date:20151217

[SECURITY] [DSA 3425-1] tryton-server security update

2015-12-17 Thread Luciano Bello

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3425-1 secur...@debian.org https://www.debian.org/security/Luciano Bello December 17, 2015

[oCERT 2015-011] PyAMF input sanitization errors (XXE)

2015-12-17 Thread Daniele Bianco

#2015-011 PyAMF input sanitization errors (XXE) Description: PyAMF is a Python module that implements the Action Message Format (AMF) protocol, allowing Flash interoperation with various web frameworks. PyAMF suffers from insufficient AMF input payload sanitization which results in the XML

[SECURITY] [DSA 3425-1] tryton-server security update

2015-12-17 Thread Luciano Bello

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3425-1 secur...@debian.org https://www.debian.org/security/Luciano Bello December 17, 2015

ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability

2015-12-17 Thread Security Alert

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability EMC Identifier: ESA-2015-148 CVE Identifier: CVE-2015-4545 Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) Affected products: EMC Isilon

[SECURITY] [DSA 3426-1] linux security update

2015-12-17 Thread Salvatore Bonaccorso

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3426-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2015

Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege

2015-12-17 Thread Stefan Kanthak

Hi @ll, avira_registry_cleaner_en.exe, available from to clean up remnants the uninstallers of their snakeoil products fail to remove, is vulnerable: it loads and executes WTSAPI32.dll, UXTheme.dll and RichEd20.dll from its

CVE-2015-5348 - Apache Camel medium disclosure vulnerability

2015-12-17 Thread Claus Ibsen

Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability If using camel-jetty, or camel-servlet as a consumer in Camel routes, then Camel will automatic de-serialize HTTP requests that uses the content-header: application/x-java-serialized-object. Please

[SECURITY] [DSA 3425-1] tryton-server security update

[oCERT 2015-011] PyAMF input sanitization errors (XXE)

[SECURITY] [DSA 3425-1] tryton-server security update

ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability

[SECURITY] [DSA 3426-1] linux security update

Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege

CVE-2015-5348 - Apache Camel medium disclosure vulnerability

7 matches

Site Navigation

Mail list logo

Footer information