NVD

CVE-2016-4763

September 25, 2016 007admin

WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

NVD

CVE-2016-4765

September 25, 2016 007admin

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.

NVD

CVE-2016-4766

September 25, 2016 007admin

Checkpoint

OpenSSL OCSP Extension Unbounded Memory Denial of Service (CVE-2016-6304)

September 25, 2016 007admin

A denial-of-service vulnerability exists in OpenSSL. A remote, unauthenticated attacker can send an excessively large OCSP Status Request extension and create a denial of service condition.

Checkpoint

Cisco IKEv1 Information Disclosure (BENIGNCERTAIN; CVE-2016-6415)

September 25, 2016 007admin

A vulnerability exists in IKEv1 packet processing code in Cisco IOS, Cisco IOS XE and Cisco IOS XR Software. The vulnerability , known as Pix Pocket, is due to insufficient condition checks in the IKEv1 security negotiation requests. A successful could cause disclosure of confidential information.

Debian

DSA-3677 libarchive – security update

September 24, 2016 007admin

Several vulnerabilities were discovered in libarchive, a multi-format
archive and compression library, which may lead to denial of service
(memory consumption and application crash), bypass of sandboxing
restrictions and overwrite arbitrary files with arbitrary data from an
archive, or the execution of arbitrary code.

Security