Vulnerability Summary for the Week of March 7, 2016
ITA
Questo articolo è scritto per te che “non capisci di esser abbastanza cretino” e ti credi molto perspicace e intelligente, una persona che snobba gli articoli e non ha bisogno di niente e prima si iscrive alla newsletter del mio sito e poi si lamenta cancellandosi dalla newsletter.
ENG
This article is written for you that “fairly stupid” and you think you’re very perceptive and intelligent, a person who snubs the articles and did not need anything and before he enrolled at the site of my newsletter and then complains removing himself from the newsletter.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — digital_editions | Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2016-03-09 | 10.0 | CVE-2016-0954 |
adobe — acrobat | Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009. | 2016-03-09 | 10.0 | CVE-2016-1007 |
adobe — acrobat | Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1007. | 2016-03-09 | 10.0 | CVE-2016-1009 |
adobe — acrobat | Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | 2016-03-09 | 7.2 | CVE-2016-1008 |
microsoft — .net_framework | Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka “.NET XML Validation Security Feature Bypass.” | 2016-03-09 | 10.0 | CVE-2016-0132 |
microsoft — infopath | Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0021 |
microsoft — windows | OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Memory Remote Code Execution Vulnerability,” a different vulnerability than CVE-2016-0091. | 2016-03-09 | 9.3 | CVE-2016-0092 |
microsoft — windows | Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka “Windows Media Parsing Remote Code Execution Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0098 |
microsoft — windows | Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka “Windows Media Parsing Remote Code Execution Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0101 |
microsoft — windows | The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows Remote Code Execution Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0117 |
microsoft — windows | The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows Remote Code Execution Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0118 |
microsoft — windows | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0121 |
microsoft — office | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0134 |
microsoft — internet_explorer | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. | 2016-03-09 | 7.6 | CVE-2016-0102 |
microsoft — internet_explorer | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. | 2016-03-09 | 7.6 | CVE-2016-0103 |
microsoft — internet_explorer | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” | 2016-03-09 | 7.6 | CVE-2016-0104 |
microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0107, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113. | 2016-03-09 | 7.6 | CVE-2016-0105 |
microsoft — internet_explorer | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. | 2016-03-09 | 7.6 | CVE-2016-0106 |
microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113. | 2016-03-09 | 7.6 | CVE-2016-0107 |
microsoft — internet_explorer | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0109, and CVE-2016-0114. | 2016-03-09 | 7.6 | CVE-2016-0108 |
microsoft — internet_explorer | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0114. | 2016-03-09 | 7.6 | CVE-2016-0109 |
microsoft — internet_explorer | Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability.” | 2016-03-09 | 7.6 | CVE-2016-0110 |
microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113. | 2016-03-09 | 7.6 | CVE-2016-0111 |
microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0113. | 2016-03-09 | 7.6 | CVE-2016-0112 |
microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0112. | 2016-03-09 | 7.6 | CVE-2016-0113 |
microsoft — internet_explorer | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0109. | 2016-03-09 | 7.6 | CVE-2016-0114 |
microsoft — internet_explorer | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. | 2016-03-09 | 7.6 | CVE-2016-0116 |
microsoft — edge | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. | 2016-03-09 | 7.6 | CVE-2016-0123 |
microsoft — edge | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0129, and CVE-2016-0130. | 2016-03-09 | 7.6 | CVE-2016-0124 |
microsoft — edge | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0130. | 2016-03-09 | 7.6 | CVE-2016-0129 |
microsoft — edge | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0129. | 2016-03-09 | 7.6 | CVE-2016-0130 |
microsoft — office | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka “Microsoft Office Security Feature Bypass Vulnerability.” | 2016-03-09 | 7.2 | CVE-2016-0057 |
microsoft — windows | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096. | 2016-03-09 | 7.2 | CVE-2016-0093 |
microsoft — windows | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096. | 2016-03-09 | 7.2 | CVE-2016-0094 |
microsoft — windows | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096. | 2016-03-09 | 7.2 | CVE-2016-0095 |
microsoft — windows | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0095. | 2016-03-09 | 7.2 | CVE-2016-0096 |
microsoft — windows | The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka “Secondary Logon Elevation of Privilege Vulnerability.” | 2016-03-09 | 7.2 | CVE-2016-0099 |
microsoft — windows | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” | 2016-03-09 | 7.1 | CVE-2016-0120 |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
microsoft — windows | OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Memory Remote Code Execution Vulnerability,” a different vulnerability than CVE-2016-0092. | 2016-03-09 | 6.8 | CVE-2016-0091 |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
microsoft — edge | Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka “Microsoft Edge Information Disclosure Vulnerability.” | 2016-03-09 | 2.6 | CVE-2016-0125 |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-0960 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-0961 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-0962 |
Adobe — Flash Player | Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010. | 2016-03-12 | N/A | CVE-2016-0963 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-0986 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0987 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0988 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-0989 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0990 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0991 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-0992 |
Adobe — Flash Player | Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010. | 2016-03-12 | N/A | CVE-2016-0993 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0994 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0995 |
Adobe — Flash Player | Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0996 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0997 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0998 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0999 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999. | 2016-03-12 | N/A | CVE-2016-1000 |
Adobe — Flash Player | Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors. | 2016-03-12 | N/A | CVE-2016-1001 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-1002 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002. | 2016-03-12 | N/A | CVE-2016-1005 |
Adobe — Flash Player | Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. | 2016-03-12 | N/A | CVE-2016-1010 |
Android — mediaserver | The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. | 2016-03-12 | N/A | CVE-2016-0815 |
Android — mediaserver | mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. | 2016-03-12 | N/A | CVE-2016-0816 |
Android — Conscrypt | The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. | 2016-03-12 | N/A | CVE-2016-0818 |
Android — Qualcomm performance | The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. | 2016-03-12 | N/A | CVE-2016-0819 |
Android — MediaTek | The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. | 2016-03-12 | N/A | CVE-2016-0820 |
Android — Linux kernel | The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. | 2016-03-12 | N/A | CVE-2016-0821 |
Android — MediaTek | The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. | 2016-03-12 | N/A | CVE-2016-0822 |
Android — Linux kernel | The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. | 2016-03-12 | N/A | CVE-2016-0823 |
Android — Widevine | The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. | 2016-03-12 | N/A | CVE-2016-0825 |
Android — mediaserver | libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403. | 2016-03-12 | N/A | CVE-2016-0826 |
Android — mediaserver | Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509. | 2016-03-12 | N/A | CVE-2016-0827 |
Android — mediaserver | The BnGraphicBufferConsumer:: |
2016-03-12 | N/A | CVE-2016-0828 |
Android — mediaserver | The BnGraphicBufferProducer:: |
2016-03-12 | N/A | CVE-2016-0829 |
Android — DTE Energy Insight application | The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter. | 2016-03-11 | N/A | CVE-2016-1562 |
Android — mediaserver | libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. | 2016-03-12 | N/A | CVE-2016-1621 |
Android — libstagefright | libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591. | 2016-03-12 | N/A | CVE-2016-0824 |
Android — Bluetooth | btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376. | 2016-03-12 | N/A | CVE-2016-0830 |
Android — Telephony | The getDeviceIdForPhone function in internal/telephony/ |
2016-03-12 | N/A | CVE-2016-0831 |
Android — Setup Wizard | Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042. | 2016-03-12 | N/A | CVE-2016-0832 |
Apple — Apple Software Update | Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. | 2016-03-13 | N/A | CVE-2016-1731 |
Cisco — HTTPS inspection engine | The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147. | 2016-03-09 | N/A | CVE-2016-1312 |
Cisco — administration interface | The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506. | 2016-03-09 | N/A | CVE-2016-1325 |
Cisco — administration interface | The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105. | 2016-03-09 | N/A | CVE-2016-1326 |
Cisco — web server | Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935. | 2016-03-09 | N/A | CVE-2016-1327 |
Cisco — TelePresence Video Communication Server | Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. | 2016-03-11 | N/A | CVE-2016-1338 |
Cisco — Prime LAN Management Solution | Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers’ installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. | 2016-03-11 | N/A | CVE-2016-1360 |
Cisco — IOS XR | Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900. | 2016-03-11 | N/A | CVE-2016-1361 |
Debian — jessie | pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the –enable-pt_chown option. | 2016-03-13 | N/A | CVE-2016-2856 |
EMC — Documentum xCP | EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. | 2016-03-09 | N/A | CVE-2016-0886 |
Google — Chrome | The ImageInputType:: |
2016-03-13 | N/A | CVE-2016-1643 |
Google — Chrome | WebKit/Source/core/layout/ |
2016-03-13 | N/A | CVE-2016-1644 |
Google — Chrome | Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data. | 2016-03-13 | N/A | CVE-2016-1645 |
IBM — Tivoli Monitoring | The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors. | 2016-03-11 | N/A | CVE-2015-7411 |
IBM — Flash System V9000 | Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2016-03-12 | N/A | CVE-2015-7446 |
IBM — Maximo Asset Management | IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. | 2016-03-13 | N/A | CVE-2016-0222 |
IBM — Maximo Asset Management | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2016-03-13 | N/A | CVE-2016-0262 |
IBM — Maximo Asset Management | SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2016-03-12 | N/A | CVE-2015-7448 |
IBM — WebSphere Commerce | IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. | 2016-03-13 | N/A | CVE-2016-0208 |
ISC — BIND | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. | 2016-03-09 | N/A | CVE-2016-1285 |
ISC — BIND | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. | 2016-03-09 | N/A | CVE-2016-1286 |
ISC — BIND | resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. | 2016-03-09 | N/A | CVE-2016-2088 |
ISC — DHCP | ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. | 2016-03-09 | N/A | CVE-2016-2774 |
microsoft — internet_explorer | The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed Cascading Style Sheets (CSS) token sequence in conjunction with modifications to HTML elements, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-6048 and CVE-2015-6049. | 2016-03-09 | N/A | CVE-2015-6184 |
microsoft — windows | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka “Windows Elevation of Privilege Vulnerability.” | 2016-03-09 | N/A | CVE-2016-0087 |
microsoft — windows | Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka “Library Loading Input Validation Remote Code Execution Vulnerability.” | 2016-03-09 | N/A | CVE-2016-0100 |
microsoft — windows | The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka “USB Mass Storage Elevation of Privilege Vulnerability.” | 2016-03-09 | N/A | CVE-2016-0133 |
Mozilla — Firefox | Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. | 2016-03-13 | N/A | CVE-2016-1950 |
Mozilla — Firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2016-03-13 | N/A | CVE-2016-1952 |
Mozilla — Firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm. |
2016-03-13 | N/A | CVE-2016-1953 |
Mozilla — Firefox | The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. | 2016-03-13 | N/A | CVE-2016-1954 |
Mozilla — Firefox | Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. | 2016-03-13 | N/A | CVE-2016-1955 |
Mozilla — Firefox | Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. | 2016-03-13 | N/A | CVE-2016-1956 |
Mozilla — Firefox | Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. | 2016-03-13 | N/A | CVE-2016-1957 |
Mozilla — Firefox | browser/base/content/browser. |
2016-03-13 | N/A | CVE-2016-1958 |
Mozilla — Firefox | The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. | 2016-03-13 | N/A | CVE-2016-1959 |
Mozilla — Firefox | Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. | 2016-03-13 | N/A | CVE-2016-1960 |
Mozilla — Firefox | Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. | 2016-03-13 | N/A | CVE-2016-1961 |
Mozilla — Firefox | Use-after-free vulnerability in the mozilla:: |
2016-03-13 | N/A | CVE-2016-1962 |
Mozilla — Firefox | The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | 2016-03-13 | N/A | CVE-2016-1963 |
Mozilla — Firefox | Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. | 2016-03-13 | N/A | CVE-2016-1964 |
Mozilla — Firefox | Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. | 2016-03-13 | N/A | CVE-2016-1965 |
Mozilla — Firefox | The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/ |
2016-03-13 | N/A | CVE-2016-1966 |
Mozilla — Firefox | Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207. | 2016-03-13 | N/A | CVE-2016-1967 |
Mozilla — Firefox | Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression. | 2016-03-13 | N/A | CVE-2016-1968 |
Mozilla — Firefox | The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font. | 2016-03-13 | N/A | CVE-2016-1969 |
Mozilla — Firefox | Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2016-03-13 | N/A | CVE-2016-1970 |
Mozilla — Firefox | The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. | 2016-03-13 | N/A | CVE-2016-1971 |
Mozilla — Firefox | Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | 2016-03-13 | N/A | CVE-2016-1972 |
Mozilla — Firefox | Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. | 2016-03-13 | N/A | CVE-2016-1973 |
Mozilla — Firefox | The nsScannerString:: |
2016-03-13 | N/A | CVE-2016-1974 |
Mozilla — Firefox | Multiple race conditions in dom/media/systemservices/ |
2016-03-13 | N/A | CVE-2016-1975 |
Mozilla — Firefox | Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2016-03-13 | N/A | CVE-2016-1976 |
Mozilla — Firefox | The Machine::Code::decoder:: |
2016-03-13 | N/A | CVE-2016-1977 |
Mozilla — Firefox | Use-after-free vulnerability in the ssl3_ |
2016-03-13 | N/A | CVE-2016-1978 |
Mozilla — Firefox | Use-after-free vulnerability in the PK11_ |
2016-03-13 | N/A | CVE-2016-1979 |
Mozilla — Firefox | The graphite2::TtfUtil:: |
2016-03-13 | N/A | CVE-2016-2790 |
Mozilla — Firefox | The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | 2016-03-13 | N/A | CVE-2016-2791 |
Mozilla — Firefox | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. | 2016-03-13 | N/A | CVE-2016-2792 |
Mozilla — Firefox | CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | 2016-03-13 | N/A | CVE-2016-2793 |
Mozilla — Firefox | The graphite2::TtfUtil:: |
2016-03-13 | N/A | CVE-2016-2794 |
Mozilla — Firefox | The graphite2::FileFace::get_ |
2016-03-13 | N/A | CVE-2016-2795 |
Mozilla — Firefox | Heap-based buffer overflow in the graphite2::vm::Machine::Code:: |
2016-03-13 | N/A | CVE-2016-2796 |
Mozilla — Firefox | The graphite2::TtfUtil:: |
2016-03-13 | N/A | CVE-2016-2797 |
Mozilla — Firefox | The graphite2::GlyphCache::Loader: |
2016-03-13 | N/A | CVE-2016-2798 |
Mozilla — Firefox | Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. | 2016-03-13 | N/A | CVE-2016-2799 |
Mozilla — Firefox | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. | 2016-03-13 | N/A | CVE-2016-2800 |
Mozilla — Firefox | The graphite2::TtfUtil:: |
2016-03-13 | N/A | CVE-2016-2801 |
Mozilla — Firefox | The graphite2::TtfUtil:: |
2016-03-13 | N/A | CVE-2016-2802 |
Samba — smbd | The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. | 2016-03-13 | N/A | CVE-2015-7560 |
Samba — internal DNS server | The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. | 2016-03-13 | N/A | CVE-2016-0771 |
Schneider — Electric Telvent Sage | Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet. | 2016-03-11 | N/A | CVE-2015-6485 |
E’ morto a 89 anni lo scrittore Aleksander Solzhenitsyn
Si tratta di :News
Era l’incarnazione della dissidenza nell’Urss
Solzhenitsyn: oggi camera ardente all’Accademia delle Scienze a Mosca
MOSCA – Sara’ esposta oggi nella sede centrale dell’Accademia delle Scienze a Mosca la salma di Alexandr Solzhenitsyn, lo scrittore-dissidente che rivelo’ al mondo la tragedia dei gulag staliniani. La camera ardente per l’estremo saluto dei concittadini iniziera’ alle 11 (ora locale) e terminera’ in serata. (Agr)
da corriere della sera 5 agosto 2008
International friends can read this
Solzhenitsyn, the conscience of Russia, who told the truth about the gulags – and so signed the death warrant of BolshevismMail writer OWEN MATTHEWS’ grandfather was executed by Stalin, and his grandmother was sent to the death camps. Here he offers a unique insight into how Alexander Solzhenitzyn, who died this week, captured the terrible reality of the gulags.
For decades, the Soviet Communist Party claimed to be the ‘mind, honour and conscience of the people’.
But the truth was that the Party was the agent of unimaginable human suffering, lies and deception.
The true conscience of Russia was Alexander Solzhenitsyn – the man who dared to speak out against the regime and chronicled its crimes in painstaking detail.
And in insisting that the Russian people ‘live not by lies’, Solzhenitsyn made a tiny but deep fissure in the wall of hypocrisy which was, in time, to crack the whole rotten system apart.
The truth Solzhenitsyn told helped to make Russia free.
As Mikhail Gorbachev yesterday acknowledged, Solzhenitsyn had ‘helped people see the real nature of the regime’ – and his writings had helped to ‘make our country free and democratic’.
Solzhenitsyn brought the terrible reality of the Soviet gulag home not just to foreigners but to ordinary Russians too.
In the bright, sanitised world of Soviet propaganda, Solzhenitsyn’s writing held a mirror to the Soviet Union’s darkest secrets.
He was to pay a heavy price for this.
After being awarded the Nobel Prize for Literature in 1970 he was too famous to jail, yet his presence became too toxic for the authorities to bear.
He was forced on to a plane for America in 1974.
There, he retired to rural Vermont, where the winters reminded him of Russia. But America, ‘land of the free’, was ironically to disillusion him as well, and he turned his indignation on the injustices of capitalism.After two decades in exile, he returned to Russia in 1994 and was feted as an almost messianic figure.
It was here that Solzhenitsyn’s moral compass, so steady in the black and white world of Stalin’s Russia, began to waver.
But for all his hatred of the Communist Soviet Union, Solzhenitsyn found that he had no love for the capitalist Russia of the Nineties and what he saw as its decadent values.
He refused to accept a state prize from Boris Yeltsin because he had brought ‘so much suffering on the Russian people’.
Indeed, when Vladimir Putin – a former KGB officer – began to prune away the anarchic freedoms which Yeltsin had won, Solzhenitsyn hailed his ‘strong leadership’ and brushed aside Putin’s KGB past, saying: ‘Every country needs an intelligence service.’
Yesterday, Putin returned the compliment, lamenting Solzhenitsyn’s passing as a ‘heavy loss for Russia’.
Putin and Russia’s new president, Dmitry Medvedev, are expected to attend Solzhenitsyn’s funeral at Moscow’s Donskoi monastery today. The strangeness of an ex-KGB officer paying tribute to Russia’s greatest dissident is a reflection of how conflicted Russia remains about its recent past – and in particular the legacy of Stalin.He was the greatest mass murderer of the last century, starving millions in man-made famines and creating a prison system which claimed more lives than the Nazi death camps.
And yet recent polls have shown that Stalin is regarded as one of Russia’s most respected historical figures.
With the Kremlin’s blessing, school history books are being revised to show the ‘Great Leader’ in a more positive light, as the victor of World War II and the moderniser of Russia.
Putin even described the fall of the Soviet Union as ‘the greatest geopolitical tragedy of the century’.
Solzhenitsyn’s life was a refutation of that. The one constant in that life was that he was moved by a powerful, almost mystical, moral sense.
He felt compelled to speak out against what he felt was wrong, regardless of the consequences. In his case, these injustices were eight years in the gulag, decades of harassment and denunciation by the Soviet authorities and the regime’s craven ‘intellectuals’ and, finally, 20 years of exile from the country which he loved with a passion.His first crime was to criticise Stalin in a private letter to a friend in 1945.
When the military censor reported the letter to the secret police, Solzhenitsyn, then a young artillery captain twice decorated for valour, was sent, after a perfunctory trial, to Stalin’s nightmarish gulags.
Like 18 million of his fellow countrymen, he found himself plunged into a parallel world of unimaginable brutality, where prisoners slaved in the Siberian cold on madly futile projects like canals no one needed and train lines to nowhere.
Later he wrote of ‘the desperate loneliness of the accused, the confusion and dislocation, the fear and indignation of the men and women who were rapidly filling the Soviet Union’s jails’.
‘The whole apparatus threw its full weight on one lonely and uninhibited will,’ he recalled.
‘Brother mine! Do not condemn those who turned out to be weak and confessed to more than they should have. Do not be the first to cast a stone at them!’
Solzhenitsyn called Stalin’s prison system the Gulag Archipelago – like islands in a sea of frozen steppe, the barbed-wire fenced gulags were a state within the state.
After his release he penned a short story which described, in simple but devastating detail, one day in the life of a gulag inmate, Ivan Denisovich.
When it was published in 1962, during a brief post-Stalin thaw, One Day In The Life Of Ivan Denisovich caused a sensation.
The state had tried to airbrush Stalin’s gulags, purges and famines from history.
Solzhenitsyn spoke for the millions whose voices Stalin had silenced.
One of them was my mother’s father, Boris Lvovich Bibikov.
A devoted Bolshevik, Bibikov had received the Order of Lenin for his part in building the Kharkov Tractor Factory, one of the giant projects of the industrialisation drive of the Thirties.
But in the Great Purge of 1937, which Stalin launched against his real and imagined opponents, Bibikov found himself accused of crimes against the revolution.
He was tried by a secret court on evidence obtained under torture, and sentenced to death.
The usual method was ‘nine grams’, the weight of a pistol bullet, to the back of the head – my grandfather’s fate. His wife, my grandmother, was sent to the gulag for 15 years as the wife of an ‘enemy of the people’.His two daughters – my mother and aunt – were sent to an orphanage for re-education.
Some years ago I was given permission to read my grandfather’s secret police file.
It contained about 3lb of paper, the sheets carefully numbered and bound, with my grandfather’s name entered on the crumbling brown cover in curiously elaborate, copperplate script.
The file sat heavily in my lap, eerily malignant, and since the careful bureaucrats who compiled the file neglected to say where he was buried, this stack of paper is the closest thing to Boris Bibikov’s remains.
For the days I sat in the former KGB HQ in Kiev examining the file, Alexander Ponamaryev, a young officer of the Ukrainian security service sat with me, reading out passages of barely legible cursive script and explaining legal terms.
‘Your grandfather believed,’ said Ponamaryev.
‘But do you not think that his accusers believed also? Or the men who shot him?’
Solzhenitsyn once posed the same question.
‘If my life had turned out differently, might I myself not have become just such an executioner?’ he wrote in The Gulag Archipelago, his epic literary investigation of Stalin’s terror. ‘If only it was so simple! If only there were evil people somewhere insidiously committing evil deeds, and it were necessary only to separate them from the rest of us and destroy them.But the line dividing good from evil cuts through the heart of every human being. And who is willing to destroy a piece of their own heart?’
Solzhenitsyn’s persecutors, like my grandfather’s, were driven by the same motivations as their victims.
When people become the building blocks of history, intelligent men can abdicate moral responsibility.
Indeed the Purge – in Russian, chistka or ‘cleaning’ – was something heroic to those who made it, just as the building of the great factory was heroic to Bibikov.
The difference was that my grandfather made his personal revolution in physical bricks and concrete, whereas the secret police’s bricks were class enemies, every one sent to the execution chamber another building-block in the great edifice of socialism.
This was the true, dark genius behind Stalinism – a genius which Solzhenitsyn describes in terrifying detail. Not simply to put two strangers – executioner and victim – into a room and convince one to kill the other, but to convince both that this murder served a higher purpose.
This can happen only when a man becomes a political commodity, a unit in a calculation, his life and death to be planned and disposed of like a ton of steel or a truckload of bricks.
The men drawn to serve in the Soviet secret police, in the words of its founder Felix Dzerzhinsky, could either be saints or scoundrels – and clearly the service attracted more than its fair share of sadists and psychopaths.
But they were not aliens, but Russian men, made of the same tissue and fed by the same blood as their victims.
‘Where did this wolf tribe appear from among our own people?’ asked Solzhenitsyn. ‘Does it really stem from our own roots? Our own blood? It is ours.’
This question – how to cope with the beast in man – gives Solzhenitsyn’s writing not just its moral seriousness but its drama, too.
His stories are about men and women forced to make terrible choices.
In the process they occasionally find a kind of greatness and redemption in small acts of kindness or in tiny, private episodes of heroism.
At his best, Solzhenitsyn, like Tolstoy, described the hidden, tragic lives of his characters played out against a background of Russian squalor and casual brutality.
But for all his greatness and importance in bringing down the Soviet Union, by the time of his death Solzhenitsyn had become an irrelevance to the thrusting, new, oil-rich Russia of Vladimir Putin.
In that lies a tragedy because Russia has swung back from its infatuation with wild capitalism into a longing for authority and order.
Solzhenitsyn, once an idealistic Communist, understood better than most how power can pervert men and ideas.
He saw himself as a prophet not just for Russia but for all mankind, and in his later years turned to denouncing the corruptions of Russia’s chaotic brand of freedom and the dangers of liberalism.
But for all his unfashionable conservatism, he believed adamantly in the value of human dignity – and that a state abdicated all moral authority to order society if it abused its citizens.
For all its wealth, Russia remains mired in corruption and injustice. With Solzhenitsyn’s death it has lost its conscience, and is a poorer place for it.
Source : http://www.thisislondon.co.uk
Aggiornamento Alert GCSA-08051 – MS08-030 Vulnerabilita’ Bluetooth
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
******************************************************************
Alert ID : GCSA-08051
Data : 20 Giugno 2008
Titolo : MS08-030 Vulnerabilita’ nello stack Bluetooth
******************************************************************
Le seguenti informazioni integrano quanto gia’ esposto nell’Alert GCSA-08051:
E’ uscita una re-released del bollettino di sicurezza Microsoft MS08-030
per gli utenti di Windows XP Service Pack 2 e Windows XP Service Pack 3.
http://www.microsoft.com/technet/security/bulletin/ms00-030.mspx
La versione precedente del security update non correggeva completamente
la vulnerabilita’ descritta nel security bulletin.
La versione aggiornata del security update e’ disponibile attraverso gli
stessi canali di distribuzione del security update originale, inclusi
l’Aggiornamento Automatico, Windows Update, Microsoft Update, Windows Server
Update Services
Per quanto riguarda gli utenti di:
Windows XP Professional x64 Edition,
Windows XP Professional x64 Edition Service Pack 2,
Windows Vista,
Windows Vista Service Pack 1,
Windows Vista x64 Edition,
Windows Vista x64 Edition Service Pack 1
che hanno gi applicato la prima versione di questo security update,
NON sono interessati a questa nuova versione del security update
pertanto NON devono effettuare nessuna azione in merito.
—–BEGIN PGP SIGNATURE—–
iQCVAwUBSFtzPfOB+SpikaiRAQJBXQP+PWaaf60sm+p7ebOelznssk94t4+f5PSL
fRn84IOXiGIsS88fp2Qg0QJlohi8BRsKZREBgJKoOxw1wKx5y1FcTZRvb5SZTT6X
3XyvTXPRSnFZp0KoJQp0t10H6A8+Z8vnFcrd3I0B9x55mZD5TzNu1rabLZ8EQ3tD
LVfYZeMkFoY=
=yuSv
—–END PGP SIGNATURE—–
Alert GCSA-08051 – MS08-030 Vulnerabilita’ nello stack Bluetooth
Descrizione del problema
E’ stata individuata in Microsoft Windows una vulnerabilita’ dello
stack Bluetooth legata all’esecuzione di codice in modalita’ remota
dovuta al fatto che lo stack Bluetooth non e’ in grado di gestire
correttamente numerose richieste di descrizione di servizio. Questa
vulnerabilita’ potrebbe consentire a un utente malintenzionato di
eseguire codice con privilegi elevati. Sfruttando questa
vulnerabilita’, un utente malintenzionato potrebbe assumere il pieno
controllo del sistema interessato.
una simpatica Catena con un mini Dizionario Inglese-Piemontese
Si tratta di :Catene di Sant'Antonio
A
A bike = Ora guardo
A new lot = Tipo di pasta ripiena
A steam = All’incirca, approssimativamente
An both = L’una
At sent = Ti ascolto, (Egli ti ascolta)
B
Back = Il becco (idiom. Sarah’s back!: Taci, una buona volta!)
Bay = Belli, di gradevole aspetto
Be-cell = Bicchiere
Been = Bene
Bike-a = Guarda
Bike-a-been = Guarda con attenzione
Bike-a-lee = Guarda li’
Bike-a-sea = Guarda qui
Board = Bordo, margine
Book = Foro, orifizio
Book indoor = Boccuccia d’oro (vezz.)
Boot-a-lean = Botticella (fig.: Persona rotondetta e di bassa statura)
Brass = Braccio
Brass-a-let = Bracciale
Brick = Altura, picco inaccessibile
Broad = Brodo
Bruce = Formaggio fermentato piccante
Bus = Basso, piccolo
Bus in = Catino, mastello
But = Picchia! Percuoti!
But-easter = Battista (esempio: Me soon But-easter / Il mio nome è Battista)
C
Call = Collo (fig. Man a call / Aggressione fisica.
Come palm man a call / lett. ‘Egli si comporta in modo manesco’)
Can a got = Cane e gatto (fig. Soon can a got /Antipatia profonda e reciproca)
Can cell = Infisso metallico (dim. Can cell-in)
Can soon = Breve componimento musicale
Cake ‘cause = Qualche cosa
Car = Costoso, caro
Car lean = Diminutivo di Carlo
Card = Cardo
Care-ask = Comune di Cherasco (CN)
Cartoon = Carro a trazione animale (fig.Veicolo in pessimo stato di manutenzione)
Cent = Ascolta (esempi: Cent see, Cent been, Cent so see)
Cheat = Piccolo (vezz.: Figliolo). Been cheat / Molto piccolo
Chess = Ritirata, gabinetto
Choke = Diverbio (cfr. Call)
Cigar-soon = Questi lavoranti (Cigar-soon soon fort /Questi lavoranti sono muscolosi)
Cigarette = Questi tacchi (Cigarette soon out-bus /Questi tacchi sono alti-bassi)
CNN = ‘Qui non c’é’
Come- in = ‘Comignolo, canna fumaria, camino
Come pass moon = Passami quel mattone (cameratesco)
Come pass spoon soon = Passami quel punzone
Come-scooter = (pron.americana) Dia retta a me
Cool = Quello (Cool lee / Quello lì)
Cool hat = Colletto
Cow-lee-Moore = Comune di Cavallermaggiore (CN)
Cow-set = Pedalino (See cow-set soon bay / Questi calzini sono graziosi)
Cows = Pedata, calcio (singolare e plurale)
Cream-in-all = Delinquente, pericoloso malfattore
Crisp of house = Esclamazione di sorpresa e disappunto
Cue-arch = Coperchio
Cup = Superiore in via gerarchica
Cup-lean = Piccolo copricapo
Cut-in = Bacinella
D
Dance = Viscoso
Do rest = D’altra parte
Do set = Vino Dolcetto (Boone’s do-set sea / E’ buono questo Dolcetto)
Dust = Astigiano
F
Fair = Ferro
Fall = Scemo, infermo di mente
Fans-out = Fai/Fare un salto (Fans-out been out, ecc.)
Fast-tree = Lett. ‘Fa schifo’
Fee Dick = Fegato
Feel = Cordicella, filo
Feet = Pigione affitto (An feet cream-in-all / Un canone esorbitante)
Few lean = Ragazzino
Flip = Filippo (dim.: Flip-hot)
Fool-and-run = Zuzzerellone
Freak an do = Persona particolarmente ingenua
Freezer = (Pron. Americana) briciola
G
Goes = Gas
Got in = (Pron. Americana) Micetto
Got us = (Pron. Americana) Gattaccio
Grease = Grigio, spento
Group = Nodo
H
Harry’s pet = ‘Rispetto a…’
He corn = Le corna
Hey pence = Ci penso
Home = Uomo
Human tell… = Lett.: ‘Li abbiamo nel…’ (Human cell-let /Li abbiamo sul letto; Human tell grass / Li conserviamo nel grasso)
I
I = Aglio
I a seen = Calli
J
Jaw-an = Giovanni
Jew-an-hot = Giovanotto
K
Knees = Livido
L
Lay soon = Spartineve
Lean = Lino
Lean out = Eccone li’ un altro
Lee moon = Limone (Soon car sea lee-moon / Questi limoni costano cari)
Let = Letto, giaciglio
Light = Latte
Look at = Luchetto
Lord = Alticcio, ubriaco
Love-trees = Lavatrice
Lover = Labbro
M
Mack = Soltanto (mack so see / soltanto questo)
Make-up = I miei superiori
Mars soon = Tisico, tubercolotico
May = Meglio
Me = Io
Me can’t bean = Io canto bene
Me-clean = Diminutivo di Michele
Me cut = Io compero
Me soon = Io sono (Me soon out, Me soon Bell, Me soon fall, ect.)
Met he-cool-whose=Persona molto scrupolosa
Meet chop = Ti agguanto, ti acciuffo
Meet mass = Ora ti ammazzo
Men too = Il mento
Merry-a = Granoturco
Miss cup = Io taglio la corda
Miss pet = Io aspetto
Moon = Mattone
Mouse = Mi alzo
Much-a-fair = Scarto di fonderia
Must-in = Cane da combattimento, mastino
N
Need = Nido
Noose = Noce (albero / frutto)
Noose-ale = Un uccello
Now = Nave
O
Out = Alto
P
P.set = Ricamo fatto a mano
P.toast = Piuttosto
Party = Andarsene
Pass tea soon = Persona confusionaria
Pass us talk = Lett.:’Porgimi quel pezzo’
Pat-a-truck = Grosso guaio, inconveniente
Peace a can = Fungo non commestibile
Peace thin = Persona pignola / permalosa
Pearcy = Pesca (frutto), il pesco
Penn-to = Pettine
Pet = Flatulenza
Phil = Filo, spago
Phil-at = Taglio pregiato di carne
Pick = Piccone
Pin-bus = Piu’ in basso (Pin out / piU’ in alto)
Pin-hot = Diminutivo di Giuseppe (anche Pin in)
Politic-hunt = Politicante
Pooh Daisy = Se potessi
Pooh lance = Pollenzo, Frazione del Comune di Bra (CN)
Pooh-last = Pollo
Pooh set = Caditoia, tombino
Pooh’s-thin = Portalettere
Poor cell = Suino
Poor seen = Fungo commestibile pregiato
Poor tall = Portale, varco di una certa larghezza
Port-Hugh-all = Arancia (varieta’ di…)
Pump-east = Pane secco grattugiato
Pull moon = Organo respiratorio
Q
Queen touch = Tipica esclamazione piemontese
R
Ranch-in = Avaro, tirchio
Randy = Rendere (Soon-see a rendy’s pooh-last / Sono venuti a restituire questo pollo)
Reeve at = Chiodo ribattuto
Reeve us = Scarpata, riva scoscesa (generalmente incolta)
Root = Rotto, fuori servizio
S
School = Malattia venerea
Scoop = Scopa
Scoop us = Scapaccione, schiaffo
Sea-lance he = Quiete, silenzio
Sea-us = Setaccio
Seen Dick = Sindaco
Sense-a-sense = Del tutto privo di logica
Sense out = Certamente
Serve I = Selvatico (fig. bizzoso)
Set = Sette (numero)
Seven-me, twenty?=Se vengo io, vieni anche tu?
Seventy = Nel caso tu venga
Siamese = Questi amici
Since-cent = Cinquecento
Sir pant = Serpente
Sir vicious = Servizievole
So post = Lett.: ‘Il suo posto’ (Come pass talk a so post /Metti a posto questo pezzo)
Soap = Zoppo, claudicante
Sold = Soldo, moneta (Since-cent sold)
Son = Questo
Soon lee = Sono li’ (Soon sea / Sono qui)
South = Salto
South-he-soon = Salsiccione
Spirit-wall = Incorporeo, spirituale (An home spirit-wall: dicesi di persona di animo elevato)
Spirit-whose = Arguto, divertente
Spoon to-sea = Giunti a questo punto
Squeeze = Cigolare
Stack = Stuzzicante
Steel = Stile, eleganza
Steward-me = Questo lo guardo io
Stock = Questo pezzo
Sue lot = Cipolline (anche: Sue lean)
Sun-a-Tory = Ospedale cronicario
Sun Crown = Cavolo/i
Switch = Sveglio, veloce
T
Theeth say fall = Ma tu sei pazzo!
Ten = Prendi, agguanta
The cheese = Deciso, determinato
The steep sea = Di questo genere
These cows = Scalzo
Three fool-a = Tartufo
Tie = Taglio
Tie-a-ring = Tagliatelle
To let = Barattolino
To mean = Piccolo formaggio fresco
To rent = Torrente
To scan = Sigaro italiano
U
Us-us-in = Omicida, assassino
W
Way, sent = Lett.: ‘Ehi, ascolta!’
Who-rend = Orrido, disgustoso. Ma anche lett.: ‘Cio’ e’ redditizio’
Who speed all = Ospedale
Alert GCSA-08027 – Vulnerabilita’ multiple in MIT Kerberos
Si tratta di :Sicurezza
Descrizione del problema
Sono state individuate alcune vulnerabilita’ in MIT Kerberos che
potrebbero consentire ad un aggressore remoto di entrare in possesso
di informazioni sensibili, causare un denial-of-service o prendere
il completo controllo di un sistema vulnerabile.
La prima vulnerabilita’ e’ causata da un errore nella gestione delle
richieste krb4 da parte del KDC server (Key Distribution Center) che
puo’ portare al crash del sistema, dare accesso ad informazioni
sensibili (comprese le chivi segrete) ed esecuzione di codice
arbitrario.
La seconda vulnerabilita’ e’ causata da un errore presente nel KDC
server nel momento in cui manda risposta a richieste krb4. Tale
vulnerabilita’ puo’ essere sfruttata per accedere a dati sensibili
presenti nello stack della memoria attraverso richieste krb4
appositamente predisposte.
La terza vulnerabilita’ e’ causata da un errore di corruzione della
memoria nelle librerie RPC durante la gestione di un grande numero
di file descriptor aperti, e puo’ portare alla corruzione del
database e all’esecuzione di codice arbitrario.
Alert GCSA-08011 – MS08-004 Vulnerabilita’ in Windows TCP/IP (946456)
Si tratta di :Sicurezza
Descrizione del problema
Esiste una vulnerabilita’ nello stack TCP/IP, durante l’elaborazione
di pacchetti ricevuti da server DHCP, che puo’ essere sfruttata
da un aggressore remoto per mezzo di pacchetti artefatti.