Monthly Archives: July 2016
BMW Web Portal Vulns Pose Car Hack Risk
Vuln: Oracle Java SE and JRockit CVE-2016-0695 Remote Security Vulnerability
Oracle Java SE and JRockit CVE-2016-0695 Remote Security Vulnerability
Vuln: OpenSSL CVE-2016-2108 ASN.1 Encoder Remote Memory Corruption Vulnerability
OpenSSL CVE-2016-2108 ASN.1 Encoder Remote Memory Corruption Vulnerability
GLSA 201607-01: Squid: Multiple vulnerabilities
GLSA 201607-02: libpcre: Multiple Vulnerabilities
CyberPower Systems PowerPanel 3.1.2 XXE Out-Of-Band Data Retrieval
CyberPower Systems PowerPanel version 3.1.2 suffers from an unauthenticated XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xmlservice servlet using the ppbe.xml script is not sanitized while parsing the xml inquiry payload returned by the JAXB element translation.
Gentoo Linux Security Advisory 201607-02
Gentoo Linux Security Advisory 201607-2 – Multiple vulnerabilities have been found in libpcre, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 8.38-r1 are affected.
Gentoo Linux Security Advisory 201607-01
Gentoo Linux Security Advisory 201607-1 – Multiple vulnerabilities have been found in Squid, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 3.5.19 are affected.
CVE-2016-4324
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and supercript tokens.