Vulnerability Summary for the Week of March 7, 2016

Inserito da 21 Marzo, 2016 (0) Commenti

Si tratta di :English Articles,ICT and Computer Security

cretino-11-e1334646540518

ITA

Questo articolo è scritto per te che “non capisci di esser abbastanza cretino” e   ti credi molto perspicace e intelligente, una persona che snobba gli articoli e non ha bisogno di niente e prima si iscrive alla newsletter del mio sito e poi si lamenta cancellandosi dalla newsletter.

ENG

This article is written for you that fairly stupid” and you think you’re very perceptive and intelligent, a person who snubs the articles and did not need anything and before he enrolled at the site of my newsletter and then complains removing himself from the newsletter.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — digital_editions Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2016-03-09 10.0 CVE-2016-0954
adobe — acrobat Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009. 2016-03-09 10.0 CVE-2016-1007
adobe — acrobat Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1007. 2016-03-09 10.0 CVE-2016-1009
adobe — acrobat Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. 2016-03-09 7.2 CVE-2016-1008
microsoft — .net_framework Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka “.NET XML Validation Security Feature Bypass.” 2016-03-09 10.0 CVE-2016-0132
microsoft — infopath Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-03-09 9.3 CVE-2016-0021
microsoft — windows OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Memory Remote Code Execution Vulnerability,” a different vulnerability than CVE-2016-0091. 2016-03-09 9.3 CVE-2016-0092
microsoft — windows Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka “Windows Media Parsing Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0098
microsoft — windows Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka “Windows Media Parsing Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0101
microsoft — windows The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0117
microsoft — windows The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0118
microsoft — windows The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” 2016-03-09 9.3 CVE-2016-0121
microsoft — office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-03-09 9.3 CVE-2016-0134
microsoft — internet_explorer Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0102
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0103
microsoft — internet_explorer Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2016-03-09 7.6 CVE-2016-0104
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0107, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0105
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0106
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0107
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0108
microsoft — internet_explorer Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0109
microsoft — internet_explorer Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability.” 2016-03-09 7.6 CVE-2016-0110
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0111
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0112
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0112. 2016-03-09 7.6 CVE-2016-0113
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0109. 2016-03-09 7.6 CVE-2016-0114
microsoft — internet_explorer Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0116
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0123
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0129, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0124
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0129
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0129. 2016-03-09 7.6 CVE-2016-0130
microsoft — office Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka “Microsoft Office Security Feature Bypass Vulnerability.” 2016-03-09 7.2 CVE-2016-0057
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096. 2016-03-09 7.2 CVE-2016-0093
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096. 2016-03-09 7.2 CVE-2016-0094
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096. 2016-03-09 7.2 CVE-2016-0095
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0095. 2016-03-09 7.2 CVE-2016-0096
microsoft — windows The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka “Secondary Logon Elevation of Privilege Vulnerability.” 2016-03-09 7.2 CVE-2016-0099
microsoft — windows The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” 2016-03-09 7.1 CVE-2016-0120

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — windows OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Memory Remote Code Execution Vulnerability,” a different vulnerability than CVE-2016-0092. 2016-03-09 6.8 CVE-2016-0091

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — edge Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka “Microsoft Edge Information Disclosure Vulnerability.” 2016-03-09 2.6 CVE-2016-0125

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0960
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0961
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0962
Adobe — Flash Player Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010. 2016-03-12 N/A CVE-2016-0963
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0986
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0987
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0988
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0989
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0990
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0991
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0992
Adobe — Flash Player Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010. 2016-03-12 N/A CVE-2016-0993
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0994
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0995
Adobe — Flash Player Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0996
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0997
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0998
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0999
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999. 2016-03-12 N/A CVE-2016-1000
Adobe — Flash Player Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors. 2016-03-12 N/A CVE-2016-1001
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-1002
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002. 2016-03-12 N/A CVE-2016-1005
Adobe — Flash Player Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. 2016-03-12 N/A CVE-2016-1010
Android — mediaserver The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. 2016-03-12 N/A CVE-2016-0815
Android — mediaserver mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. 2016-03-12 N/A CVE-2016-0816
Android — Conscrypt The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. 2016-03-12 N/A CVE-2016-0818
Android — Qualcomm performance The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. 2016-03-12 N/A CVE-2016-0819
Android — MediaTek The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. 2016-03-12 N/A CVE-2016-0820
Android — Linux kernel The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. 2016-03-12 N/A CVE-2016-0821
Android — MediaTek The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. 2016-03-12 N/A CVE-2016-0822
Android — Linux kernel The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. 2016-03-12 N/A CVE-2016-0823
Android — Widevine The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. 2016-03-12 N/A CVE-2016-0825
Android — mediaserver libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403. 2016-03-12 N/A CVE-2016-0826
Android — mediaserver Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509. 2016-03-12 N/A CVE-2016-0827
Android — mediaserver The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113. 2016-03-12 N/A CVE-2016-0828
Android — mediaserver The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109. 2016-03-12 N/A CVE-2016-0829
Android — DTE Energy Insight application The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter. 2016-03-11 N/A CVE-2016-1562
Android — mediaserver libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. 2016-03-12 N/A CVE-2016-1621
Android — libstagefright libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591. 2016-03-12 N/A CVE-2016-0824
Android — Bluetooth btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376. 2016-03-12 N/A CVE-2016-0830
Android — Telephony The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215. 2016-03-12 N/A CVE-2016-0831
Android — Setup Wizard Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042. 2016-03-12 N/A CVE-2016-0832
Apple — Apple Software Update Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. 2016-03-13 N/A CVE-2016-1731
Cisco — HTTPS inspection engine The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147. 2016-03-09 N/A CVE-2016-1312
Cisco — administration interface The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506. 2016-03-09 N/A CVE-2016-1325
Cisco — administration interface The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105. 2016-03-09 N/A CVE-2016-1326
Cisco — web server Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935. 2016-03-09 N/A CVE-2016-1327
Cisco — TelePresence Video Communication Server Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. 2016-03-11 N/A CVE-2016-1338
Cisco — Prime LAN Management Solution Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers’ installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. 2016-03-11 N/A CVE-2016-1360
Cisco — IOS XR Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900. 2016-03-11 N/A CVE-2016-1361
Debian — jessie pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the –enable-pt_chown option. 2016-03-13 N/A CVE-2016-2856
EMC — Documentum xCP EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. 2016-03-09 N/A CVE-2016-0886
Google — Chrome The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage “type confusion.” 2016-03-13 N/A CVE-2016-1643
Google — Chrome WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document. 2016-03-13 N/A CVE-2016-1644
Google — Chrome Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data. 2016-03-13 N/A CVE-2016-1645
IBM — Tivoli Monitoring The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors. 2016-03-11 N/A CVE-2015-7411
IBM — Flash System V9000 Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2016-03-12 N/A CVE-2015-7446
IBM — Maximo Asset Management IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. 2016-03-13 N/A CVE-2016-0222
IBM — Maximo Asset Management Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-03-13 N/A CVE-2016-0262
IBM — Maximo Asset Management SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2016-03-12 N/A CVE-2015-7448
IBM — WebSphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. 2016-03-13 N/A CVE-2016-0208
ISC — BIND named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. 2016-03-09 N/A CVE-2016-1285
ISC — BIND named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. 2016-03-09 N/A CVE-2016-1286
ISC — BIND resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. 2016-03-09 N/A CVE-2016-2088
ISC — DHCP ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. 2016-03-09 N/A CVE-2016-2774
microsoft — internet_explorer The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed Cascading Style Sheets (CSS) token sequence in conjunction with modifications to HTML elements, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-6048 and CVE-2015-6049. 2016-03-09 N/A CVE-2015-6184
microsoft — windows Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka “Windows Elevation of Privilege Vulnerability.” 2016-03-09 N/A CVE-2016-0087
microsoft — windows Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka “Library Loading Input Validation Remote Code Execution Vulnerability.” 2016-03-09 N/A CVE-2016-0100
microsoft — windows The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka “USB Mass Storage Elevation of Privilege Vulnerability.” 2016-03-09 N/A CVE-2016-0133
Mozilla — Firefox Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. 2016-03-13 N/A CVE-2016-1950
Mozilla — Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-03-13 N/A CVE-2016-1952
Mozilla — Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. 2016-03-13 N/A CVE-2016-1953
Mozilla — Firefox The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. 2016-03-13 N/A CVE-2016-1954
Mozilla — Firefox Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. 2016-03-13 N/A CVE-2016-1955
Mozilla — Firefox Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. 2016-03-13 N/A CVE-2016-1956
Mozilla — Firefox Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. 2016-03-13 N/A CVE-2016-1957
Mozilla — Firefox browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. 2016-03-13 N/A CVE-2016-1958
Mozilla — Firefox The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. 2016-03-13 N/A CVE-2016-1959
Mozilla — Firefox Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. 2016-03-13 N/A CVE-2016-1960
Mozilla — Firefox Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. 2016-03-13 N/A CVE-2016-1961
Mozilla — Firefox Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. 2016-03-13 N/A CVE-2016-1962
Mozilla — Firefox The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. 2016-03-13 N/A CVE-2016-1963
Mozilla — Firefox Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. 2016-03-13 N/A CVE-2016-1964
Mozilla — Firefox Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. 2016-03-13 N/A CVE-2016-1965
Mozilla — Firefox The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. 2016-03-13 N/A CVE-2016-1966
Mozilla — Firefox Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207. 2016-03-13 N/A CVE-2016-1967
Mozilla — Firefox Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression. 2016-03-13 N/A CVE-2016-1968
Mozilla — Firefox The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-1969
Mozilla — Firefox Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1970
Mozilla — Firefox The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1971
Mozilla — Firefox Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1972
Mozilla — Firefox Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. 2016-03-13 N/A CVE-2016-1973
Mozilla — Firefox The nsScannerString::AppendUnicodeTo fynction in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. 2016-03-13 N/A CVE-2016-1974
Mozilla — Firefox Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1975
Mozilla — Firefox Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1976
Mozilla — Firefox The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-1977
Mozilla — Firefox Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. 2016-03-13 N/A CVE-2016-1978
Mozilla — Firefox Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. 2016-03-13 N/A CVE-2016-1979
Mozilla — Firefox The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2790
Mozilla — Firefox The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2791
Mozilla — Firefox The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. 2016-03-13 N/A CVE-2016-2792
Mozilla — Firefox CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2793
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2794
Mozilla — Firefox The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2795
Mozilla — Firefox Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2796
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. 2016-03-13 N/A CVE-2016-2797
Mozilla — Firefox The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2798
Mozilla — Firefox Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2799
Mozilla — Firefox The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. 2016-03-13 N/A CVE-2016-2800
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. 2016-03-13 N/A CVE-2016-2801
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2802
Samba — smbd The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. 2016-03-13 N/A CVE-2015-7560
Samba — internal DNS server The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. 2016-03-13 N/A CVE-2016-0771
Schneider — Electric Telvent Sage Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet. 2016-03-11 N/A CVE-2015-6485

 

Categories : English Articles,ICT and Computer Security Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

E’ morto a 89 anni lo scrittore Aleksander Solzhenitsyn

Inserito da 5 Agosto, 2008 (0) Commenti

Si tratta di :News

AE426AEBECB8FFCD78D86D3A7DD0

Era l’incarnazione della dissidenza nell’Urss

Mosca, 4 ago. (Apcom) – E’ morto Aleksander Solzhenitsyn, scrittore, drammaturgo e storico russo. Aveva 89 anni.
Solzhenitsyn, grazie ai suoi lavori, fece conoscere al mondo i Gulag, i campi di lavoro sovietici, e per questo gli fu conferito il Premio Nobel per la letteratura nel 1970. Fu esiliato dall’Unione Sovietica nel 1974 e ritornò in Russia venti anni dopo.
Lo scrittore è morto nella sua casa nella capitale russa nella notte tra domenica e lunedi “a seguito di una grave insufficienza cardiaca” alle 23.45 di domenica orario di Mosca (le 21.45 italiane), secondo quanto ha dichiarato suo figlio.
Solzhenitsyn rivelò al mondo la realtà del sistema sovietico nei suoi lavori “Un giorno nella vita di Ivan Denisovic“, romanzo scritto nel 1962, “Il primo cerchio” (1968) e “Arcipelago Gulag” (1973). Premio Nobel per la letteratura nel 1970, fu privato della cittadinanza nel 1974 ed espulso dall’Unione sovietica.
Visse in seguito in Germania, in Svizzera e quindi negli Stati Uniti, prima di ritornare in Russia nel 1994 dopo la caduta dell’Urss. Considerato a lungo come l’incarnazione della dissidenza contro il regime comunista, era autore di una serie di opere fondate sull’esperienza del totalitarismo, con la descrizione di tutti gli orrori dei campi sovietici.
Trascorse sette anni in un campo di lavoro nelle steppe del Kazakistan, poi tre anni al confino in Asia centrale. Riferirà la sua esperienza del gulag – abbreviazione sovietica del sistema dei campi di lavoro – in un breve romanzo, “Una giornata di Ivan Denisovic”, la cui pubblicazione venne autorizzata dal segretario del partito comunista Nikita Kruscev nel 1962, allo scopo di prendere le distanze dagli abusi del periodo staliniano.
Dopo la deposizione di Kruscev nel 1964, Solzhenitsyn rimase vittima di una campagna di denigrazione da parte del Kgb e dell’Unione degli scrittori sovietici da cui venne espulso.
Nel 1970 ottenne il premio Nobel per la letteratura, ma non l’autorizzazione a recarsi a Stoccolma per riceverlo. Tre anni dopo pubblicò a Parigi la trilogia de L’Arcipelago Gulag.
L’Occidente lo accolse a braccia aperte.
Red/Kat
Fonte Apcom

Solzhenitsyn: oggi camera ardente all’Accademia delle Scienze a Mosca

MOSCA – Sara’ esposta oggi nella sede centrale dell’Accademia delle Scienze a Mosca la salma di Alexandr Solzhenitsyn, lo scrittore-dissidente che rivelo’ al mondo la tragedia dei gulag staliniani. La camera ardente per l’estremo saluto dei concittadini iniziera’ alle 11 (ora locale) e terminera’ in serata. (Agr)

da corriere della sera 5 agosto 2008

International friends can read this

Solzhenitsyn, the conscience of Russia, who told the truth about the gulags – and so signed the death warrant of Bolshevism

Mail writer OWEN MATTHEWS’ grandfather was executed by Stalin, and his grandmother was sent to the death camps. Here he offers a unique insight into how Alexander Solzhenitzyn, who died this week, captured the terrible reality of the gulags.

For decades, the Soviet Communist Party claimed to be the ‘mind, honour and conscience of the people’.

But the truth was that the Party was the agent of unimaginable human suffering, lies and deception.

The true conscience of Russia was Alexander Solzhenitsyn – the man who dared to speak out against the regime and chronicled its crimes in painstaking detail.

And in insisting that the Russian people ‘live not by lies’, Solzhenitsyn made a tiny but deep fissure in the wall of hypocrisy which was, in time, to crack the whole rotten system apart.

The truth Solzhenitsyn told helped to make Russia free.

As Mikhail Gorbachev yesterday acknowledged, Solzhenitsyn had ‘helped people see the real nature of the regime’ – and his writings had helped to ‘make our country free and democratic’.

Solzhenitsyn brought the terrible reality of the Soviet gulag home not just to foreigners but to ordinary Russians too.

In the bright, sanitised world of Soviet propaganda, Solzhenitsyn’s writing held a mirror to the Soviet Union’s darkest secrets.

He was to pay a heavy price for this.

After being awarded the Nobel Prize for Literature in 1970 he was too famous to jail, yet his presence became too toxic for the authorities to bear.

He was forced on to a plane for America in 1974.

There, he retired to rural Vermont, where the winters reminded him of Russia.
But America, ‘land of the free’, was ironically to disillusion him as well, and he turned his indignation on the injustices of capitalism.

After two decades in exile, he returned to Russia in 1994 and was feted as an almost messianic figure.

It was here that Solzhenitsyn’s moral compass, so steady in the black and white world of Stalin’s Russia, began to waver.

But for all his hatred of the Communist Soviet Union, Solzhenitsyn found that he had no love for the capitalist Russia of the Nineties and what he saw as its decadent values.

He refused to accept a state prize from Boris Yeltsin because he had brought ‘so much suffering on the Russian people’.

Indeed, when Vladimir Putin – a former KGB officer – began to prune away the anarchic freedoms which Yeltsin had won, Solzhenitsyn hailed his ‘strong leadership’ and brushed aside Putin’s KGB past, saying: ‘Every country needs an intelligence service.’

Yesterday, Putin returned the compliment, lamenting Solzhenitsyn’s passing as a ‘heavy loss for Russia’.

Putin and Russia’s new president, Dmitry Medvedev, are expected to attend Solzhenitsyn’s funeral at Moscow’s Donskoi monastery today.
The strangeness of an ex-KGB officer paying tribute to Russia’s greatest dissident is a reflection of how conflicted Russia remains about its recent past – and in particular the legacy of Stalin.

He was the greatest mass murderer of the last century, starving millions in man-made famines and creating a prison system which claimed more lives than the Nazi death camps.

And yet recent polls have shown that Stalin is regarded as one of Russia’s most respected historical figures.

With the Kremlin’s blessing, school history books are being revised to show the ‘Great Leader’ in a more positive light, as the victor of World War II and the moderniser of Russia.

Putin even described the fall of the Soviet Union as ‘the greatest geopolitical tragedy of the century’.

Solzhenitsyn’s life was a refutation of that. The one constant in that life was that he was moved by a powerful, almost mystical, moral sense.

He felt compelled to speak out against what he felt was wrong, regardless of the consequences.
In his case, these injustices were eight years in the gulag, decades of harassment and denunciation by the Soviet authorities and the regime’s craven ‘intellectuals’ and, finally, 20 years of exile from the country which he loved with a passion.

His first crime was to criticise Stalin in a private letter to a friend in 1945.

When the military censor reported the letter to the secret police, Solzhenitsyn, then a young artillery captain twice decorated for valour, was sent, after a perfunctory trial, to Stalin’s nightmarish gulags.

Like 18 million of his fellow countrymen, he found himself plunged into a parallel world of unimaginable brutality, where prisoners slaved in the Siberian cold on madly futile projects like canals no one needed and train lines to nowhere.

Later he wrote of ‘the desperate loneliness of the accused, the confusion and dislocation, the fear and indignation of the men and women who were rapidly filling the Soviet Union’s jails’.

‘The whole apparatus threw its full weight on one lonely and uninhibited will,’ he recalled.

‘Brother mine! Do not condemn those who turned out to be weak and confessed to more than they should have. Do not be the first to cast a stone at them!’

Solzhenitsyn called Stalin’s prison system the Gulag Archipelago – like islands in a sea of frozen steppe, the barbed-wire fenced gulags were a state within the state.

After his release he penned a short story which described, in simple but devastating detail, one day in the life of a gulag inmate, Ivan Denisovich.

When it was published in 1962, during a brief post-Stalin thaw, One Day In The Life Of Ivan Denisovich caused a sensation.

The state had tried to airbrush Stalin’s gulags, purges and famines from history.

Solzhenitsyn spoke for the millions whose voices Stalin had silenced.

One of them was my mother’s father, Boris Lvovich Bibikov.

A devoted Bolshevik, Bibikov had received the Order of Lenin for his part in building the Kharkov Tractor Factory, one of the giant projects of the industrialisation drive of the Thirties.

But in the Great Purge of 1937, which Stalin launched against his real and imagined opponents, Bibikov found himself accused of crimes against the revolution.

He was tried by a secret court on evidence obtained under torture, and sentenced to death.

The usual method was ‘nine grams’, the weight of a pistol bullet, to the back of the head – my grandfather’s fate.
His wife, my grandmother, was sent to the gulag for 15 years as the wife of an ‘enemy of the people’.

His two daughters – my mother and aunt – were sent to an orphanage for re-education.

Some years ago I was given permission to read my grandfather’s secret police file.

It contained about 3lb of paper, the sheets carefully numbered and bound, with my grandfather’s name entered on the crumbling brown cover in curiously elaborate, copperplate script.

The file sat heavily in my lap, eerily malignant, and since the careful bureaucrats who compiled the file neglected to say where he was buried, this stack of paper is the closest thing to Boris Bibikov’s remains.

For the days I sat in the former KGB HQ in Kiev examining the file, Alexander Ponamaryev, a young officer of the Ukrainian security service sat with me, reading out passages of barely legible cursive script and explaining legal terms.

‘Your grandfather believed,’ said Ponamaryev.

‘But do you not think that his accusers believed also? Or the men who shot him?’

Solzhenitsyn once posed the same question.

‘If my life had turned out differently, might I myself not have become just such an executioner?’ he wrote in The Gulag Archipelago, his epic literary investigation of Stalin’s terror.
‘If only it was so simple! If only there were evil people somewhere insidiously committing evil deeds, and it were necessary only to separate them from the rest of us and destroy them.

But the line dividing good from evil cuts through the heart of every human being. And who is willing to destroy a piece of their own heart?’

Solzhenitsyn’s persecutors, like my grandfather’s, were driven by the same motivations as their victims.

When people become the building blocks of history, intelligent men can abdicate moral responsibility.

Indeed the Purge – in Russian, chistka or ‘cleaning’ – was something heroic to those who made it, just as the building of the great factory was heroic to Bibikov.

The difference was that my grandfather made his personal revolution in physical bricks and concrete, whereas the secret police’s bricks were class enemies, every one sent to the execution chamber another building-block in the great edifice of socialism.

This was the true, dark genius behind Stalinism – a genius which Solzhenitsyn describes in terrifying detail. Not simply to put two strangers – executioner and victim – into a room and convince one to kill the other, but to convince both that this murder served a higher purpose.

This can happen only when a man becomes a political commodity, a unit in a calculation, his life and death to be planned and disposed of like a ton of steel or a truckload of bricks.

The men drawn to serve in the Soviet secret police, in the words of its founder Felix Dzerzhinsky, could either be saints or scoundrels – and clearly the service attracted more than its fair share of sadists and psychopaths.

But they were not aliens, but Russian men, made of the same tissue and fed by the same blood as their victims.

‘Where did this wolf tribe appear from among our own people?’ asked Solzhenitsyn. ‘Does it really stem from our own roots? Our own blood? It is ours.’

This question – how to cope with the beast in man – gives Solzhenitsyn’s writing not just its moral seriousness but its drama, too.

His stories are about men and women forced to make terrible choices.

In the process they occasionally find a kind of greatness and redemption in small acts of kindness or in tiny, private episodes of heroism.

At his best, Solzhenitsyn, like Tolstoy, described the hidden, tragic lives of his characters played out against a background of Russian squalor and casual brutality.

But for all his greatness and importance in bringing down the Soviet Union, by the time of his death Solzhenitsyn had become an irrelevance to the thrusting, new, oil-rich Russia of Vladimir Putin.

In that lies a tragedy because Russia has swung back from its infatuation with wild capitalism into a longing for authority and order.

Solzhenitsyn, once an idealistic Communist, understood better than most how power can pervert men and ideas.

He saw himself as a prophet not just for Russia but for all mankind, and in his later years turned to denouncing the corruptions of Russia’s chaotic brand of freedom and the dangers of liberalism.

But for all his unfashionable conservatism, he believed adamantly in the value of human dignity – and that a state abdicated all moral authority to order society if it abused its citizens.

For all its wealth, Russia remains mired in corruption and injustice. With Solzhenitsyn’s death it has lost its conscience, and is a poorer place for it.

Source : http://www.thisislondon.co.uk

Categories : News Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Aggiornamento Alert GCSA-08051 – MS08-030 Vulnerabilita’ Bluetooth

Inserito da 20 Giugno, 2008 (0) Commenti

Si tratta di :Exploits,Sicurezza

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

******************************************************************

Alert ID : GCSA-08051
Data : 20 Giugno 2008
Titolo : MS08-030 Vulnerabilita’ nello stack Bluetooth

******************************************************************

Le seguenti informazioni integrano quanto gia’ esposto nell’Alert GCSA-08051:

E’ uscita una re-released del bollettino di sicurezza Microsoft MS08-030
per gli utenti di Windows XP Service Pack 2 e Windows XP Service Pack 3.

http://www.microsoft.com/technet/security/bulletin/ms00-030.mspx

La versione precedente del security update non correggeva completamente
la vulnerabilita’ descritta nel security bulletin.

La versione aggiornata del security update e’ disponibile attraverso gli
stessi canali di distribuzione del security update originale, inclusi
l’Aggiornamento Automatico, Windows Update, Microsoft Update, Windows Server
Update Services

Per quanto riguarda gli utenti di:

Windows XP Professional x64 Edition,
Windows XP Professional x64 Edition Service Pack 2,
Windows Vista,
Windows Vista Service Pack 1,
Windows Vista x64 Edition,
Windows Vista x64 Edition Service Pack 1

che hanno gi applicato la prima versione di questo security update,
NON sono interessati a questa nuova versione del security update
pertanto NON devono effettuare nessuna azione in merito.

—–BEGIN PGP SIGNATURE—–

iQCVAwUBSFtzPfOB+SpikaiRAQJBXQP+PWaaf60sm+p7ebOelznssk94t4+f5PSL
fRn84IOXiGIsS88fp2Qg0QJlohi8BRsKZREBgJKoOxw1wKx5y1FcTZRvb5SZTT6X
3XyvTXPRSnFZp0KoJQp0t10H6A8+Z8vnFcrd3I0B9x55mZD5TzNu1rabLZ8EQ3tD
LVfYZeMkFoY=
=yuSv
—–END PGP SIGNATURE—–

Categories : Exploits,Sicurezza Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Alert GCSA-08051 – MS08-030 Vulnerabilita’ nello stack Bluetooth

Inserito da 12 Giugno, 2008 (0) Commenti

Si tratta di :Exploits,Sicurezza

Descrizione del problema

E’ stata individuata in Microsoft Windows una vulnerabilita’ dello
stack Bluetooth legata all’esecuzione di codice in modalita’ remota
dovuta al fatto che lo stack Bluetooth non e’ in grado di gestire
correttamente numerose richieste di descrizione di servizio. Questa
vulnerabilita’ potrebbe consentire a un utente malintenzionato di
eseguire codice con privilegi elevati. Sfruttando questa
vulnerabilita’, un utente malintenzionato potrebbe assumere il pieno
controllo del sistema interessato.

Categories : Exploits,Sicurezza Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

una simpatica Catena con un mini Dizionario Inglese-Piemontese

Inserito da 20 Aprile, 2008 (0) Commenti

Si tratta di :Catene di Sant'Antonio

IL

A
A bike = Ora guardo
A new lot = Tipo di pasta ripiena
A steam = All’incirca, approssimativamente
An both = L’una
At sent = Ti ascolto, (Egli ti ascolta)

B
Back = Il becco (idiom. Sarah’s back!: Taci, una buona volta!)
Bay = Belli, di gradevole aspetto
Be-cell = Bicchiere
Been = Bene
Bike-a = Guarda
Bike-a-been = Guarda con attenzione
Bike-a-lee = Guarda li’
Bike-a-sea = Guarda qui
Board = Bordo, margine
Book = Foro, orifizio
Book indoor = Boccuccia d’oro (vezz.)
Boot-a-lean = Botticella (fig.: Persona rotondetta e di bassa statura)
Brass = Braccio
Brass-a-let = Bracciale
Brick = Altura, picco inaccessibile
Broad = Brodo
Bruce = Formaggio fermentato piccante
Bus = Basso, piccolo
Bus in = Catino, mastello
But = Picchia! Percuoti!
But-easter = Battista (esempio: Me soon But-easter / Il mio nome è Battista)

C
Call = Collo (fig. Man a call / Aggressione fisica.
Come palm man a call / lett. ‘Egli si comporta in modo manesco’)
Can a got = Cane e gatto (fig. Soon can a got /Antipatia profonda e reciproca)
Can cell = Infisso metallico (dim. Can cell-in)
Can soon = Breve componimento musicale
Cake ‘cause = Qualche cosa
Car = Costoso, caro
Car lean = Diminutivo di Carlo
Card = Cardo
Care-ask = Comune di Cherasco (CN)
Cartoon = Carro a trazione animale (fig.Veicolo in pessimo stato di manutenzione)
Cent = Ascolta (esempi: Cent see, Cent been, Cent so see)
Cheat = Piccolo (vezz.: Figliolo). Been cheat / Molto piccolo
Chess = Ritirata, gabinetto
Choke = Diverbio (cfr. Call)
Cigar-soon = Questi lavoranti (Cigar-soon soon fort /Questi lavoranti sono muscolosi)
Cigarette = Questi tacchi (Cigarette soon out-bus /Questi tacchi sono alti-bassi)
CNN = ‘Qui non c’é’
Come- in = ‘Comignolo, canna fumaria, camino
Come pass moon = Passami quel mattone (cameratesco)
Come pass spoon soon = Passami quel punzone
Come-scooter = (pron.americana) Dia retta a me
Cool = Quello (Cool lee / Quello lì)
Cool hat = Colletto
Cow-lee-Moore = Comune di Cavallermaggiore (CN)
Cow-set = Pedalino (See cow-set soon bay / Questi calzini sono graziosi)
Cows = Pedata, calcio (singolare e plurale)
Cream-in-all = Delinquente, pericoloso malfattore
Crisp of house = Esclamazione di sorpresa e disappunto
Cue-arch = Coperchio
Cup = Superiore in via gerarchica
Cup-lean = Piccolo copricapo
Cut-in = Bacinella

D
Dance = Viscoso
Do rest = D’altra parte
Do set = Vino Dolcetto (Boone’s do-set sea / E’ buono questo Dolcetto)
Dust = Astigiano

F
Fair = Ferro
Fall = Scemo, infermo di mente
Fans-out = Fai/Fare un salto (Fans-out been out, ecc.)
Fast-tree = Lett. ‘Fa schifo’
Fee Dick = Fegato
Feel = Cordicella, filo
Feet = Pigione affitto (An feet cream-in-all / Un canone esorbitante)
Few lean = Ragazzino
Flip = Filippo (dim.: Flip-hot)
Fool-and-run = Zuzzerellone
Freak an do = Persona particolarmente ingenua
Freezer = (Pron. Americana) briciola

G
Goes = Gas
Got in = (Pron. Americana) Micetto
Got us = (Pron. Americana) Gattaccio
Grease = Grigio, spento
Group = Nodo

H
Harry’s pet = ‘Rispetto a…’
He corn = Le corna
Hey pence = Ci penso
Home = Uomo
Human tell… = Lett.: ‘Li abbiamo nel…’ (Human cell-let /Li abbiamo sul letto; Human tell grass / Li conserviamo nel grasso)

I
I = Aglio
I a seen = Calli

J
Jaw-an = Giovanni
Jew-an-hot = Giovanotto

K
Knees = Livido

L
Lay soon = Spartineve
Lean = Lino
Lean out = Eccone li’ un altro
Lee moon = Limone (Soon car sea lee-moon / Questi limoni costano cari)
Let = Letto, giaciglio
Light = Latte
Look at = Luchetto
Lord = Alticcio, ubriaco
Love-trees = Lavatrice
Lover = Labbro

M
Mack = Soltanto (mack so see / soltanto questo)
Make-up = I miei superiori
Mars soon = Tisico, tubercolotico
May = Meglio
Me = Io
Me can’t bean = Io canto bene
Me-clean = Diminutivo di Michele
Me cut = Io compero
Me soon = Io sono (Me soon out, Me soon Bell, Me soon fall, ect.)
Met he-cool-whose=Persona molto scrupolosa
Meet chop = Ti agguanto, ti acciuffo
Meet mass = Ora ti ammazzo
Men too = Il mento
Merry-a = Granoturco
Miss cup = Io taglio la corda
Miss pet = Io aspetto
Moon = Mattone
Mouse = Mi alzo
Much-a-fair = Scarto di fonderia
Must-in = Cane da combattimento, mastino

N
Need = Nido
Noose = Noce (albero / frutto)
Noose-ale = Un uccello
Now = Nave

O
Out = Alto

P
P.set = Ricamo fatto a mano
P.toast = Piuttosto
Party = Andarsene
Pass tea soon = Persona confusionaria
Pass us talk = Lett.:’Porgimi quel pezzo’
Pat-a-truck = Grosso guaio, inconveniente
Peace a can = Fungo non commestibile
Peace thin = Persona pignola / permalosa
Pearcy = Pesca (frutto), il pesco
Penn-to = Pettine
Pet = Flatulenza
Phil = Filo, spago
Phil-at = Taglio pregiato di carne
Pick = Piccone
Pin-bus = Piu’ in basso (Pin out / piU’ in alto)
Pin-hot = Diminutivo di Giuseppe (anche Pin in)
Politic-hunt = Politicante
Pooh Daisy = Se potessi
Pooh lance = Pollenzo, Frazione del Comune di Bra (CN)
Pooh-last = Pollo
Pooh set = Caditoia, tombino
Pooh’s-thin = Portalettere
Poor cell = Suino
Poor seen = Fungo commestibile pregiato
Poor tall = Portale, varco di una certa larghezza
Port-Hugh-all = Arancia (varieta’ di…)
Pump-east = Pane secco grattugiato
Pull moon = Organo respiratorio

Q
Queen touch = Tipica esclamazione piemontese

R
Ranch-in = Avaro, tirchio
Randy = Rendere (Soon-see a rendy’s pooh-last / Sono venuti a restituire questo pollo)
Reeve at = Chiodo ribattuto
Reeve us = Scarpata, riva scoscesa (generalmente incolta)
Root = Rotto, fuori servizio

S
School = Malattia venerea
Scoop = Scopa
Scoop us = Scapaccione, schiaffo
Sea-lance he = Quiete, silenzio
Sea-us = Setaccio
Seen Dick = Sindaco
Sense-a-sense = Del tutto privo di logica
Sense out = Certamente
Serve I = Selvatico (fig. bizzoso)
Set = Sette (numero)
Seven-me, twenty?=Se vengo io, vieni anche tu?
Seventy = Nel caso tu venga
Siamese = Questi amici
Since-cent = Cinquecento
Sir pant = Serpente
Sir vicious = Servizievole
So post = Lett.: ‘Il suo posto’ (Come pass talk a so post /Metti a posto questo pezzo)
Soap = Zoppo, claudicante
Sold = Soldo, moneta (Since-cent sold)
Son = Questo
Soon lee = Sono li’ (Soon sea / Sono qui)
South = Salto
South-he-soon = Salsiccione
Spirit-wall = Incorporeo, spirituale (An home spirit-wall: dicesi di persona di animo elevato)
Spirit-whose = Arguto, divertente
Spoon to-sea = Giunti a questo punto
Squeeze = Cigolare
Stack = Stuzzicante
Steel = Stile, eleganza
Steward-me = Questo lo guardo io
Stock = Questo pezzo
Sue lot = Cipolline (anche: Sue lean)
Sun-a-Tory = Ospedale cronicario
Sun Crown = Cavolo/i
Switch = Sveglio, veloce

T
Theeth say fall = Ma tu sei pazzo!
Ten = Prendi, agguanta
The cheese = Deciso, determinato
The steep sea = Di questo genere
These cows = Scalzo
Three fool-a = Tartufo
Tie = Taglio
Tie-a-ring = Tagliatelle
To let = Barattolino
To mean = Piccolo formaggio fresco
To rent = Torrente
To scan = Sigaro italiano

U
Us-us-in = Omicida, assassino

W
Way, sent = Lett.: ‘Ehi, ascolta!’
Who-rend = Orrido, disgustoso. Ma anche lett.: ‘Cio’ e’ redditizio’
Who speed all = Ospedale

Categories : Catene di Sant'Antonio Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Alert GCSA-08027 – Vulnerabilita’ multiple in MIT Kerberos

Inserito da 21 Marzo, 2008 (0) Commenti

Si tratta di :Sicurezza

Descrizione del problema

Sono state individuate alcune vulnerabilita’ in MIT Kerberos che
potrebbero consentire ad un aggressore remoto di entrare in possesso
di informazioni sensibili, causare un denial-of-service o prendere
il completo controllo di un sistema vulnerabile.

La prima vulnerabilita’ e’ causata da un errore nella gestione delle
richieste krb4 da parte del KDC server (Key Distribution Center) che
puo’ portare al crash del sistema, dare accesso ad informazioni
sensibili (comprese le chivi segrete) ed esecuzione di codice
arbitrario.

La seconda vulnerabilita’ e’ causata da un errore presente nel KDC
server nel momento in cui manda risposta a richieste krb4. Tale
vulnerabilita’ puo’ essere sfruttata per accedere a dati sensibili
presenti nello stack della memoria attraverso richieste krb4
appositamente predisposte.

La terza vulnerabilita’ e’ causata da un errore di corruzione della
memoria nelle librerie RPC durante la gestione di un grande numero
di file descriptor aperti, e puo’ portare alla corruzione del
database e all’esecuzione di codice arbitrario.

Categories : Sicurezza Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,