Vulnerability Summary for the Week of March 7, 2016

Inserito da 21 Marzo, 2016 (0) Commenti

Si tratta di :English Articles,ICT and Computer Security

cretino-11-e1334646540518

ITA

Questo articolo è scritto per te che “non capisci di esser abbastanza cretino” e   ti credi molto perspicace e intelligente, una persona che snobba gli articoli e non ha bisogno di niente e prima si iscrive alla newsletter del mio sito e poi si lamenta cancellandosi dalla newsletter.

ENG

This article is written for you that fairly stupid” and you think you’re very perceptive and intelligent, a person who snubs the articles and did not need anything and before he enrolled at the site of my newsletter and then complains removing himself from the newsletter.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — digital_editions Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2016-03-09 10.0 CVE-2016-0954
adobe — acrobat Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009. 2016-03-09 10.0 CVE-2016-1007
adobe — acrobat Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1007. 2016-03-09 10.0 CVE-2016-1009
adobe — acrobat Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. 2016-03-09 7.2 CVE-2016-1008
microsoft — .net_framework Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka “.NET XML Validation Security Feature Bypass.” 2016-03-09 10.0 CVE-2016-0132
microsoft — infopath Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-03-09 9.3 CVE-2016-0021
microsoft — windows OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Memory Remote Code Execution Vulnerability,” a different vulnerability than CVE-2016-0091. 2016-03-09 9.3 CVE-2016-0092
microsoft — windows Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka “Windows Media Parsing Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0098
microsoft — windows Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka “Windows Media Parsing Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0101
microsoft — windows The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0117
microsoft — windows The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0118
microsoft — windows The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” 2016-03-09 9.3 CVE-2016-0121
microsoft — office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-03-09 9.3 CVE-2016-0134
microsoft — internet_explorer Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0102
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0103
microsoft — internet_explorer Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2016-03-09 7.6 CVE-2016-0104
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0107, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0105
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0106
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0107
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0108
microsoft — internet_explorer Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0109
microsoft — internet_explorer Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability.” 2016-03-09 7.6 CVE-2016-0110
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0111
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0112
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0112. 2016-03-09 7.6 CVE-2016-0113
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0109. 2016-03-09 7.6 CVE-2016-0114
microsoft — internet_explorer Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0116
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0123
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0129, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0124
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0129
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0129. 2016-03-09 7.6 CVE-2016-0130
microsoft — office Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka “Microsoft Office Security Feature Bypass Vulnerability.” 2016-03-09 7.2 CVE-2016-0057
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096. 2016-03-09 7.2 CVE-2016-0093
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096. 2016-03-09 7.2 CVE-2016-0094
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096. 2016-03-09 7.2 CVE-2016-0095
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0095. 2016-03-09 7.2 CVE-2016-0096
microsoft — windows The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka “Secondary Logon Elevation of Privilege Vulnerability.” 2016-03-09 7.2 CVE-2016-0099
microsoft — windows The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” 2016-03-09 7.1 CVE-2016-0120

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — windows OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Memory Remote Code Execution Vulnerability,” a different vulnerability than CVE-2016-0092. 2016-03-09 6.8 CVE-2016-0091

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — edge Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka “Microsoft Edge Information Disclosure Vulnerability.” 2016-03-09 2.6 CVE-2016-0125

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0960
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0961
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0962
Adobe — Flash Player Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010. 2016-03-12 N/A CVE-2016-0963
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0986
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0987
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0988
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0989
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0990
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0991
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0992
Adobe — Flash Player Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010. 2016-03-12 N/A CVE-2016-0993
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0994
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0995
Adobe — Flash Player Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0996
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0997
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0998
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0999
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999. 2016-03-12 N/A CVE-2016-1000
Adobe — Flash Player Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors. 2016-03-12 N/A CVE-2016-1001
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-1002
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002. 2016-03-12 N/A CVE-2016-1005
Adobe — Flash Player Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. 2016-03-12 N/A CVE-2016-1010
Android — mediaserver The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. 2016-03-12 N/A CVE-2016-0815
Android — mediaserver mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. 2016-03-12 N/A CVE-2016-0816
Android — Conscrypt The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. 2016-03-12 N/A CVE-2016-0818
Android — Qualcomm performance The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. 2016-03-12 N/A CVE-2016-0819
Android — MediaTek The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. 2016-03-12 N/A CVE-2016-0820
Android — Linux kernel The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. 2016-03-12 N/A CVE-2016-0821
Android — MediaTek The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. 2016-03-12 N/A CVE-2016-0822
Android — Linux kernel The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. 2016-03-12 N/A CVE-2016-0823
Android — Widevine The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. 2016-03-12 N/A CVE-2016-0825
Android — mediaserver libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403. 2016-03-12 N/A CVE-2016-0826
Android — mediaserver Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509. 2016-03-12 N/A CVE-2016-0827
Android — mediaserver The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113. 2016-03-12 N/A CVE-2016-0828
Android — mediaserver The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109. 2016-03-12 N/A CVE-2016-0829
Android — DTE Energy Insight application The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter. 2016-03-11 N/A CVE-2016-1562
Android — mediaserver libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. 2016-03-12 N/A CVE-2016-1621
Android — libstagefright libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591. 2016-03-12 N/A CVE-2016-0824
Android — Bluetooth btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376. 2016-03-12 N/A CVE-2016-0830
Android — Telephony The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215. 2016-03-12 N/A CVE-2016-0831
Android — Setup Wizard Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042. 2016-03-12 N/A CVE-2016-0832
Apple — Apple Software Update Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. 2016-03-13 N/A CVE-2016-1731
Cisco — HTTPS inspection engine The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147. 2016-03-09 N/A CVE-2016-1312
Cisco — administration interface The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506. 2016-03-09 N/A CVE-2016-1325
Cisco — administration interface The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105. 2016-03-09 N/A CVE-2016-1326
Cisco — web server Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935. 2016-03-09 N/A CVE-2016-1327
Cisco — TelePresence Video Communication Server Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. 2016-03-11 N/A CVE-2016-1338
Cisco — Prime LAN Management Solution Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers’ installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. 2016-03-11 N/A CVE-2016-1360
Cisco — IOS XR Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900. 2016-03-11 N/A CVE-2016-1361
Debian — jessie pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the –enable-pt_chown option. 2016-03-13 N/A CVE-2016-2856
EMC — Documentum xCP EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. 2016-03-09 N/A CVE-2016-0886
Google — Chrome The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage “type confusion.” 2016-03-13 N/A CVE-2016-1643
Google — Chrome WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document. 2016-03-13 N/A CVE-2016-1644
Google — Chrome Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data. 2016-03-13 N/A CVE-2016-1645
IBM — Tivoli Monitoring The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors. 2016-03-11 N/A CVE-2015-7411
IBM — Flash System V9000 Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2016-03-12 N/A CVE-2015-7446
IBM — Maximo Asset Management IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. 2016-03-13 N/A CVE-2016-0222
IBM — Maximo Asset Management Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-03-13 N/A CVE-2016-0262
IBM — Maximo Asset Management SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2016-03-12 N/A CVE-2015-7448
IBM — WebSphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. 2016-03-13 N/A CVE-2016-0208
ISC — BIND named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. 2016-03-09 N/A CVE-2016-1285
ISC — BIND named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. 2016-03-09 N/A CVE-2016-1286
ISC — BIND resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. 2016-03-09 N/A CVE-2016-2088
ISC — DHCP ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. 2016-03-09 N/A CVE-2016-2774
microsoft — internet_explorer The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed Cascading Style Sheets (CSS) token sequence in conjunction with modifications to HTML elements, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-6048 and CVE-2015-6049. 2016-03-09 N/A CVE-2015-6184
microsoft — windows Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka “Windows Elevation of Privilege Vulnerability.” 2016-03-09 N/A CVE-2016-0087
microsoft — windows Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka “Library Loading Input Validation Remote Code Execution Vulnerability.” 2016-03-09 N/A CVE-2016-0100
microsoft — windows The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka “USB Mass Storage Elevation of Privilege Vulnerability.” 2016-03-09 N/A CVE-2016-0133
Mozilla — Firefox Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. 2016-03-13 N/A CVE-2016-1950
Mozilla — Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-03-13 N/A CVE-2016-1952
Mozilla — Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. 2016-03-13 N/A CVE-2016-1953
Mozilla — Firefox The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. 2016-03-13 N/A CVE-2016-1954
Mozilla — Firefox Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. 2016-03-13 N/A CVE-2016-1955
Mozilla — Firefox Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. 2016-03-13 N/A CVE-2016-1956
Mozilla — Firefox Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. 2016-03-13 N/A CVE-2016-1957
Mozilla — Firefox browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. 2016-03-13 N/A CVE-2016-1958
Mozilla — Firefox The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. 2016-03-13 N/A CVE-2016-1959
Mozilla — Firefox Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. 2016-03-13 N/A CVE-2016-1960
Mozilla — Firefox Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. 2016-03-13 N/A CVE-2016-1961
Mozilla — Firefox Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. 2016-03-13 N/A CVE-2016-1962
Mozilla — Firefox The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. 2016-03-13 N/A CVE-2016-1963
Mozilla — Firefox Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. 2016-03-13 N/A CVE-2016-1964
Mozilla — Firefox Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. 2016-03-13 N/A CVE-2016-1965
Mozilla — Firefox The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. 2016-03-13 N/A CVE-2016-1966
Mozilla — Firefox Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207. 2016-03-13 N/A CVE-2016-1967
Mozilla — Firefox Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression. 2016-03-13 N/A CVE-2016-1968
Mozilla — Firefox The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-1969
Mozilla — Firefox Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1970
Mozilla — Firefox The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1971
Mozilla — Firefox Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1972
Mozilla — Firefox Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. 2016-03-13 N/A CVE-2016-1973
Mozilla — Firefox The nsScannerString::AppendUnicodeTo fynction in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. 2016-03-13 N/A CVE-2016-1974
Mozilla — Firefox Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1975
Mozilla — Firefox Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1976
Mozilla — Firefox The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-1977
Mozilla — Firefox Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. 2016-03-13 N/A CVE-2016-1978
Mozilla — Firefox Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. 2016-03-13 N/A CVE-2016-1979
Mozilla — Firefox The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2790
Mozilla — Firefox The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2791
Mozilla — Firefox The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. 2016-03-13 N/A CVE-2016-2792
Mozilla — Firefox CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2793
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2794
Mozilla — Firefox The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2795
Mozilla — Firefox Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2796
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. 2016-03-13 N/A CVE-2016-2797
Mozilla — Firefox The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2798
Mozilla — Firefox Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2799
Mozilla — Firefox The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. 2016-03-13 N/A CVE-2016-2800
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. 2016-03-13 N/A CVE-2016-2801
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2802
Samba — smbd The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. 2016-03-13 N/A CVE-2015-7560
Samba — internal DNS server The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. 2016-03-13 N/A CVE-2016-0771
Schneider — Electric Telvent Sage Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet. 2016-03-11 N/A CVE-2015-6485

 

Categories : English Articles,ICT and Computer Security Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Diventa Reato battezzare i bambini in Europa

Inserito da 19 Marzo, 2016 (0) Commenti

Si tratta di :Bufale e Hoax

Si tratta di una bufala

 

E’ tornata in auge la vecchia bufala diffusa tempo fa da un sito web “satirico” Il Corriere del Mattino.
che ha per titolo  “Reato battezzare i bambini in Europa” dalla versione originale alcuni buontemponi hanno modificato versioni evarianti diffondendo questa bufala in diversi siti e blog, il contenuto della bufala per grandi linee è qualcosa del genere :

 La Corte Europea ha condannato l’Italia per aver violato i Diritti umani di una donna atea e agnostica e del suo figlio, neonato all’epoca dei fatti, la quale si era ribellata al battesimo del bambino e che il padre senza il consenso della moglie ha battezzato con il rito cattolico come da tradizione.

battesimo

 il testo completo ED INTEGRALE dell’articolo bufala è il seguente:

La Corte Europea ha condannato l’Italia per aver violato i Diritti umani di una donna atea e agnostica e del suo figlio, neonato all’epoca dei fatti, la quale si era ribellata al battesimo del bambino e che il padre senza il consenso della moglie ha battezzato con il rito cattolico come da tradizione.

Il caso è sorto con il ricorso della moglie che era stata condannata da un Tribunale italiano per minacce e abbandono del tetto coniugale, in quanto era contraria al battesimo del figlio fortemente voluto dal marito e dai nonni paterni e che chiedeva che il battesimo fosse giuridicamente annullato.

I giudici di Strasburgo spiegano nella sentenza, che non entra nell’ambito teologico-dogmatico:

L’Italia, permettendo il battesimo ai neonati viola la carta articolo 9 della Convenzione Europea in combinato disposto con l’articolo 14, in quanto i neonati non sono ancora in grado di intendere e di volere o emettere un atto personale e cosciente e, nella fattispecie sono obbligati e far parte di un associazione religiosa per tutta la vita. L’imposizione del rito chiamato sacramento tradisce il carattere di una dottrina che considera le persone come oggetti, il cui destino è deciso a loro insaputa da una organizzazione religiosa. Infatti, il battesimo impone al battezzato un sigillo indelebile, facendolo diventare a tutti gli effetti un iscritto e membro a sua insaputa e volontà e assoggettandolo alla suoi regolamenti e alla sua autorità. Come si evince nel canone 96 del Codice Cattolico di diritto canonico: «mediante il battesimo l’uomo è incorporato alla Chiesa di Cristo e in essa è costituito persona, con i doveri e i diritti che ai cristiani, tenuta presente la loro condizione, sono propri». Questa pratica lede il superiore interesse del bambino: sancito dall’art. 3, dalla Convenzione internazionale sui diritti dell’infanzia ratificata dall’Italia il 27 maggio 1991 con la legge n. 176. che prevede che in ogni decisione, azione legislativa, provvedimento giuridico, iniziativa pubblica o privata deve salvaguardare l’interesse superiore del bambino.”

Il Governo Italiano, entro 6 mesi (pena le sanzioni previste per le procedure di infrazione) dovrebbe adottare le relative riforme di Legge per rimediare alla violazione.

 ”Sono ovviamente entusiasta, è un’altro passo avanti verso il progresso e servirà soprattutto ai nostri figli” – ha commentato l’avvocato della donna, Dott. Gianni Battisti.    Mi auguro che l’odierna sentenza della Corte Europea dei Diritti Umani ci aiuti ad far approvare quanto prima una proposta di legge che presenteremo in parlamento con le 850000 firme già raccolte, che introduce il reato di violenza religiosa sui minori.”

Filippo Salomea – Corrispondente da Bruxelles

——–

Questa Bufala è stata ripresa anche da giornali on line e da blog e pubblicato nei vari social media in modo “indiscriminato”

Vi rendete conto che l’avvocato di chiama “Gianni Battisti ”  cioè “Giovanni Battista ” lascio a voi le considerazioni del caso…. guardacaso si chiama proprio così 😉

Categories : Bufale e Hoax Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Vacanza-truffa via Internet, scoperto e denunciato

Inserito da 13 Marzo, 2016 (0) Commenti

Si tratta di :Phishing e Truffe

ATTENTI ALLA TRUFFE ON LINE
SI TRATTA DI UNA NOTIZIA VERA

 

1606275_gallipoli_citta_vecchia

 

Ennesima truffa vacanze on line a Gallipoli. Il truffatore, un siciliano di 68 anni, residente a Milano, noto per la passione delle scommesse sulle corse dei cavalli, è stato scoperto e denunciato per truffa. La presunta truffa è stata accertata dagli investigatori del commissariato di Nardò, a conclusione di indagini condotte in seguito a denuncia di un 59nne di Nola (Napoli), il quale per il 18° compleanno della figlia aveva pensato di regalarle una vacanza per la settimana di ferragosto in un appartamento presso la Baia Verde di Gallipoli. Ritenendo di aver trovato un’offerta vantaggiosa attraverso un sito Internet, dopo avere pattuito il prezzo in 1.200 euro aveva rimesso al presunto truffatore un bonifico bancario e anche aveva ottemperato come richiesto alla firma del contratto e alla trasmissione di ricevuta del bonifico a mezzo e-mail.
Il nolano, frequentatore del Salento nel periodo estivo, giunto lo scorso agosto nella vicina marina neretina di Porto Selvaggio, si è recato nel luogo concordato on-line, a Gallipoli, scoprendo la inesistenza dell’indirizzo fornitogli dall’interlocutore.

FONTE: Quotidiano di Puglia

Categories : Phishing e Truffe Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Truffa del “pacco”: compra online tablet e pc, ma non gli arriva nulla

Inserito da 13 Marzo, 2016 (0) Commenti

Si tratta di :Curiosità

Si tratta di una notizia vera prestate molta attenzione !!!

pacco-vuoto

Gli Agenti dell’Ufficio Prevenzione Generale e Soccorso Pubblico nella serata di ieri hanno deferito in stato di libertà una 40enne di Verona, residente a Ravenna, perché responsabile del reato di truffa in danno di un 34enne di Avellino.

Il malcapitato aveva “acquistato” on-line un notebook ed un Tablet ad un prezzo apparentemente molto vantaggioso ma, come non di rado succede in questi casi, una volta versata la somma di denaro non riceveva, a distanza di diversi giorni, nessuno dei due hardware.

In seguito ad accertamenti effettuati i Poliziotti sono riusciti a risalire alla carta prepagata sulla quale era stato versato il denaro la cui titolare -26enne di Ravenna-, è stata denunciata in stato di libertà.

Fonte: Irpinianews

Categories : Curiosità Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Nessuna gara autunnale al crossodromo di Coredo

Inserito da 8 Marzo, 2016 (0) Commenti

Si tratta di :Bufale e Hoax,hoax

SI RIPORTA UNA NEWS:

Predaia, immediata la risposta del sindaco Paolo Forno a una interrogazione delle minoranze.
«Non si sono informati a dovere, l’evento sarà altrove»

Nessuna gara autunnale al crossodromo di Coredo

TRENTINO

COREDO. «Il minimo che un consigliere ‘serio’ può fare prima di presentare documenti è verificare se la cosa ha un qualche fondamento!» Non usa mezze parole il sindaco di Predaia Paolo Forno nel commentare il documento – una interrogazione – sottoscritto in blocco da tutti i sei esponenti della minoranza in merito ad una “presunta” gara che, stando alle loro informazioni, avrebbe dovuto tenersi il prossimo ottobre al crossodromo di Coredo e quindi già inserita nel calendario 2016 della Federazione Motociclistica. In realtà, aggiunge Forno, «non esiste nessun calendario della Federazione trentina in cui sia indicata una gara a Coredo, bastava una semplice verifica telefonica o anche più elementarmente ‘on line’ per accorgersene, come del resto abbiamo fatto noi».

Come spiega il primo cittadino, la minoranza del consiglio comunale di Predaia ha preso per oro colato un programma di gare pubblicato sul proprio sito da un singolo motoclub che reclamizza una gara che non esiste perché non recepita nel calendario federale. «C’è voluto poco per capire che era una bufala e che il Moto Club Rallo non c’entra nulla in questa storia. Anzi, di più, il Moto Club Rallo ha veramente inserito nel proprio calendario una gara sociale che si svolgerà nel corso del prossimo mese di ottobre, ma non nell’impianto di Coredo bensì in un altro crossodromo».

La polemica avviata dalle opposizione è dunque destinata a sgonfiarsi, anche se rimane l’interrogativo su quando, e come, verrà aperto il crossodromo di Coredo, una realtà che finora esiste solo sul terreno e che per entrare nel circuito ha bisogno di un gestore (da scegliere con bando pubblico) ed un regolamento di disciplina, di accessi ed orari come prevede il capitolato d’approvazione della struttura. Realizzato in località Pozzelonghe con una spesa di progetto nell’ordine di poco meno di 1,4 milioni di euro, il crossodromo di Coredo è lungo 1.630 metri (quasi 300 in più di Pietramurata) con una larghezza media di 8 – 10 metri. Il rettilineo di partenza è di 85 metri per 45 di larghezza con massimo 40 piloti

ammessi al via. Il crossodromo – non tanto per l’impianto in sé ma per la collocazione panoramica sulla valle ed in particolare su Sanzeno – era stato contestato nella fase esecutiva con vari interventi (Apt, Italia Nostra) e da una campagna di 711 firme depositate in consiglio provinciale.

FONTE: http://trentinocorrierealpi.gelocal.it/

Categories : Bufale e Hoax,hoax Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

I got this in my E-mail, I think it is the same fellow.

Inserito da 5 Marzo, 2011 (0) Commenti

Si tratta di :Unsorted comments

Dear Friend, I am Mr. Peter Wong, Non Executive Director of Hang Seng Bank Ltd, Hong Kong . An Iraqi named Haidari Jalal,a business man made a fixed deposit of Twenty Four million Five Hundred Thousand United State Dollars in Hang Seng Bank Ltd and the deposit was done in my branch.. Upon maturity several notices was sent to him, even during the war, Five years ago (2003). Again after the war another notification was sent and still no response came from him. We later found out that Haidari Jalal and his family had been killed during the war in Gunfire that hit their home at Mukaradeeb where his personal oil well was. After further investigation it was also discovered that Haidari Jalal did not declare any next of kin in his official papers including the paper work of his bank deposit. And he also confided in me the last time he was at my office that no one except me knew of his deposit in my bank. So, Twenty Four million Five Hundred Thousand United State Dollars is still lying in my bank and no one will ever come forward to claim it. What bothers me is that according to the laws of my country at the expiration of seven years six months the funds will revert to the ownership of the Hong Kong Government if nobody applies to claim the funds. Be informed that the fact that you are a foreigner give you the privilege to stand in as my deceased client beneficiary as my deceased had no relation all his family died with him during the war and I cannot use my relation because it not accepted here in Hong Kong. Also I am very confident that we will be able to establish the trust that is needed to complete this deal and all that I need for the time been is your willingness and commitment so that we can end this in the next one weeks. What you need to understand about this transaction is that I will make sure that it passes through all international banking laws regards to this I will take care of all the expensive and the cost of retaining the service of my Attorney to give the transaction the proper documentation that is required to perfect the finishing. Your only obligation in this transaction is to accept to stand in as the only existing relative of my deceased client and you will have to set up offshore account that can accommodate these funds with my principal bank which I will give you information later once we finalize this deal. Further more Below is my personal information; Name: Mr. Peter Wong Address:37A Cooper Hill Road, Hong Kong. Fax: +85230177756 Phone: +8821633303563 Age: 57 Please never call my line for security purpose at least for the now it is not advisable till we move the funds out of my country but I can call you always from a public phone. My line is tapped by security agent because of my roll in my bank, so this business transaction cannot be discussed with my line okay. I hope that the above is well clear to you, if so kindly send me the following; 1. Your Full Name: 2. Your Current Home Address: 3. Your Country: 4. Your Personal Phone Number: 5. Date of Birth: 6. Nature Of Job: 7. A scanned copy of your means of identification Either Int ernational Passport,Driver’s License or Working ID card.

Categories : Unsorted comments Tags : , , , , , , , , , , , , , , , , , , , , , , , ,

BUSINESS OFFER from MR HUANG Bank Manager of bank of Overseas,Taiwan

Inserito da 19 Ottobre, 2010 (0) Commenti

Si tratta di :English Articles,hoaxes

hi dude this mail is a fraud,
Trash it, this is a message from a frauder, pay attention at this stupid chain, trash trash

Dear Recipient,
How are you today and business in your country?I am Huang,
Bank Manager of bank of Overseas,Taiwan. I would respectfully
request that you keep the contents of this mail confidential
and respect the integrity of the information you come by as a
result of this mail.I contacted you independently
of our investigation and no one is informed of
this communication.

A British Oil consultant/contractor with the Chinese Solid
Minerals Corporation, Mr.Bowen Atkinson made a numbered time
(Fixed)Deposit of $30,000,000.00 for twelve calendar months
and not too long Mr.Bowen Atkinson died from an airplane crash.
The bank immediately launched an investigation into possible
surviving next of kin to alert about the situation and also
to claim his estate. If you are familiar with private banking
affairs,those who patronize our services usually prefer
anonymity,but also some levels of detachment from conventional
processes.In his bio-data form, he listed no next of kin.In the
field of private banking, opening an account with us means no
one will know of its existence, accounts are rarely held under
a name;depositors use numbers and codes to make the accounts
anonymous.

They are simply awaiting instructions to release the deposit to
any party that comes forward.I am aware of the consequences of
this proposal. If my offer is of no appeal to you, delete this
message and forget I ever contacted you. If you give me positive
signals,I will initiate this process towards a conclusion.I wish
to inform you that should you contact me via official channels;I
will deny knowing you and about this project. I repeat,I do not
want you contacting me through my official phone lines nor do I
want you contacting me through my official email account.I will
always call you and please contact me only through this email
below. My official lines are not secure lines as they are
periodically monitored to assess our level of customer care in
line with our Total Quality Management Policy.

Please observe this instruction religiously.Please, again, note
I am a family man,I have a wife and children. I send you this mail
not without a measure of fear as to what the consequences maybe,
but I know within me that nothing ventured is nothing gained and
that success and riches never come easy or on a platter of gold.
This is the one truth I have learned from my private banking
clients. Do not betray my confidence.If we can be of one accord,
we should plan a meeting, soon. In closing,please observe utmost
confidentiality,and be rest assured that this transaction would
be most profitable for both of us because I shall require your
assistance to invest my share in your country.Upon receiving your
reply, I will then furnish you with a more comprehensive detail
of this transaction and what is required of you.Please reply to
my private Email: mr.huang10001@yahoo.com.tw
Awaiting your urgent reply.
Yours Sincerely,
Mr Huang

Categories : English Articles,hoaxes Tags : , , , , , , , , , , , , , , , , , , , , , , , ,

Frode fiscale con vendite tv e on line

Inserito da 10 Agosto, 2010 (0) Commenti

Si tratta di :News

(ANSA) – BERGAMO, 10 AGO – La Gdf ha scoperto una frode fiscale messa in atto con vendite on line, televendite e 4 societa’ costituite sulla carta in Liechtenstein. Il meccanismo era gestito dall’Italia, facendo pero’ figurare che i venditori fossero societa’ estere: venduti nel 2006-2009 prodotti per oltre 24 milioni di euro senza versare un euro di tasse. Nel mirino in particolare un imprenditore al quale sono stati sequestrati 26 immobili, un elicottero, disponibilita’ finanziarie e titoli per oltre 11 milioni.

Categories : News Tags : , , , , , ,

Prince Mobley – Hej –

Inserito da 11 Maggio, 2010 (0) Commenti

Si tratta di :English Articles,hoaxes

Pay attention, this is an hoax spam, simply trash it !!

Hi!
I hope you don’t mind me writing you. Somehow I have found your email on agency and decided to email you a line. And I hope I didn’t bother you with my email. Some more about me: My name is Anna. I am young and modern lady. They say that I have a nice figure and pretty appearance. The reason why I am emailing to you is that I am seeking for a man and a lifetime partner. I am loving, caring, devoted, responsible woman. I would like my man to be responsible, loving and caring as well. I want him to decided to me in any problem and from my hand I would do the same. If you are interested please reply me back. I would be very flatterred. I will reply to you as soon as I can.

Please mail me back only at e-mail: nexia10@yahoo.com

I am sending my photo with this answer and hope you will like it. Lookng forward to your reply.
Your new friend Anna.

Categories : English Articles,hoaxes Tags : , , , , , , , , , , , , , ,

Il 9 maggio 1950 Festa dell’Europa – (Russia) dell’Unione Sovietica

Inserito da 9 Maggio, 2010 (0) Commenti

Si tratta di :avvenimenti

Il 9 maggio 1950, Robert Schuman presentava la proposta di creare un’Europa organizzata, indispensabile al mantenimento di relazioni pacifiche fra gli Stati che la componevano. La proposta, nota come “dichiarazione Schuman”, è considerata l’atto di nascita dell’Unione europea. Questa proposta, nota come Dichiarazione Schuman, è l’inizio del processo d’integrazione europea. Il giorno coincide con la Festa della Vittoria (Russia) dell’Unione Sovietica (quella di molti paesi europei occidentali cade l’8 maggio).
Questa giornata (Festa dell’Europa) del 9 maggio è diventata un simbolo europeo che, insieme alla bandiera, all’inno, al motto e alla moneta unica (l’euro), identifica l’entità politica dell’Unione Europea. La festa dell’Europa è l’occasione di dar vita a festività e di organizzare attività che avvicinano l’Europa ai suoi cittadini ed i popoli dell’Unione fra loro.

fonte e link
http://europa.eu/abc/symbols/9-may/index_it.htm

La dichiarazione del 9 maggio 1950

Segue il testo integrale della dichiarazione di Robert Schuman, l’allora Ministro degli Esteri francese, rilasciata il 9 maggio 1950 e che diede origine al processo di integrazione europea.

La pace mondiale non potrà essere salvaguardata se non con sforzi creativi, proporzionali ai pericoli che la minacciano.
Il contributo che un’Europa organizzata e vitale può apportare alla civiltà è indispensabile per il mantenimento di relazioni pacifiche. La Francia, facendosi da oltre vent’anni antesignana di un’Europa unita, ha sempre avuto per obiettivo essenziale di servire la pace. L’Europa non è stata fatta : abbiamo avuto la guerra.

L’Europa non potrà farsi un una sola volta, né sarà costruita tutta insieme; essa sorgerà da realizzazioni concrete che creino anzitutto una solidarietà di fatto. L’unione delle nazioni esige l’eliminazione del contrasto secolare tra la Francia e la Germania: l’azione intrapresa deve concernere in prima linea la Francia e la Germania.
A tal fine, il governo francese propone di concentrare immediatamente l’azione su un punto limitato ma decisivo.

Foto – Dichiarazione Schuman del 9 maggio 1950Il governo francese propone di mettere l’insieme della produzione franco-tedesca di carbone e di acciaio sotto una comune Alta Autorità, nel quadro di un’organizzazione alla quale possono aderire gli altri paesi europei.
La fusione della produzioni di carbone e di acciaio assicurerà subito la costituzione di basi comuni per lo sviluppo economico, prima tappa della Federazione europea, e cambierà il destino di queste regioni che per lungo tempo si sono dedicate alla fabbricazione di strumenti bellici di cui più costantemente sono state le vittime.

La solidarietà di produzione in tal modo realizzata farà si che una qualsiasi guerra tra la Francia e la Germania diventi non solo impensabile, ma materialmente impossibile. La creazione di questa potente unità di produzione, aperta a tutti i paesi che vorranno aderirvi e intesa a fornire a tutti i paesi in essa riuniti gli elementi di base della produzione industriale a condizioni uguali, getterà le fondamenta reali della loro unificazione economica.

Questa produzione sarà offerta al mondo intero senza distinzione né esclusione per contribuire al rialzo del livello di vita e al progresso delle opere di pace. Se potrà contare su un rafforzamento dei mezzi, l’Europa sarà in grado di proseguire nella realizzazione di uno dei suoi compiti essenziali: lo sviluppo del continente africano. Sarà così effettuata, rapidamente e con mezzi semplici, la fusione di interessi necessari all’instaurazione di una comunità economica e si introdurrà il fermento di una comunità più profonda tra paesi lungamente contrapposti da sanguinose scissioni.

Questa proposta, mettendo in comune le produzioni di base e istituendo una nuova Alta Autorità, le cui decisioni saranno vincolanti per la Francia, la Germania e i paesi che vi aderiranno, costituirà il primo nucleo concreto di una Federazione europea indispensabile al mantenimento della pace.Per giungere alla realizzazione degli obiettivi cosi’ definiti, il governo francese è pronto ad iniziare dei negoziati sulle basi seguenti.

Il compito affidato alla comune Alta Autorità sarà di assicurare entro i termini più brevi: l’ammodernamento della produzione e il miglioramento della sua qualità: la fornitura, a condizioni uguali, del carbone e dell’acciaio sul mercato francese e sul mercato tedesco nonché su quelli dei paese aderenti: lo sviluppo dell’esportazione comune verso gli altri paesi; l’uguagliamento verso l’alto delle condizioni di vita della manodopera di queste industrie.

Per conseguire tali obiettivi, partendo dalle condizioni molto dissimili in cui attualmente si trovano le produzioni dei paesi aderenti, occorrerà mettere in vigore, a titolo transitorio, alcune disposizioni che comportano l’applicazione di un piano di produzione e di investimento, l’istituzione di meccanismi di perequazione dei prezzi e la creazione di un fondo di riconversione che faciliti la razionalizzazione della produzione. La circolazione del carbone e dell’acciaio tra i paesi aderenti sarà immediatamente esentata da qualsiasi dazio doganale e non potrà essere colpita da tariffe di trasporto differenziali. Ne risulteranno gradualmente le condizioni che assicureranno automaticamente la ripartizione più razionale della produzione al più alto livello di produttività.

Contrariamente ad un cartello internazionale, che tende alla ripartizione e allo sfruttamento dei mercati nazionali mediante pratiche restrittive e il mantenimento di profitti elevati, l’organizzazione progettata assicurerà la fusione dei mercati e l’espansione della produzione.

I principi e gli impegni essenziali sopra definiti saranno oggetto di un trattato firmato tra gli stati e sottoposto alla ratifica dei parlamenti. I negoziati indispensabili per precisare le misure d’applicazione si svolgeranno con l’assistenza di un arbitro designato di comune accordo : costui sarà incaricato di verificare che gli accordi siano conformi ai principi e, in caso di contrasto irriducibile, fisserà la soluzione che sarà adottata.

L’Alta Autorità comune, incaricata del funzionamento dell’intero regime, sarà composta di personalità indipendenti designate su base paritaria dai governi; un presidente sarà scelto di comune accordo dai governi; le sue decisioni saranno esecutive in Francia, Germania e negli altri paesi aderenti. Disposizioni appropriate assicureranno i necessari mezzi di ricorso contro le decisioni dell’Alta Autorità.
Un rappresentante delle Nazioni Unite presso detta autorità sarà incaricato di preparare due volte l’anno una relazione pubblica per l’ONU, nelle quale renderà conto del funzionamento del nuovo organismo, in particolare per quanto riguarda la salvaguardia dei suoi fini pacifici.

L’istituzione dell’Alta Autorità non pregiudica in nulla il regime di proprietà delle imprese. Nell’esercizio del suo compito, l’Alta Autorità comune terrà conto dei poteri conferiti all’autorità internazionale della Ruhr e degli obblighi di qualsiasi natura imposti alla Germania, finché tali obblighi sussisteranno.

Categories : avvenimenti Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,