Libarchive CVE-2015-8934 Local Heap Buffer Overflow Vulnerability
Monthly Archives: July 2016
Vuln: Libarchive CVE-2015-8933 Local Denial of Service Vulnerability
Libarchive CVE-2015-8933 Local Denial of Service Vulnerability
Vuln: libarchive CVE-2016-4300 Heap Buffer Overflow Vulnerability
libarchive CVE-2016-4300 Heap Buffer Overflow Vulnerability
DSA-3621 mysql-connector-java – security update
A vulnerability was discovered in mysql-connector-java, a Java database
(JDBC) driver for MySQL, which may result in unauthorized update, insert
or delete access to some MySQL Connectors accessible data as well as
read access to a subset of MySQL Connectors accessible data. The
vulnerability was addressed by upgrading mysql-connector-java to the new
upstream version 5.1.39, which includes additional changes, such as bug
fixes, new features, and possibly incompatible changes. Please see the
MySQL Connector/J Release Notes and Oracle’s Critical Patch Update
advisory for further details:
DSA-3622 python-django – security update
It was discovered that Django, a high-level Python web development
framework, is prone to a cross-site scripting vulnerability in the
admin’s add/change related popup.
CVE-2016-0321 (personal_communications)
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
CVE-2016-0393 (maximo_asset_management)
IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files.
CVE-2016-1448 (webex_meetings_server)
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706.
CVE-2016-1459 (ios, ios_xe)
Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061.
CVE-2016-3039 (traveler)
IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.