The integrated web server on Siemens SIMATIC CP 343-1 Advanced before 3.0.53, SIMATIC CP 443-1 Advanced, SIMATIC S7-300 CPU, and SIMATIC S7-400 CPU devices does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
Monthly Archives: November 2016
CVE-2016-8673 (simatic_cp_343-1_firmware, simatic_cp_443-1_firmware, simatic_s7_300_cpu_firmware, simatic_s7_400_cpu_firmware)
Cross-site request forgery (CSRF) vulnerability in the integrated web server on Siemens SIMATIC CP 343-1 Advanced before 3.0.53, SIMATIC CP 443-1 Advanced, SIMATIC S7-300 CPU, and SIMATIC S7-400 CPU devices allows remote attackers to hijack the authentication of arbitrary users.
CVE-2016-9567 (samsung_mobile)
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device’s screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.
Bugtraq: [CORE-2016-0007] – TP-LINK TDDP Multiple Vulnerabilities
[CORE-2016-0007] – TP-LINK TDDP Multiple Vulnerabilities
Bugtraq: [SYSS-2016-106] EASY HOME Alarmanlagen-Set – Missing Protection against Replay Attacks
[SYSS-2016-106] EASY HOME Alarmanlagen-Set – Missing Protection against Replay Attacks
Bugtraq: [SYSS-2016-072] Olympia Protect 9061 – Missing Protection against Replay Attacks
[SYSS-2016-072] Olympia Protect 9061 – Missing Protection against Replay Attacks
Bugtraq: CVE-2015-1251: Chrome blink SpeechÂÂRecognitionÂÂController use-after-free details
CVE-2015-1251: Chrome blink SpeechÂRecognitionÂController use-after-free details
RHBA-2016:2813-1: redhat-virtualization-host bug fix and enhancement update for RHV 4.0.5-1
Red Hat Enterprise Linux: Updated redhat-virtualization-host packages are now available.
RHSA-2016:2820-1: Important: memcached security update
Red Hat Enterprise Linux: An update for memcached is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-8704, CVE-2016-8705
RHSA-2016:2819-1: Important: memcached security update
Red Hat Enterprise Linux: An update for memcached is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-8704, CVE-2016-8705, CVE-2016-8706