Compra smartphone su web e le arriva un limone

Inserito da 28 Agosto, 2016 (0) Commenti

Si tratta di :Phishing e Truffe

Vittima è giovane in vacanza a Stintino, denunciato calabrese

limone-013

Trecento euro in contanti, pagati sull’unghia al momento della consegna, per un limone. È la tragicomica vicenda in cui è incappata una giovane studentessa di Bergamo che da qualche giorno si trova in vacanza in Sardegna, a Stintino.

La ragazza, poco più che ventenne, è stata attratta da un’offerta su Subito.it (uno dei più conosciuti e utilizzati siti internet per gli acquisti online), relativa a uno smartphone di ultima generazione a un prezzo davvero vantaggioso. La turista ha deciso di acquistarlo e di farselo recapitare in vacanza, scegliendo il pagamento contrassegno.

Una volta ricevuto il pacco, la sorpresa: all’interno non c’è traccia di telefoni ma c’è un limone. Immediatamente ha denunciato l’accaduto ai carabinieri di Stintino, che sono risaliti al truffatore, un quarantunenne di Vibo Valentia che è stato denunciato per truffa.

Fonte: Ansa

Categories : Phishing e Truffe Tags : , , ,

Vulnerability Summary for the Week of March 7, 2016

Inserito da 21 Marzo, 2016 (0) Commenti

Si tratta di :English Articles,ICT and Computer Security

cretino-11-e1334646540518

ITA

Questo articolo è scritto per te che “non capisci di esser abbastanza cretino” e   ti credi molto perspicace e intelligente, una persona che snobba gli articoli e non ha bisogno di niente e prima si iscrive alla newsletter del mio sito e poi si lamenta cancellandosi dalla newsletter.

ENG

This article is written for you that fairly stupid” and you think you’re very perceptive and intelligent, a person who snubs the articles and did not need anything and before he enrolled at the site of my newsletter and then complains removing himself from the newsletter.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — digital_editions Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2016-03-09 10.0 CVE-2016-0954
adobe — acrobat Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009. 2016-03-09 10.0 CVE-2016-1007
adobe — acrobat Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1007. 2016-03-09 10.0 CVE-2016-1009
adobe — acrobat Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. 2016-03-09 7.2 CVE-2016-1008
microsoft — .net_framework Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka “.NET XML Validation Security Feature Bypass.” 2016-03-09 10.0 CVE-2016-0132
microsoft — infopath Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-03-09 9.3 CVE-2016-0021
microsoft — windows OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Memory Remote Code Execution Vulnerability,” a different vulnerability than CVE-2016-0091. 2016-03-09 9.3 CVE-2016-0092
microsoft — windows Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka “Windows Media Parsing Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0098
microsoft — windows Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka “Windows Media Parsing Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0101
microsoft — windows The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0117
microsoft — windows The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0118
microsoft — windows The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” 2016-03-09 9.3 CVE-2016-0121
microsoft — office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-03-09 9.3 CVE-2016-0134
microsoft — internet_explorer Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0102
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0103
microsoft — internet_explorer Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2016-03-09 7.6 CVE-2016-0104
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0107, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0105
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0106
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0107
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0108
microsoft — internet_explorer Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0109
microsoft — internet_explorer Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability.” 2016-03-09 7.6 CVE-2016-0110
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0111
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0112
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0112. 2016-03-09 7.6 CVE-2016-0113
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0109. 2016-03-09 7.6 CVE-2016-0114
microsoft — internet_explorer Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0116
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0123
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0129, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0124
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0129
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0129. 2016-03-09 7.6 CVE-2016-0130
microsoft — office Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka “Microsoft Office Security Feature Bypass Vulnerability.” 2016-03-09 7.2 CVE-2016-0057
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096. 2016-03-09 7.2 CVE-2016-0093
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096. 2016-03-09 7.2 CVE-2016-0094
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096. 2016-03-09 7.2 CVE-2016-0095
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0095. 2016-03-09 7.2 CVE-2016-0096
microsoft — windows The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka “Secondary Logon Elevation of Privilege Vulnerability.” 2016-03-09 7.2 CVE-2016-0099
microsoft — windows The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” 2016-03-09 7.1 CVE-2016-0120

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — windows OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Memory Remote Code Execution Vulnerability,” a different vulnerability than CVE-2016-0092. 2016-03-09 6.8 CVE-2016-0091

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — edge Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka “Microsoft Edge Information Disclosure Vulnerability.” 2016-03-09 2.6 CVE-2016-0125

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0960
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0961
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0962
Adobe — Flash Player Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010. 2016-03-12 N/A CVE-2016-0963
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0986
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0987
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0988
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0989
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0990
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0991
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0992
Adobe — Flash Player Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010. 2016-03-12 N/A CVE-2016-0993
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0994
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0995
Adobe — Flash Player Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0996
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0997
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0998
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0999
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999. 2016-03-12 N/A CVE-2016-1000
Adobe — Flash Player Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors. 2016-03-12 N/A CVE-2016-1001
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-1002
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002. 2016-03-12 N/A CVE-2016-1005
Adobe — Flash Player Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. 2016-03-12 N/A CVE-2016-1010
Android — mediaserver The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. 2016-03-12 N/A CVE-2016-0815
Android — mediaserver mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. 2016-03-12 N/A CVE-2016-0816
Android — Conscrypt The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. 2016-03-12 N/A CVE-2016-0818
Android — Qualcomm performance The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. 2016-03-12 N/A CVE-2016-0819
Android — MediaTek The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. 2016-03-12 N/A CVE-2016-0820
Android — Linux kernel The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. 2016-03-12 N/A CVE-2016-0821
Android — MediaTek The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. 2016-03-12 N/A CVE-2016-0822
Android — Linux kernel The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. 2016-03-12 N/A CVE-2016-0823
Android — Widevine The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. 2016-03-12 N/A CVE-2016-0825
Android — mediaserver libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403. 2016-03-12 N/A CVE-2016-0826
Android — mediaserver Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509. 2016-03-12 N/A CVE-2016-0827
Android — mediaserver The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113. 2016-03-12 N/A CVE-2016-0828
Android — mediaserver The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109. 2016-03-12 N/A CVE-2016-0829
Android — DTE Energy Insight application The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter. 2016-03-11 N/A CVE-2016-1562
Android — mediaserver libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. 2016-03-12 N/A CVE-2016-1621
Android — libstagefright libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591. 2016-03-12 N/A CVE-2016-0824
Android — Bluetooth btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376. 2016-03-12 N/A CVE-2016-0830
Android — Telephony The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215. 2016-03-12 N/A CVE-2016-0831
Android — Setup Wizard Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042. 2016-03-12 N/A CVE-2016-0832
Apple — Apple Software Update Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. 2016-03-13 N/A CVE-2016-1731
Cisco — HTTPS inspection engine The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147. 2016-03-09 N/A CVE-2016-1312
Cisco — administration interface The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506. 2016-03-09 N/A CVE-2016-1325
Cisco — administration interface The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105. 2016-03-09 N/A CVE-2016-1326
Cisco — web server Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935. 2016-03-09 N/A CVE-2016-1327
Cisco — TelePresence Video Communication Server Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. 2016-03-11 N/A CVE-2016-1338
Cisco — Prime LAN Management Solution Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers’ installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. 2016-03-11 N/A CVE-2016-1360
Cisco — IOS XR Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900. 2016-03-11 N/A CVE-2016-1361
Debian — jessie pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the –enable-pt_chown option. 2016-03-13 N/A CVE-2016-2856
EMC — Documentum xCP EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. 2016-03-09 N/A CVE-2016-0886
Google — Chrome The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage “type confusion.” 2016-03-13 N/A CVE-2016-1643
Google — Chrome WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document. 2016-03-13 N/A CVE-2016-1644
Google — Chrome Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data. 2016-03-13 N/A CVE-2016-1645
IBM — Tivoli Monitoring The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors. 2016-03-11 N/A CVE-2015-7411
IBM — Flash System V9000 Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2016-03-12 N/A CVE-2015-7446
IBM — Maximo Asset Management IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. 2016-03-13 N/A CVE-2016-0222
IBM — Maximo Asset Management Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-03-13 N/A CVE-2016-0262
IBM — Maximo Asset Management SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2016-03-12 N/A CVE-2015-7448
IBM — WebSphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. 2016-03-13 N/A CVE-2016-0208
ISC — BIND named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. 2016-03-09 N/A CVE-2016-1285
ISC — BIND named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. 2016-03-09 N/A CVE-2016-1286
ISC — BIND resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. 2016-03-09 N/A CVE-2016-2088
ISC — DHCP ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. 2016-03-09 N/A CVE-2016-2774
microsoft — internet_explorer The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed Cascading Style Sheets (CSS) token sequence in conjunction with modifications to HTML elements, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-6048 and CVE-2015-6049. 2016-03-09 N/A CVE-2015-6184
microsoft — windows Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka “Windows Elevation of Privilege Vulnerability.” 2016-03-09 N/A CVE-2016-0087
microsoft — windows Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka “Library Loading Input Validation Remote Code Execution Vulnerability.” 2016-03-09 N/A CVE-2016-0100
microsoft — windows The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka “USB Mass Storage Elevation of Privilege Vulnerability.” 2016-03-09 N/A CVE-2016-0133
Mozilla — Firefox Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. 2016-03-13 N/A CVE-2016-1950
Mozilla — Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-03-13 N/A CVE-2016-1952
Mozilla — Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. 2016-03-13 N/A CVE-2016-1953
Mozilla — Firefox The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. 2016-03-13 N/A CVE-2016-1954
Mozilla — Firefox Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. 2016-03-13 N/A CVE-2016-1955
Mozilla — Firefox Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. 2016-03-13 N/A CVE-2016-1956
Mozilla — Firefox Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. 2016-03-13 N/A CVE-2016-1957
Mozilla — Firefox browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. 2016-03-13 N/A CVE-2016-1958
Mozilla — Firefox The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. 2016-03-13 N/A CVE-2016-1959
Mozilla — Firefox Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. 2016-03-13 N/A CVE-2016-1960
Mozilla — Firefox Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. 2016-03-13 N/A CVE-2016-1961
Mozilla — Firefox Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. 2016-03-13 N/A CVE-2016-1962
Mozilla — Firefox The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. 2016-03-13 N/A CVE-2016-1963
Mozilla — Firefox Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. 2016-03-13 N/A CVE-2016-1964
Mozilla — Firefox Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. 2016-03-13 N/A CVE-2016-1965
Mozilla — Firefox The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. 2016-03-13 N/A CVE-2016-1966
Mozilla — Firefox Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207. 2016-03-13 N/A CVE-2016-1967
Mozilla — Firefox Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression. 2016-03-13 N/A CVE-2016-1968
Mozilla — Firefox The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-1969
Mozilla — Firefox Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1970
Mozilla — Firefox The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1971
Mozilla — Firefox Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1972
Mozilla — Firefox Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. 2016-03-13 N/A CVE-2016-1973
Mozilla — Firefox The nsScannerString::AppendUnicodeTo fynction in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. 2016-03-13 N/A CVE-2016-1974
Mozilla — Firefox Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1975
Mozilla — Firefox Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1976
Mozilla — Firefox The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-1977
Mozilla — Firefox Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. 2016-03-13 N/A CVE-2016-1978
Mozilla — Firefox Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. 2016-03-13 N/A CVE-2016-1979
Mozilla — Firefox The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2790
Mozilla — Firefox The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2791
Mozilla — Firefox The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. 2016-03-13 N/A CVE-2016-2792
Mozilla — Firefox CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2793
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2794
Mozilla — Firefox The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2795
Mozilla — Firefox Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2796
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. 2016-03-13 N/A CVE-2016-2797
Mozilla — Firefox The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2798
Mozilla — Firefox Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2799
Mozilla — Firefox The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. 2016-03-13 N/A CVE-2016-2800
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. 2016-03-13 N/A CVE-2016-2801
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2802
Samba — smbd The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. 2016-03-13 N/A CVE-2015-7560
Samba — internal DNS server The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. 2016-03-13 N/A CVE-2016-0771
Schneider — Electric Telvent Sage Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet. 2016-03-11 N/A CVE-2015-6485

 

Categories : English Articles,ICT and Computer Security Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

E’ morto Yuri Chechi, ma è solo una bufala diffusa da un sito farlocco

Inserito da 16 Marzo, 2016 (0) Commenti

Si tratta di :Bufale e Hoax

Non è morto è pieno di vita ! il 15 Marzo 2016 è arrivata la smentita ufficiale direttamente dall’account Twitter di Yuri Chechi.

tmp_6821-jury_chechi_atlanta_oro_lp-172213134

Non bisogna prenderla a male perchè il sito “notiziario europeo” è una Trappola farlocca assetata di Mi Piace,
Una volta catturato l’utente sul suo “sitarello pieno di notizie farlocche” impone una finestrella che supplica il mi piace per poter leggere la notizia spazzatura.

Si tratta di un sistema penoso e poco onesto che fa leva sulle emozioni più basse. Un atleta come Yuri Chechi è noto per le sue abilità e per quello che ha conquistato e conquisterà.

Siti del genere che sono farlocchi nel DNA diffondono notizie “false” poi la morte di un personaggio famoso non fa altro che aumentare vorticosamente i mi piace e quindi dato che un click su un pollice alzato
vale più di ogni cosa in un modo schifoso come quello di Internet popolato da Trolls è più facile diffondere paure e false notizie.

Si riporta per dovere di cronaca la farloccosa notizia che questa volta ha coinvolto Yuri Chechi.

 

Se ne è andato all’età di 47 anni il celebre “Signore degli Anelli”. Yuri Chechi, il ginnasta più forte della storia Italiana è venuto mancare in mattinata in seguito ad un malore improvviso che lo ha colto nella sua casa di Roma.

A chiamare i soccorsi la moglie che ha tentato anche una prima rianimazione nell’attesa del 118. Nulla da fare per il campione che lascia uno splendido ricordo nel panorama mondiale della ginnastica.

Riviviamo alcune tappe fondamentali della sua biografia:

I genitori lo chiamano Jury in onore del cosmonauta russo Gagarin. Da bambino, piccolo di statura e magrolino, non è certo dotato di un fisico che fa presumere una carriera sportiva. La sorella però frequenta una palestra di ginnastica artistica, la Società Ginnastica Etruria di Prato, e Jury finisce per appassionarsi a questo sport, cosicché nel 1976 i genitori decidono di iscrivere anche lui.

Nel 1977, Jury centra il primo di una serie innumerevole di successi, piazzandosi al primo posto del Campionato Regionale Toscano. Nel 1984 entra nel giro della nazionale juniores di ginnastica e si trasferisce a Varese per potere studiare e contemporaneamente allenarsi nella palestra della gloriosa Società Ginnastica Varesina, specializzandosi nella disciplina degli anelli. Dal 1989 al 1995, sotto la guida del suo allenatore Bruno Franceschetti, vince 6 titoli italiani consecutivi, i Giochi del Mediterraneo, le Universiadi, 4 titoli europei e 5 titoli mondiali.

Dopo aver partecipato alle Olimpiadi di Seoul del 1988, Chechi si è rivelato nel 1989 con un terzo posto agli anelli ai Mondiali e l’anno successivo ha conquistato il titolo europeo della specialità. È terzo anche ai Mondiali del 1991, anno in cui agli XI Giochi del Mediterraneo vince sei medaglie d’oro rispettivamente negli anelli, corpo libero, cavallo con maniglie, parallele simmetriche, concorso generale individuale e concorso generale a squadre; nel 1992 è il grande favorito per la gara degli anelli alle olimpiadi di Barcellona ma, circa un mese prima delle gare, si rompe il tendine d’Achille durante un allenamento ed è costretto a rinunciare alle gare. Chechi non si perde d’animo, va a Barcellona a commentare le gare di ginnastica per la televisione e tornato alle competizioni l’anno successivo, si è aggiudicato per cinque volte di seguito il titolo mondiale (1993-97), rimanendo il primo ginnasta della storia a vincere cinque ori iridati consecutivi in una specialità. Queste vittorie, le prime per un atleta italiano dai tempi di Franco Menichelli gli fanno valere il soprannome di “Signore degli Anelli” che, riferendosi agli strumenti ginnici, parafrasa il titolo del famoso romanzo di Tolkien, di cui ha dichiarato essere appassionato. Tale soprannome, però, i giornalisti l’hanno attribuito anche ad altri atleti come il bulgaro Jovtchev e il greco Tampakos.

Ha colto poi il massimo alloro trionfando anche ai Giochi olimpici di Atlanta del 1996, anno in cui ha conquistato anche il suo quarto titolo europeo dopo i successi nel 1990, 1992 e nel 1994. Sempre negli anelli, ha ottenuto anche due vittorie in Coppa Europa (1991 e 1995). Notevoli sono stati anche i suoi risultati nel concorso generale, dove può vantare un terzo posto agli Europei (1990) e una vittoria e un terzo posto in Coppa Europa (1991 e 1995); nella sbarra, con un oro e un bronzo in Coppa Europa (1991 e 1995), e nel corpo libero, dove è stato terzo agli Europei del 1992. Nel 1997 annuncia il ritiro ma due anni dopo decide di tornare alle gare.

Categories : Bufale e Hoax Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Vacanza-truffa via Internet, scoperto e denunciato

Inserito da 13 Marzo, 2016 (0) Commenti

Si tratta di :Phishing e Truffe

ATTENTI ALLA TRUFFE ON LINE
SI TRATTA DI UNA NOTIZIA VERA

 

1606275_gallipoli_citta_vecchia

 

Ennesima truffa vacanze on line a Gallipoli. Il truffatore, un siciliano di 68 anni, residente a Milano, noto per la passione delle scommesse sulle corse dei cavalli, è stato scoperto e denunciato per truffa. La presunta truffa è stata accertata dagli investigatori del commissariato di Nardò, a conclusione di indagini condotte in seguito a denuncia di un 59nne di Nola (Napoli), il quale per il 18° compleanno della figlia aveva pensato di regalarle una vacanza per la settimana di ferragosto in un appartamento presso la Baia Verde di Gallipoli. Ritenendo di aver trovato un’offerta vantaggiosa attraverso un sito Internet, dopo avere pattuito il prezzo in 1.200 euro aveva rimesso al presunto truffatore un bonifico bancario e anche aveva ottemperato come richiesto alla firma del contratto e alla trasmissione di ricevuta del bonifico a mezzo e-mail.
Il nolano, frequentatore del Salento nel periodo estivo, giunto lo scorso agosto nella vicina marina neretina di Porto Selvaggio, si è recato nel luogo concordato on-line, a Gallipoli, scoprendo la inesistenza dell’indirizzo fornitogli dall’interlocutore.

FONTE: Quotidiano di Puglia

Categories : Phishing e Truffe Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Aggiornamento di sicurezza per Adobe Flash Player

Inserito da 13 Marzo, 2016 (0) Commenti

Si tratta di :ICT and Computer Security

SI TRATTA DI UNA NOTIZIA VERA
AGGIORNARE IMMEDIATAMENTE IL VOSTROI FLASH PLAYER

:: Descrizione del problema

Adobe ha rilasciato un aggiornamento del Flash Player
che risolve numerose vulnerabilita’ presenti nel software.
Tali difetti potrebbero consentire ad un aggressore
di prendere il controllo del sistema.

Maggiori dettagli sono disponibili nella segnalazione
ufficiale alla sezione “Riferimenti”.

:: Software interessato

adobe_flash_

Flash Player Desktop Runtime 20.0.0.306 e precedenti per Windows e Macintosh
Flash Player Extended Support Release 18.0.0.329 e precedenti per
Windows e Macintosh
Flash Player per Google Chrome 20.0.0.306 e precedenti per Windows,
Macintosh, Linux e ChromeOS
Flash Player per Microsoft Edge e Internet Explorer 11 20.0.0.306 e
precedenti per Windows 10
Flash Player per Internet Explorer 10 e 11 20.0.0.306 e precedenti per
Windows 8.0 e 8.1
Flash Player per Linux 11.2.202.569 e precedenti per Linux

AIR Desktop Runtime 20.0.0.260 e precedenti per Windows e Macintosh
AIR SDK 20.0.0.260 e precedenti per Windows, Macintosh, Android e iOS
AIR SDK & Compiler 20.0.0.260 e precedenti per Windows, Macintosh,
Android e iOS
AIR for Android 20.0.0.233 e precedenti per Android

Per verificare la versione di Flash Player installata
accedere alla seguente pagina

http://www.adobe.com/products/flash/about/

se si utilizzano piu’ browser effettuare il controllo
da ognuno di essi.

:: Impatto

Esecuzione remota di codice arbitrario
Accesso al sistema

:: Soluzioni

Aggiornare a Flash Player 21.0.0.182 per Windows
e Macintosh, Google Chrome, Microsoft Edge e Internet Explorer 11
Aggiornare a Flash Player Extended Support 18.0.0.333 per Windows e
Macintosh
Aggiornare a Flash Player 11.2.202.577 per Linux
Aggiornare a AIR 21.0.0.176

http://www.adobe.com/go/getflash

gli utenti Windows possono anche utilizzare la funzione auto-update
presente nel prodotto, quando proposta.

:: Riferimenti

Abobe Security Bulletin
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html

Microsoft Security Advisory
https://technet.microsoft.com/library/security/MS16-036

MITRE-CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1010

Fonte: Garr

Categories : ICT and Computer Security Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Scoperta una maxi truffa sui biglietti aerei, a organizzare tutto un senegalese..

Inserito da 12 Marzo, 2016 (0) Commenti

Si tratta di :Phishing e Truffe

L’uomo ha bidonato i propri connazionali vendendo loro dei falsi biglietti di andata e ritorno. A scoprire il tutto un’agenzia viaggi

 

Una maxi truffa che, al momento, ha visto finire nei guai almeno una ventina di cittadini senegalesi ma che rischia di aumentare a dismisura. Secondo quanto emerso, tra la numerosa comunità senegalese che vive a Rimini si era sparsa la voce che un loro connazionale, tale Mustapha, si prestava per fornire i bilietti aerei per tornare in patria. Un servizio di booking che aveva la sua “sede” presso un internet point di borgo Marina. Al costo di 475 euro, il senegalese offriva i biglietti di andata e ritorno ma, una volta arrivati in patria, per i viaggiatori è arrivata l’amara sorpresa. Solo il biglietto di andata era vero mentre, quello di ritorno, era semplicemente una prenotazione che poi veniva disdetta dal truffatore.

 

biglietti-aerei-2

A rimanere bloccati in Senegal sono una ventina di stranieri che risiedono a Rimini e che, adesso, dovranno sborsare una cifra esorbitante per tornare in Italia. A scoprire il tutto è stata un’agenzia viaggi di Rimini, l’Adriatour, che si è vista arrivare numerosi ex clienti che chiedevano spiegazioni sui biglietti acquistati dal connazionale. In un caso, addirittura, è risultato essere falso anche il ticket di andata. Il timore è che, nei prossimi giorni, possa salire sensibilmente il numero dei truffati.

Fonte: RiminiToday

Categories : Phishing e Truffe Tags : , , , , , , , , , , , , , , , , , , , , ,

Festa della Donna tutte le bufale sulle origini dell’8 marzo

Inserito da 8 Marzo, 2016 (0) Commenti

Si tratta di :avvenimenti,Bufale e Hoax

Ecco le bufale circolate sull’8 marzo, Festa della Donna 2016

si riporta un articolo pubblicato su Giornalettismo che vale la pena leggere…

Festa della donna anche quest’anno si festeggia la  Giornata Internazionale delle donne (detta Festa della Donna ), ma sappiamo davvero di cosa si tratta? Nemmeno l’8 marzo, la Festa della Donna, infatti ha trovato scampo dalle bufale. E in un tempo remoto, quando in pochi utilizzavano il telefono e Internet non esisteva affatto, la Festa della Donna  aveva una storia del tutto diversa rispetto a quella che oggi siamo abituati a conoscere. Nei decenni scorsi sono infatti circolate versioni inesatte sulle origini della giornata internazionale che ricorda le conquiste sociali del mondo femminile, celebrata per la prima volta in America nel 1909 e in Italia nel 1922. Insomma, prima di celebrare la festa della donna, vediamo di conoscere le origini di una giornata nata per denunciare, più che per festeggiare.

mimosa_fai_da_te_festa_della_donna

FESTA DELLA DONNA  E 8 MARZO, LE BUFALE

La confusione è nata da fantasioni versioni sulla ricorrenza sorte nel dopoguerra. Secondo queste versioni la Festa della Donna sarebbe stata introdotta per ricordare la morte di alcune centinaia di operaie nel rogo di una fabbrica di camicie, in realtà inesistente, avvenuto nel 1908 a New York. Probabilmente questa versione  fa confusione con una simile tragedia avvenuta nel 1911 sempre a New York, l’incendio alla fabbrica Triangle, che causò la morte di 146 lavoratori, nella stragrande maggioranza donne, molte delle quali giovani immigrate. Ma un’altra fantasiosa versione sulla Festa della Donna è anche quella che riguarda una repressione violenta della polizia delle proteste nel corso di una presunta manifestazione di operaie tessili avvenuta, ancora a New York, nel 1857. Altra confusione, infine, è stata fatta dal racconto di scioperi o incidenti che sarebbero avvenuti in diverse città degli Stati Uniti, a New York come a Chicago o Boston.

FESTA DELLA DONNA 8 MARZO, LA STORIA

La prima giornata internazionale della donna, denominata ‘Woman’s Day’ ebbe luogo a New York il 3 maggio del 1908. Era in realtà una conferenza organizzata dalla socialista Corinne Brown, nella quale si discusse di sfruttamento del lavoro e discriminazioni sessuali nei confronti delle donne. La prima vera e propria Festa della Donna fu celebrata il 23 febbraio dell’anno seguente. Dopo la conferenza di Copenhagen del 1910, poi, molti paesi aderirono alla giornata del diritto femminile. Lo fecero anche la Germania, l’Austria, la Svizzera e la Danimarca che istituirono i festeggiamenti per la prima volta il 19 marzo 1911. In Francia la Festa della Donna si tenne invece il 18 marzo 1911. In Italia la Giornata internazionale della donna è arrivata solo nel 1922, per iniziativa del Partito Comunista. Fu celebrata inizialmente il 12 marzo, la prima domenica successiva all’8 marzo (l’8 marzo 1917 a San Pietroburgo le donne della capitale russa guidarono una grande manifestazione che rivendicava la fine della guerra).Il 14 giugno del 1921 fu la seconda Conferenza internazionale delle donne comuniste, a Mosca, a stabilire l’8 marzo come ‘Giornata internazionale dell’operaia’.

FESTA DELLA DONNA IL MOTIVO DELLE BUFALE

In occasione della Festa della donna  vogliamo scoprire perché tante bufale sono state “confezionate” sulla giornata internazionale della donna. Gli storici sono infatti divisi sul tema: tuttavia si pensa che la “colpa” sia della seconda guerra mondiale, avvenuta dopo l’introduzione della giornata internazionale della donna, che per certi versi ne ha “cancellato” l’esordio. Così si è fornita una ricostruzione storico-simobolica molto forte, che come tutte le leggende metropolitane è arrivata fino a oggi, alla festa della donna, come storia “assodata” anche se falsa. Solo il lavoro storiografico delle stesse femministe ha permesso di determinare la verità. Insomma, buona festa della donna , ora che ne conoscete le origini.

Fonte: Giornalettismo

Categories : avvenimenti,Bufale e Hoax Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Catania: Ritorna la Manipolazione di una frase di Monsignor Echevarria riferita ad un sondaggio sui portatori di Handicap

Inserito da 6 Marzo, 2016 (0) Commenti

Si tratta di :Bufale e Hoax,Catene di Sant'Antonio

Catania: Ritorna sui social le “manipolazioni” su una frase di Monsignor Echevarria
malinterpretata e riferita ad un sondaggio del 1997  sui portatori di Handicap.
la frase virgolettata sulle presunte affermazioni  è questa “Un sondaggio dice che il 90 per cento degli handicappati
sono figli di genitori che non sono arrivati puri al matrimonio”.

Ovviamente questa frase ha generato una valaga di critiche ma si riferiva ai  figli delle sieropositive.

Andare a ripescare notizia vecchie fa proprio pena e il fatto che stia girando nuovamente sulle bacheche
non fa altro che farci capire a che livello sta scendendo il web . E basta poco per far scatuire critiche e commenti impropri anche su “presunte affermazioni” sui disabili fatte dal Prelato dell’Opus Dei, Mons. Javier Echevarrìa, a Catania nel 1997.

image

***********************************

A proposito di una falsa notizia sul Prelato dell’Opus Dei che sta girando su internet

Sta girando sul web una notizia riguardo alcune presunte affermazioni sui disabili fatte dal Prelato dell’Opus Dei, Mons. Javier Echevarrìa, a Catania nel 1997.

In realtà si tratta di una questione chiusa a suo tempo (15 anni fa) in un’ampia intervista ad Avvenire in cui il Prelato chiarì dicendo: “Smentisco che quella frase corrisponda al mio pensiero di uomo, di cristiano e di sacerdote, l’affermazione che il novanta per cento degli handicappati sono figli di genitori che non sono arrivati puri al matrimonio è priva di senso, un’assurdità”. Il fraintendimento delle sue parole è avvenuto durante un incontro informale alla presenza di di molte famiglie in cui il Prelato aveva parlato della virtù della castità e del suo valore “capace di svelarci la pienezza dell’amore umano”.

L’amore per i disabili e per i sofferenti è una componente essenziale dello spirito cristiano che si vive nell’Opus Dei. Molti fedeli dell’Opera hanno figli e familiari diversamente abili che accolgono con amore e dedizione.

Esistono anche alcune iniziative sociali promosse da fedeli dell’Opera come ad esempio la Fondazione Espurna (http://www.opusdei.it/art.php?p=25234) che si occupa dell’assistenza a persone affette da sindrome di Down.

In allegato l’intervista a Mons. Javier Echevarría che chiarì l’infondatezza della questione.

L’articolo del Corriere della Sera:

Handicap, gaffe dell’ Opus Dei

Monsignor Echevarria: sondaggio rivela che i genitori dei disabili non sono arrivati puri al matrimonio. Le associazioni: orrore e disagio. La smentita: frase colloquiale, si riferiva ai figli delle sieropositive. ” un equivoco, ma e’ pericoloso: accende dibattiti regressivi “

Handicap, gaffe dell’Opus Dei Monsignor Echevarria: sondaggio rivela che i genitori dei disabili non sono arrivati puri al matrimonio Le associazioni: orrore e disagio. La smentita: frase colloquiale, si riferiva ai figli delle sieropositive

CATANIA – “Un sondaggio dice che il 90 per cento degli handicappati sono figli di genitori che non sono arrivati puri al matrimonio”. Un virgolettato di appena due righe riportato ieri solo nelle pagine catanesi del “Giornale di Sicilia”. Tanto e’ bastato a provocare una valanga di critiche. Destinatario e’ il capo dell’Opus Dei, il vescovo Saverio Echevarria, che mercoledi’ sera ha pronunciato queste parole davanti a 1.500 persone provenienti da tutta la Sicilia. La visita a Catania del capo dell’Opus Dei era passata sotto silenzio. E del resto l’incontro era riservato ai componenti dell’organizzazione religiosa fondata dal beato Escriva’.

Ma l’articolo del “Giornale di Sicilia” ha presto fatto il giro d’Italia e ieri pomeriggio sono cominciate ad arrivare le reazioni. Durissima quella dell’Associazione Down. “Non possiamo che esprimere orrore e disagio per una tale affermazione – si legge in una nota -, non soltanto priva di ogni validita’ scientifica ma anche priva di ogni forma di sensibilita’ e rispetto umano. Il fatto che tale mancanza di attenzione venga da un autorevole membro della Chiesa ci fa vivere con ancora maggiore dolore tale evento.

Ci auguriamo che Echevarria provveda a correggere e a chiedere scusa agli handicappati”. Dello stesso tenore anche altre associazioni. Per l’Anffa (Associazione famiglie e fanciulli subnormali) “quella di Echevarria e’ un’affermazione molto grave da un punto di vista psicologico, perche’ aumenta il senso di colpa nel quale vivono spesso i genitori degli handicappati, anche quando non esiste alcun tipo di responsabilita’. Il vescovo ha offeso non solo gli handicappati ma anche quanti operano in questo settore”. Imbarazzata la replica dell’Opus Dei affidata al direttore dell’ufficio informazioni Pippo Corigliano.

“E’ escluso che Echevarria parlasse di handicappati in senso proprio. Il suo era un discorso colloquiale. Ha fornito questo dato scientifico riferendosi, pero’, ai bambini sieropositivi nati da madri sieropositive. Non dunque agli handicappati”. Mercoledi’ sera monsignor Echevarria ha parlato a lungo della purezza nell’accostarsi al matrimonio: “Mantenete una santa purezza, arrivate al matrimonio con un corpo pulito e restate tali”.

Quindi ha pronunciato la frase incriminata. Molti componenti dell’Opus Dei presenti all’incontro parlano “di un qui pro quo dovuto anche alla scarsa padronanza della lingua italiana e comunque nell’ambito di un discorso relativo alle malattie che si trasmettono per via sessuale”. Insomma, secondo l’Opus Dei il riferimento non era agli handicappati ma ai sieropositivi. Una precisazione destinata a innescare altre polemiche.

L’EX MINISTRO GUIDI “Un equivoco, ma e’ pericoloso: accende dibattiti regressivi”

MILANO – “Non puo’ che essere stato un equivoco. Quella frase non ha senso: ne’ dal punto di vista scientifi – co, ne’ da quello dei valori”. Antonio Guidi, ex ministro e deputato di For – za Italia, non vuole credere che mon – signor Echevarria abbia pronunciato quelle parole.

“Certe affermazioni accendono un dibattito regressivo, dopo che, con molte difficolta’, abbiamo sradicato quella cultura che ghettizzava noi portatori di handicap. Ma la posizione della Chiesa e’ sempre stata chiara, basti pensare alle poesie del Papa o al cardinale Ratzinger che ha sempre sostenuto l’handicap come valore e non come una condizione da punire. E’ stata una gaffe, ne sono certo”.

Pero’ pericolosa. “Certo, legare il peccato all’handicap e’ come dire che l’handicap e’ una colpa da scontare. Lo ricordate? Dicevano che se una donna in gravidanza guardava un handicappato avrebbe partorito un handicappato! Quei tempi, fortunatamente, sono finiti”.

Pero’ lei sostiene che i disabili vivano ancora oggi in “gabbie invisibili”. “E’ vero, c’e’ la logica dell’elargizione: hanno garantito ai disabili il diritto alla scuola e allo sport, pero’ guai a dire che fanno l’amore. E’ una ghettizzazione, solo piu’ raffinata”.

*********************

Link correlato  Abruzzo24oretv

Categories : Bufale e Hoax,Catene di Sant'Antonio Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Falso sms di Poste Italiane che chiede di effettuare una ricarica per ricevere credito omaggio

Inserito da 4 Marzo, 2016 (0) Commenti

Si tratta di :ingegneria sociale,Phishing e Truffe

Attenzione di tratta di una Falso sms di Poste Italiane che chiede

di effettuare una ricarica per ricevere credito omaggio

 

Sulla Pagina Facebook di “Una Vita da Social” leggiamo di

“un tentativo di phishing tramite SMS che in queste ore sta tempestando mcentinaia di italiani. L’sms (apparentemente inviato da Poste Italiane) invita i destinatari ad effettuare una ricarica telefonica per ricevere del credito telefonico in omaggio.Ecco cosa dice l’sms.Poste Italiane ti regalano 100 euro di credito + 10 GB Internet se effettui una ricarica di almeno 20 euro sul sito XXXX offerta valida 24 ore
Il numero di cellulare del mittente è sempre diverso e varia a secondo l’operatore che avete. Il link presente nell’sms porta ad un sito all’interno del quale vengono richiesti i vostri dati della carta di credito o paypal per pagare e quindi aderire alla fantomatica offerta. Peccato che si tratti solo e soltanto di una truffa.Eccovi come si presenta il sito (GUARDA FOTO )Poste Italiane fa sapere che Gli sms in questione non sono stati inviati da PosteMobile né tanto meno da Poste Italiane”

12805754_455176608013135_1459854107275731804_n

Link Originale

Categories : ingegneria sociale,Phishing e Truffe Tags : , , , , , , , , , , , , , , , , , , , , , , , , ,