[FD] [SYSS-2016-074] Logitech Wireless Presenter R400 - Insufficient Verification of Data Authenticity (CWE-345), Keystroke Injection Vulnerability

2016-10-12 Thread Matthias Deeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-074 Product: Wireless Presenter R400 Manufacturer: Logitech Affected Version(s): Model R-R0008 Tested Version(s): Model R-R0008 Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)

[FD] [SYSS-2016-075] Targus Multimedia Presentation Remote - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack

2016-10-12 Thread Matthias Deeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-075 Product: Multimedia Presentation Remote Manufacturer: Targus Affected Version(s): Model AMP09-EU Tested Version(s): Model AMP09-EU Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)

[FD] New OpenSSL double-free and invalid free vulnerabilities in X509 parsing

2016-10-12 Thread Guido Vranken
These vulnerabilities were found in the latest OpenSSL (1.1.0b). Triggering these vulnerabilities is not trivial -- they rely on memory shortages (malloc/realloc failures) or failing to acquire a thread lock while the X509 data is being parsed. Possibly exploitation can be achieved by exploiting a