Monthly Archives: January 2017
GLSA 201701-46: Mozilla Network Security Service (NSS): Multiple vulnerabilities
GLSA 201701-44: CVS: Heap-based overflow
DSA-3766 mapserver – security update
It was discovered that mapserver, a CGI-based framework for Internet
map services, was vulnerable to a stack-based overflow. This issue
allowed a remote user to crash the service, or potentially execute
arbitrary code.
CVE-2016-6283
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
CVE-2016-9678 (provisioning_services)
Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2016-6271
The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.
CVE-2016-10086
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.
CVE-2016-3401 (zimbra_collaboration_suite)
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810.
CVE-2016-3402 (zimbra_collaboration_suite)
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167.