Video: http://www.vulnerability-lab.com/get_content.php?id=1537
Release Date:
=
Advisory ID: HTB23263
Product: BlackCat CMS
Vendor: Black Cat Development
Vulnerable Version(s): 1.1.1 and probably prior
Tested Version: 1.1.1
Advisory Publication: June 10, 2015 [without technical details]
Vendor Notification: June 10, 2015
Vendor Patch: June 24, 2015
Public Disclosure: July
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities
CVE Identifier: CVE-2015-0551, CVE-2015-4524
Severity Rating: CVSS v2 Base Score: See below for CVSSv2 scores for individual
CVEs
Affected products:
EMC
Product: EMC Documentum Content Server
Vendor: EMC
Version: ANY
CVE: N/A
Risk: High
Status: public/not fixed
On April 2014 I discovered vulnerability in EMC Documentum Content Server
which allow authenticated user to elevate privileges, hijack Content Server
filesystem or execute arbitrary
Document Title:
===
Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1431
Release Date:
=
2015-06-30
Vulnerability Laboratory ID (VL-ID):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability
EMC Identifier: ESA-2015-112
CVE Identifier: CVE-2015-4525
Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Affected products:
EMC Isilon OneFS 7.2.0.0
11 matches
Mail list logo