Posted by FOXMOLE Advisories on Oct 28
=== FOXMOLE – Security Advisory 2016-07-20 ===
Lupusec XT1 Alarm System – Multiple Issues
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Affected Versions
=================
Lupusec XT1 fw 1.0.80
Issue Overview
==============
Vulnerability Type: Cross Site Scripting, Cross Site Request Forgery, Unencrypted Connection, Remote Administrative
Access, Denial of Service
Technical Risk: critical
Likelihood of Exploitation: medium
Vendor:…
Posted by Apple Product Security on Oct 28
APPLE-SA-2016-10-27-1 Xcode 8.1
Xcode 8.1 is now available and addresses the following:
IDE Xcode Server
Available for: OS X El Capitan v10.11.5 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple issues existed in Node.js in Xcode Server.
These issues were addressed by updating to Node.js version 4.5.0.
CVE-2016-1669
CVE-2016-0705
CVE-2016-0797…
Posted by Apple Product Security on Oct 28
APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1
iCloud for Windows v6.0.1 is now available and addresses the
following:
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: An input validation issue was addressed through improved
state management.
CVE-2016-4613: Chris Palmer
WebKit
Available for: Windows 7 and later
Impact: Processing…
Posted by Apple Product Security on Oct 28
APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows
iTunes 12.5.2 for Windows is now available and addresses the
following:
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: An input validation issue was addressed through improved
state management.
CVE-2016-4613: Chris Palmer
WebKit
Available for: Windows 7 and later
Impact: Processing…
A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
Security fix for CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5189, CVE-2016-5186, CVE-2016-5191, CVE-2016-5190, CVE-2016-5193, CVE-2016-5194
Update to new stable, 54.0.2840.71.
Security fix for CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5189, CVE-2016-5186, CVE-2016-5191, CVE-2016-5190, CVE-2016-5193, CVE-2016-5194
Update to new stable, 54.0.2840.71.
Security fix for CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5189, CVE-2016-5186, CVE-2016-5191, CVE-2016-5190, CVE-2016-5193, CVE-2016-5194
Update to new stable, 54.0.2840.71.
Security fix for CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5189, CVE-2016-5186, CVE-2016-5191, CVE-2016-5190, CVE-2016-5193, CVE-2016-5194
Update to new stable, 54.0.2840.71.