Gentoo Linux Security Advisory 201703-5 – A vulnerability in Libtasn1 allows remote attackers to cause a Denial of Service condition. Versions less than 4.8 are affected.
Monthly Archives: March 2017
Gentoo Linux Security Advisory 201703-06
Gentoo Linux Security Advisory 201703-6 – A vulnerability in Deluge might allow remote attackers to execute arbitrary code. Versions less than 1.3.14 are affected.
Gentoo Linux Security Advisory 201703-07
Gentoo Linux Security Advisory 201703-7 – A vulnerability in Xen’s bundled QEMU version might allow privilege escalation. Versions less than 4.7.1-r8 are affected.
Debian Security Advisory 3821-1
Debian Linux Security Advisory 3821-1 – Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.
CVE-2016-6807
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.
CVE-2016-8749
Apache Camel’s Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
Apple Fixes 223 Vulnerabilities Across macOS, iOS, Safari
Apple fixed hundreds of bugs, 223 to be exact, across macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday.
Symantec API Flaws reportedly let attackers steal Private SSL Keys and Certificates
A security researcher has disclosed critical issues in the processes and third-party API used by Symantec certificate resellers to deliver and manage Symantec SSL certificates.
The flaw, discovered by Chris Byrne, an information security consultant and instructor for Cloud Harmonics, could allow an unauthenticated attacker to retrieve other persons’ SSL certificates, including public and
CVE-2016-8031
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file.
CVE-2014-6440
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.