Posted by Dawid Golunski on May 12
http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt
=============================================
– Release date: 12.05.2016
– Discovered by: Dawid Golunski
– Severity: Medium
=============================================
I. VULNERABILITY
————————-
CakePHP Framework <= 3.2.4 IP Spoofing Vulnerability
3.1.11
2.8.1
2.7.10
2.6.12
II. BACKGROUND
————————-
– CakePHP…
Posted by Danny Kopping on May 12
First-time poster here. I’ve been told to submit this issue to FD since
Microsoft’s Security Team rejected this out of hand because it doesn’t meet
their arbitrary definition of a vulnerability.
“Thank you for contacting the Microsoft Security Response Center (MSRC).
Upon investigation we have determined that this is not a valid
vulnerability.”
Below is the original message i sent to secure () microsoft com:…
Original release date: May 12, 2016
Adobe has released security updates to address vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review Adobe Security Bulletins APSB16-15 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Adobe pushed out an emergency Flash Player update, patching a zero-day vulnerability. Adobe said a public exploit exists for CVE-2016-4117.
Red Hat Security Advisory 2016-1051-01 – The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a newer upstream version: kernel-rt. This version provides a number of bug fixes and enhancements, including: [scsi] bnx2fc: Fix FCP RSP residual parsing and remove explicit logouts [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO
Red Hat Security Advisory 2016-1033-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way the Linux kernel’s ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system.
Ubuntu Security Notice 2974-1 – Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak host memory bytes. Various other issues were also addressed.
HP Security Bulletin HPSBNS03581 2 – Security vulnerabilities in Samba could potentially impact HPE NonStop Servers. These vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in Denial of Service (DoS), arbitrary file deletion, disclosure of sensitive information, unauthorized access, or unauthorized modification of file or database. Note: This product is NOT affected by the ‘Badlock’ vulnerability (CVE-2016-2118). Affected RVUs: L15.02 – L15.08.01 J06.04 – J06.19.02 H06.15 – H06.29.01. Revision 2 of this advisory.
HP Security Bulletin HPSBST03586 1 – A potential security vulnerability has been identified in HPE 3PAR OS. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as “Logjam” which could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.