An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows kernel API improperly allows a user to access sensitive registry information. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable.
Monthly Archives: October 2016
Microsoft Edge Memory Corruption (MS16-119: CVE-2016-3386; CVE-2016-3386)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way Chakra JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page.
Microsoft Windows GDI+ Information Disclosure (MS16-120: CVE-2016-3263; CVE-2016-3263)
An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way the True Type Font (TTF) driver handles objects in memory. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted EMF file.
Bugtraq: [SYSS-2016-033] Microsoft Wireless Desktop 2000 – Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
[SYSS-2016-033] Microsoft Wireless Desktop 2000 – Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
Bugtraq: [SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 – Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks
[SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 – Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks
Bugtraq: Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348]
Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348]
RHSA-2016:2047-1: Important: kernel security update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-7039
RHSA-2016:2046-1: Important: tomcat security update
Red Hat Enterprise Linux: An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2014-7810, CVE-2015-5346, CVE-2016-5388, CVE-2016-5425, CVE-2016-6325
RHSA-2016:2045-1: Important: tomcat6 security and bug fix update
Red Hat Enterprise Linux: An update for tomcat6 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, CVE-2016-0714, CVE-2016-5388, CVE-2016-6325
RHSA-2016:2043-1: Moderate: python-django security update
Red Hat Enterprise Linux: An update for python-django is now available for Red Hat OpenStack Platform 9.0
(Mitaka).
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-7401