Vulnerability Summary for the Week of March 7, 2016
ITA
Questo articolo è scritto per te che “non capisci di esser abbastanza cretino” e ti credi molto perspicace e intelligente, una persona che snobba gli articoli e non ha bisogno di niente e prima si iscrive alla newsletter del mio sito e poi si lamenta cancellandosi dalla newsletter.
ENG
This article is written for you that “fairly stupid” and you think you’re very perceptive and intelligent, a person who snubs the articles and did not need anything and before he enrolled at the site of my newsletter and then complains removing himself from the newsletter.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — digital_editions | Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2016-03-09 | 10.0 | CVE-2016-0954 |
adobe — acrobat | Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009. | 2016-03-09 | 10.0 | CVE-2016-1007 |
adobe — acrobat | Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1007. | 2016-03-09 | 10.0 | CVE-2016-1009 |
adobe — acrobat | Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | 2016-03-09 | 7.2 | CVE-2016-1008 |
microsoft — .net_framework | Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka “.NET XML Validation Security Feature Bypass.” | 2016-03-09 | 10.0 | CVE-2016-0132 |
microsoft — infopath | Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0021 |
microsoft — windows | OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Memory Remote Code Execution Vulnerability,” a different vulnerability than CVE-2016-0091. | 2016-03-09 | 9.3 | CVE-2016-0092 |
microsoft — windows | Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka “Windows Media Parsing Remote Code Execution Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0098 |
microsoft — windows | Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka “Windows Media Parsing Remote Code Execution Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0101 |
microsoft — windows | The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows Remote Code Execution Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0117 |
microsoft — windows | The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows Remote Code Execution Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0118 |
microsoft — windows | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0121 |
microsoft — office | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” | 2016-03-09 | 9.3 | CVE-2016-0134 |
microsoft — internet_explorer | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. | 2016-03-09 | 7.6 | CVE-2016-0102 |
microsoft — internet_explorer | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. | 2016-03-09 | 7.6 | CVE-2016-0103 |
microsoft — internet_explorer | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” | 2016-03-09 | 7.6 | CVE-2016-0104 |
microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0107, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113. | 2016-03-09 | 7.6 | CVE-2016-0105 |
microsoft — internet_explorer | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. | 2016-03-09 | 7.6 | CVE-2016-0106 |
microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113. | 2016-03-09 | 7.6 | CVE-2016-0107 |
microsoft — internet_explorer | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0109, and CVE-2016-0114. | 2016-03-09 | 7.6 | CVE-2016-0108 |
microsoft — internet_explorer | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0114. | 2016-03-09 | 7.6 | CVE-2016-0109 |
microsoft — internet_explorer | Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability.” | 2016-03-09 | 7.6 | CVE-2016-0110 |
microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113. | 2016-03-09 | 7.6 | CVE-2016-0111 |
microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0113. | 2016-03-09 | 7.6 | CVE-2016-0112 |
microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0112. | 2016-03-09 | 7.6 | CVE-2016-0113 |
microsoft — internet_explorer | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0109. | 2016-03-09 | 7.6 | CVE-2016-0114 |
microsoft — internet_explorer | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. | 2016-03-09 | 7.6 | CVE-2016-0116 |
microsoft — edge | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. | 2016-03-09 | 7.6 | CVE-2016-0123 |
microsoft — edge | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0129, and CVE-2016-0130. | 2016-03-09 | 7.6 | CVE-2016-0124 |
microsoft — edge | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0130. | 2016-03-09 | 7.6 | CVE-2016-0129 |
microsoft — edge | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0129. | 2016-03-09 | 7.6 | CVE-2016-0130 |
microsoft — office | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka “Microsoft Office Security Feature Bypass Vulnerability.” | 2016-03-09 | 7.2 | CVE-2016-0057 |
microsoft — windows | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096. | 2016-03-09 | 7.2 | CVE-2016-0093 |
microsoft — windows | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096. | 2016-03-09 | 7.2 | CVE-2016-0094 |
microsoft — windows | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096. | 2016-03-09 | 7.2 | CVE-2016-0095 |
microsoft — windows | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0095. | 2016-03-09 | 7.2 | CVE-2016-0096 |
microsoft — windows | The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka “Secondary Logon Elevation of Privilege Vulnerability.” | 2016-03-09 | 7.2 | CVE-2016-0099 |
microsoft — windows | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” | 2016-03-09 | 7.1 | CVE-2016-0120 |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
microsoft — windows | OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Memory Remote Code Execution Vulnerability,” a different vulnerability than CVE-2016-0092. | 2016-03-09 | 6.8 | CVE-2016-0091 |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
microsoft — edge | Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka “Microsoft Edge Information Disclosure Vulnerability.” | 2016-03-09 | 2.6 | CVE-2016-0125 |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-0960 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-0961 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-0962 |
Adobe — Flash Player | Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010. | 2016-03-12 | N/A | CVE-2016-0963 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-0986 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0987 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0988 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-0989 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0990 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0991 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-0992 |
Adobe — Flash Player | Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010. | 2016-03-12 | N/A | CVE-2016-0993 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0994 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0995 |
Adobe — Flash Player | Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0996 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0997 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0998 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000. | 2016-03-12 | N/A | CVE-2016-0999 |
Adobe — Flash Player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999. | 2016-03-12 | N/A | CVE-2016-1000 |
Adobe — Flash Player | Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors. | 2016-03-12 | N/A | CVE-2016-1001 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005. | 2016-03-12 | N/A | CVE-2016-1002 |
Adobe — Flash Player | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002. | 2016-03-12 | N/A | CVE-2016-1005 |
Adobe — Flash Player | Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. | 2016-03-12 | N/A | CVE-2016-1010 |
Android — mediaserver | The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. | 2016-03-12 | N/A | CVE-2016-0815 |
Android — mediaserver | mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. | 2016-03-12 | N/A | CVE-2016-0816 |
Android — Conscrypt | The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. | 2016-03-12 | N/A | CVE-2016-0818 |
Android — Qualcomm performance | The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. | 2016-03-12 | N/A | CVE-2016-0819 |
Android — MediaTek | The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. | 2016-03-12 | N/A | CVE-2016-0820 |
Android — Linux kernel | The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. | 2016-03-12 | N/A | CVE-2016-0821 |
Android — MediaTek | The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. | 2016-03-12 | N/A | CVE-2016-0822 |
Android — Linux kernel | The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. | 2016-03-12 | N/A | CVE-2016-0823 |
Android — Widevine | The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. | 2016-03-12 | N/A | CVE-2016-0825 |
Android — mediaserver | libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403. | 2016-03-12 | N/A | CVE-2016-0826 |
Android — mediaserver | Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509. | 2016-03-12 | N/A | CVE-2016-0827 |
Android — mediaserver | The BnGraphicBufferConsumer:: |
2016-03-12 | N/A | CVE-2016-0828 |
Android — mediaserver | The BnGraphicBufferProducer:: |
2016-03-12 | N/A | CVE-2016-0829 |
Android — DTE Energy Insight application | The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter. | 2016-03-11 | N/A | CVE-2016-1562 |
Android — mediaserver | libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. | 2016-03-12 | N/A | CVE-2016-1621 |
Android — libstagefright | libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591. | 2016-03-12 | N/A | CVE-2016-0824 |
Android — Bluetooth | btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376. | 2016-03-12 | N/A | CVE-2016-0830 |
Android — Telephony | The getDeviceIdForPhone function in internal/telephony/ |
2016-03-12 | N/A | CVE-2016-0831 |
Android — Setup Wizard | Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042. | 2016-03-12 | N/A | CVE-2016-0832 |
Apple — Apple Software Update | Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. | 2016-03-13 | N/A | CVE-2016-1731 |
Cisco — HTTPS inspection engine | The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147. | 2016-03-09 | N/A | CVE-2016-1312 |
Cisco — administration interface | The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506. | 2016-03-09 | N/A | CVE-2016-1325 |
Cisco — administration interface | The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105. | 2016-03-09 | N/A | CVE-2016-1326 |
Cisco — web server | Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935. | 2016-03-09 | N/A | CVE-2016-1327 |
Cisco — TelePresence Video Communication Server | Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. | 2016-03-11 | N/A | CVE-2016-1338 |
Cisco — Prime LAN Management Solution | Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers’ installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. | 2016-03-11 | N/A | CVE-2016-1360 |
Cisco — IOS XR | Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900. | 2016-03-11 | N/A | CVE-2016-1361 |
Debian — jessie | pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the –enable-pt_chown option. | 2016-03-13 | N/A | CVE-2016-2856 |
EMC — Documentum xCP | EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. | 2016-03-09 | N/A | CVE-2016-0886 |
Google — Chrome | The ImageInputType:: |
2016-03-13 | N/A | CVE-2016-1643 |
Google — Chrome | WebKit/Source/core/layout/ |
2016-03-13 | N/A | CVE-2016-1644 |
Google — Chrome | Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data. | 2016-03-13 | N/A | CVE-2016-1645 |
IBM — Tivoli Monitoring | The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors. | 2016-03-11 | N/A | CVE-2015-7411 |
IBM — Flash System V9000 | Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2016-03-12 | N/A | CVE-2015-7446 |
IBM — Maximo Asset Management | IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. | 2016-03-13 | N/A | CVE-2016-0222 |
IBM — Maximo Asset Management | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2016-03-13 | N/A | CVE-2016-0262 |
IBM — Maximo Asset Management | SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2016-03-12 | N/A | CVE-2015-7448 |
IBM — WebSphere Commerce | IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. | 2016-03-13 | N/A | CVE-2016-0208 |
ISC — BIND | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. | 2016-03-09 | N/A | CVE-2016-1285 |
ISC — BIND | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. | 2016-03-09 | N/A | CVE-2016-1286 |
ISC — BIND | resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. | 2016-03-09 | N/A | CVE-2016-2088 |
ISC — DHCP | ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. | 2016-03-09 | N/A | CVE-2016-2774 |
microsoft — internet_explorer | The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed Cascading Style Sheets (CSS) token sequence in conjunction with modifications to HTML elements, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-6048 and CVE-2015-6049. | 2016-03-09 | N/A | CVE-2015-6184 |
microsoft — windows | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka “Windows Elevation of Privilege Vulnerability.” | 2016-03-09 | N/A | CVE-2016-0087 |
microsoft — windows | Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka “Library Loading Input Validation Remote Code Execution Vulnerability.” | 2016-03-09 | N/A | CVE-2016-0100 |
microsoft — windows | The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka “USB Mass Storage Elevation of Privilege Vulnerability.” | 2016-03-09 | N/A | CVE-2016-0133 |
Mozilla — Firefox | Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. | 2016-03-13 | N/A | CVE-2016-1950 |
Mozilla — Firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2016-03-13 | N/A | CVE-2016-1952 |
Mozilla — Firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm. |
2016-03-13 | N/A | CVE-2016-1953 |
Mozilla — Firefox | The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. | 2016-03-13 | N/A | CVE-2016-1954 |
Mozilla — Firefox | Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. | 2016-03-13 | N/A | CVE-2016-1955 |
Mozilla — Firefox | Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. | 2016-03-13 | N/A | CVE-2016-1956 |
Mozilla — Firefox | Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. | 2016-03-13 | N/A | CVE-2016-1957 |
Mozilla — Firefox | browser/base/content/browser. |
2016-03-13 | N/A | CVE-2016-1958 |
Mozilla — Firefox | The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. | 2016-03-13 | N/A | CVE-2016-1959 |
Mozilla — Firefox | Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. | 2016-03-13 | N/A | CVE-2016-1960 |
Mozilla — Firefox | Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. | 2016-03-13 | N/A | CVE-2016-1961 |
Mozilla — Firefox | Use-after-free vulnerability in the mozilla:: |
2016-03-13 | N/A | CVE-2016-1962 |
Mozilla — Firefox | The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | 2016-03-13 | N/A | CVE-2016-1963 |
Mozilla — Firefox | Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. | 2016-03-13 | N/A | CVE-2016-1964 |
Mozilla — Firefox | Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. | 2016-03-13 | N/A | CVE-2016-1965 |
Mozilla — Firefox | The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/ |
2016-03-13 | N/A | CVE-2016-1966 |
Mozilla — Firefox | Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207. | 2016-03-13 | N/A | CVE-2016-1967 |
Mozilla — Firefox | Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression. | 2016-03-13 | N/A | CVE-2016-1968 |
Mozilla — Firefox | The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font. | 2016-03-13 | N/A | CVE-2016-1969 |
Mozilla — Firefox | Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2016-03-13 | N/A | CVE-2016-1970 |
Mozilla — Firefox | The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. | 2016-03-13 | N/A | CVE-2016-1971 |
Mozilla — Firefox | Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | 2016-03-13 | N/A | CVE-2016-1972 |
Mozilla — Firefox | Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. | 2016-03-13 | N/A | CVE-2016-1973 |
Mozilla — Firefox | The nsScannerString:: |
2016-03-13 | N/A | CVE-2016-1974 |
Mozilla — Firefox | Multiple race conditions in dom/media/systemservices/ |
2016-03-13 | N/A | CVE-2016-1975 |
Mozilla — Firefox | Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2016-03-13 | N/A | CVE-2016-1976 |
Mozilla — Firefox | The Machine::Code::decoder:: |
2016-03-13 | N/A | CVE-2016-1977 |
Mozilla — Firefox | Use-after-free vulnerability in the ssl3_ |
2016-03-13 | N/A | CVE-2016-1978 |
Mozilla — Firefox | Use-after-free vulnerability in the PK11_ |
2016-03-13 | N/A | CVE-2016-1979 |
Mozilla — Firefox | The graphite2::TtfUtil:: |
2016-03-13 | N/A | CVE-2016-2790 |
Mozilla — Firefox | The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | 2016-03-13 | N/A | CVE-2016-2791 |
Mozilla — Firefox | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. | 2016-03-13 | N/A | CVE-2016-2792 |
Mozilla — Firefox | CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | 2016-03-13 | N/A | CVE-2016-2793 |
Mozilla — Firefox | The graphite2::TtfUtil:: |
2016-03-13 | N/A | CVE-2016-2794 |
Mozilla — Firefox | The graphite2::FileFace::get_ |
2016-03-13 | N/A | CVE-2016-2795 |
Mozilla — Firefox | Heap-based buffer overflow in the graphite2::vm::Machine::Code:: |
2016-03-13 | N/A | CVE-2016-2796 |
Mozilla — Firefox | The graphite2::TtfUtil:: |
2016-03-13 | N/A | CVE-2016-2797 |
Mozilla — Firefox | The graphite2::GlyphCache::Loader: |
2016-03-13 | N/A | CVE-2016-2798 |
Mozilla — Firefox | Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. | 2016-03-13 | N/A | CVE-2016-2799 |
Mozilla — Firefox | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. | 2016-03-13 | N/A | CVE-2016-2800 |
Mozilla — Firefox | The graphite2::TtfUtil:: |
2016-03-13 | N/A | CVE-2016-2801 |
Mozilla — Firefox | The graphite2::TtfUtil:: |
2016-03-13 | N/A | CVE-2016-2802 |
Samba — smbd | The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. | 2016-03-13 | N/A | CVE-2015-7560 |
Samba — internal DNS server | The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. | 2016-03-13 | N/A | CVE-2016-0771 |
Schneider — Electric Telvent Sage | Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet. | 2016-03-11 | N/A | CVE-2015-6485 |
BUREAU RECLAMATION MICROSOFT CORPORATION info.lottery_billgates2010
ATTENTION THIS MESSAGE IS FALSE, IT’S ONLY A STUPID CHAIN LETTER, NOT TRUE !!
From: BUREAU RECLAMATION <info.lottery_billgates2010@car-ci.com>
Date: 2010/11/3
Subject: MICROSOFT CORPORATION
To:
BILL-GATES FONDATION
NOTRE DEVISE : LUTTER CONTRE LA PAUVRETÉE DANS LE MONDE
DU: BUREAU DU DÉPARTEMENT INTERNATIONALE DE RÉCOMPENSE DU DIRECTEUR POUR LA PROMOTIONS D’E-MAIL, LOTERIE AMÉRICAINE DE MICROSOFT CORPORATION D’AMÉRICAIN: N?1. MAPLEWOOD LN DAYTON, TX 77535.USA.
AVIS DE GAIN DE RECOMPENSE DE COURRIER ELECTRONIQUE CENTRE DE PRESENTATION DE RECOMPENSE: LE ROYAUME-UNI. NUMERO DE REFERENCE: MSW-L/UK09/M-300-92890
EN LOTS : 2009-JANVIER/TL#22.
NUMERO DE TICKET: 1053 JB1
CHER GAGNANT,
LA GESTION POUR LA COOPÉRATION MONDIALE DE MICROSOFT EST HEUREUSE DE VOUS INFORMER QUE VOUS ÊTES UN GAGNANT DE NOTRE LOTERIE ANNUELLE DE LOTO DE MS-WORD CONDUITE AU NOUVELLE ZÉLANDE. LA NOUVELLE ZÉLANDE AUSTRALIE ÉTANT LE CONTINENT HÔTE DE CE GRAND ÉVÈNEMENT POUR DES ÉVÈNEMENTS ANNUELS DE GAINS INITIE DEPUIS LE 22/JANVIER/ 2009.
VOTRE ADRESSE ÉLECTRONIQUE PERSONNELLE OU DE VOTRE COMPAGNIE A ETE TIREE AU SORT EN JANVIER AVEC LE NO DE REFERENCE: MSW-L/UK09/M-300-92890 ASSOCIE AU NUMÉRO GAGNANT MSW/808-UK/009. VOUS FAITES AINSI PARTIE DE LA PREMIÈRE CATÉGORIE DES GAGNANTS DE LA LOTERIE ET VOUS GAGNEZ PAR CONSÉQUENT LA SOMME DE 250 000 EUROS (DEUX CENT CINQUANTES MILLES EUROS) PAYABLE EN ESPÈCE CRÉDITÉ AU NUMÉRO DE RÉFÉRENCE DE DOSSIER: MSW-L/UK09/M-300-92890. CECI FAIT UN TOTAL DE 2.500. 000 EUROS (DEUX MILLIONS CINQ CENT MILLES EUROS) QUE NOUS DEVONS REPARTIR ENTRES LES 10 GAGNANTS DE LA PREMIÈRE CATÉGORIE.
LE PROCESSUS EST TEL QUE TOUS LES PARTICIPANTS ONT ÉTÉ CHOISIS PARMI DES SITES WEB MONDIAUX PAR NOTRE SYSTÈME DE VOTE D’ORDINATEUR DE MICROSOFT TIRER DE 500.000 NOMS, ÉMAIL-ADRESSE A RAISON DE 62.000 NOMS DE CHAQUE CONTINENT (CANADA, ASIE, AUSTRALIE, ÉTAT UNIS, EUROPE, MOYEN-ORIENT, AFRIQUE ET OCÉANIE) EN TANT QU’ÉLÉMENT DU PROGRAMME INTERNATIONAL DE PROMOTIONS ?D’ E-MAILS ? QUI EST CONDUIT ANNUELLEMENT POUR ENCOURAGER L’UTILISATION DE L’INTERNET ET DES ORDINATEURS DANS LE MONDE ENTIER.
VOS FONDS GAGNER ONT ÉTÉ ASSURES AVEC VOTRE NO. DE RÉFÉRENCE : MSW-L/UK09/M-300-92890, ET SERONT PRÊTS POUR LA LIVRAISON. ILS VOUS SERONT LIVRES PAR L’UN DE NOS AGENTS GESTIONNAIRES DE COMPTE RESPONSABLE DE VOTRE ZONE Me KONE MAMADOU, VOTRE ADRESSE E-MAIL DEVRAIT ÊTRE UTILISÉE DANS TOUTES VOS CORRESPONDANCES AVEC VOTRE AGENT GESTIONNAIRE, NOUS INSISTONS SUR CE FAIT, CAR NOUS FAVORISONS L’UTILISATION DONC LA PROMOTION DE L’E-MAIL. EN OUTRE VOUS AVEZ LE DROIT D’ENVOYER UN MAIL A Me KONE MAMADOU POUR CONFIRMER VOTRE GAIN.
IL VOUS FOURNIRA AUSSI LES DÉTAILS NÉCESSAIRES SUR LA DÉMARCHE QUE VOUS DEVREZ SUIVRE POUR RÉCLAMER VOTRE PRIX. PAR MESURE DE SÉCURITÉ, VOUS DEVEZ VEILLEZ COMMUNIQUER CE CODE DE SÉCURITÉ MSW-L/300-88124 A VOTRE AGENT GESTIONNAIRE DE COMPTE. C’EST EN FAIT UN MOYEN PRÉVENTIF.
RECLAMATION DU PRIX:
L’ÉMAIL DE CONTACT DE L’AGENT GESTIONNAIRE HUISSIER DE COMPTE EST:
Me KONE MAMADOU
RÉCLAMATION PROFESSIONNELLE:
ADRESSE MAIL : KONE.MAMADOU350@GMAIL.COM
TÉLÉPHONE: 00 22 566 594 784
NOUS TENONS A VOUS RAPPELER QUE TOUS LES GAGNANTS SONT TENUS DE RÉCLAMER LEUR GAIN EN ESPÈCE, ET CECI SELON LE DÉLAI QUI LEUR A ÉTÉ FIXE(3 jours), FAUTE DE QUOI CETTE SOMME SERA DESTINÉE AUX ORGANISMES DE CHARITÉ.
INFORMATIONS DE LAURÉAT:
NOM ET PRÉNOMS:
ADRESSE COMPLÈTE:
NUMÉRO DE TÉLÉPHONE:
FAX:
PROFESSION:
ADRESSE ÉMAIL:
AINSI QU’UNE COPIE DE VOTRE PIÈCE D’IDENTITÉ
NOTE : AFIN D’ÉVITER TOUTE ERREUR, NOUS VOUS PRIONS DE BIEN VOULOIR RAPPELER VOS NUMÉROS DE RÉFÉRENCE ET DE LOT, DE MÊME QUE VOTRE CODE DE SÉCURITÉ DE MSW-L/300-88124 DANS TOUTES VOS CORRESPONDANCES AVEC VOTRE AGENT DE RÉCLAMATION. AUSSI NOUS VOUS PRIONS DE NE RÉPONDRE A AUCUN AUTRE COURRIER DOUTEUX, SI VOUS DÉCOUVREZ DES MAILS DE CE GENRE, NOUS VOUS PRIONS DE NOUS LE SIGNIFIER IMMÉDIATEMENT. Me KONE MAMADOU,
NOTRE RESPONSABLE CHARGE DES REVENDICATIONS, VOUS INVITERA A FOURNIR CERTAINES INFORMATIONS AFIN DE PERMETTRE L’ÉTABLISSEMENT D’UN CERTIFICAT ATTESTANT QUE VOUS ÊTES L’HEUREUX(SE) GAGNANT QU’IL SE CHARGERA DE RANGER.
LE PERSONNEL DE LA COOPÉRATION DE MICROSOFT PRESSENTE UNE FOIS DE PLUS SES FÉLICITATIONS A TOUS LES GAGNANTS DE CETTE ANNÉE. MERCI DE FAIRE PARTIE DE CE PROGRAMME PROMOTIONNEL DE LOTERIE. NOUS PRESSENTONS UN REMERCIEMENT SPÉCIAL A BILL GATE LE CONCEPTEUR DE MICROSOFT, DE MÊME QU’A TOUS SES ASSOCIES POUR LEUR CONTRIBUTION A LA LUTTE CONTRE LA PAUVRETÉ.
RESPECTUEUSEMENT,
Mme. Isabelle Chevalier SITE INTERNET
(Coordinatrice). www.gatesfoundation.org
SPONSORS DE LA LOTERIE–CHEF SPONSORS:
MICROSOFT ENTREPRISE USA., MICROSOFT ENTREPRISE UK.,
MICROSOFT ENTREPRISE ASIE., MICROSOFT ENTREPRISE EUROPE.
Les Gestionnaires/Administrateurs
YAHOO! Partenaire Officiel
© 1999-2010 Bill & Melinda Gates Foundation. All Rights Reserved.
SCAM FALSE EMAIL FROM EUROMILLIONES.COM
THIS IS ONLY A SIMPLE SCAM
Your email address has won in the www.euromillones.com.es internet promotions!!!
…
De:
“EuroMillions Corporations: July 2010, Official Winnings Notifications”
A?adir a Contactos
Para:
ONLINE DEPARTMENT: BARCELONA ESPANA
Address:Avinguda del Marqu?s de Comillas, 6
08038 Barcelona, Spain
EUROMILLIONS CORPORATIONS July 2010 (5th July to 4th August) OFFICIAL WINNING NOTIFICATION.
Good day and welcome to EuroMillions corporations, we write to inform you that your email address has won, in the EuroMillions corporation internet May 2010 promotions. Your email address was selected randomly from the EuroMillions automatic computer generated machine, and your email address emerges as one of the online winners. This attracts a prize of Four Hundred Thousand Euros only (400,000.00 Euro) and an Apple 15″ Mac Book Pro Notebook laptop.
——————————
*Your won Bank Draft (Draft (MONEY) / SMART THESAURUS) of Four Hundred Thousand Euros (400,000.00 Euro) and laptop will be presented to you on arrival to our office in Barcelona, within the period of 30 days. Your winnings will be cancelled, if you do not present yourself at our office, within the given period of 30 days.
Alternative mode of payment will be possible, via wire transfer to your designate bank account, only if your country, is member of European Payments Council (EPC) (http://www.europeanpaymentscouncil.eu/) and if only you meet up the Policy of European Payment Council here in Spain.
———————————————————————————————————-
*However, If you are unable to come to our office in Barcelona- Spain to claim your won bank draft (Draft (MONEY) / SMART THESAURUS), your won prize will be presented to you by courier delivery via the promotion board contracted courier company. Take note! EuroMillions Corporation is not responsible for the delivery charges to your location. You will pay for the cost of delivery yourself. Please do not respond to this option, knowing you will not pay for the courier service delivery.
———————————————————————————————————-
Please note: The draft certified cheque and all documents are packaged to be delivered under one way bill by the contracted courier company and are categorized as high priority & express delivery under applicable laws and regulations. This shipment cannot be delivered to P.O. boxes or postal codes but only to you the receiver at your given address.
———————————————————————————————————-
For more information’s, on how to claim your prize, do contact our promotions department via the email below or via telephone, and quote this reference number: EMSTF/2010/DNL/MAY6-30/VGHMJ as you contact our promotion department. This reference number is the security key to your winnings, we advice you keep the reference number to yourself.
EuroMillions Promotion Department.
Contact Person: Manuel Borreria (Promotion Co-ordinator)
Tel: 0034- 634 105 921
Email: manuelborre@terra.es
This promotion is organized by EuroMillions to advertise and to promote our website, http:// www.euromillones.com.es / which is based on all kind internet companies, all kind of computer hardware and software product. This promotion is as well organized to encourage the use of the Internet user and to promote computer literacy worldwide.
Congratulations to you lucky winner!
Sincerely,
Mrs. Generosa Erichsen
Online Co-ordinator
CEO: EMSFT Word Resource Barcelona.
Copyright © 1999-2010 Euromillions All rights reserved.
==============================================================
NOTICE TO RECIPIENT: THIS E-MAIL IS MEANT FOR ONLY THE INTENDED RECIPIENT OF THE TRANSMISSION, AND MAY BE A COMMUNICATION PRIVILEGED BY LAW.
DO NOT SEND YOUR RESPONSE TO THIS EMAIL ADDRESS, BUT TO THE PROMOTION DEPARTMENT @ manuelborre@terra.es FOR CLAIMS AS RESPONSE TO hs9osdksdkws@hotmail.es WILL NOT BE GIVEN DUE ATTENTION
Michael Jackson will come back
Michael Jackson hoax
Michael Jackson will come back Michael Jackson is not dead, he’s alive. And he will come back. Soon he will be in the spot light again. He will then wake up humanity with his message: the world is about to be controlled by a secret society or worse, the Antichrist. Michael is in hiding to come back stronger and to expose the New World Order. This is the firm belief of the masses, who seek each other on the Internet. At www.michaeljacksonhoaxforum.com they exchange clues and ideas. They impute Michael of some kind of messianic role. The forum also attracts fierce opponents of the “Jackson-alive’ thought, which results sometimes in threatening messages. That is why these two Dutch initiators use their nicknames Mo and Souza. But Mo does reveal that she’s a 41-year-old resident of Kollumerland. That there’s a consistent pattern in people denying the death of a celebrity, does not Mo’s mind. The evidence showing Elvis is alive is minor in proportion to this case. “Maybe 1/10 part of clues we have about Michael Jackson being alive”. According to Mo and Souza there’s major evidence in the death certificate. “It shows the name Michael Joseph Jackson. That name is not according to his other official identification documents. Those show Michael Joe Jackson as his name. That’s something that can’t be changed overnight”. Soon after Michael’s death was reported they started doubting. Michael was remembered on CNN by his friend Dave Dave, a man whose face has been maimed in 1983 because he deliberately was set on fire by his father. Dave Dave told how Michael took care of him and was like a father to him. Mo and Souza were amazed by Dave Dave’s appearance on CNN: those gestures, that way of talking. “We fell off the couch, and yelled: That’s him!”. Michael’s and Dave’s faces were simply to match by computer. Mo and Souza say say it is unbelievable that the full autopsy was released to the public, while the lawsuit against Jackson’s doctor yet has to begin. The meticulous description of the body does not match the body of Michael, they believe. There is no mentioning of the burns Jackson sustained during shooting a Pepsi commercial. No word on the cosmetic cleft in his chin, or the skin disease lupus. Mo is definitely not a fan of Jackson, she stressed. “The real diehard fans don’t even notice what’s going on. They just write ‘Oh we miss you so much’ on the fan forums, that’s just how far they get. We started investigating because things just don’t add up.” “The ambulance with wich he was transported to the hospital made three attempts to exit the drive way backwards, that makes no sence, as Google Earth shows there’s a huge roundabout on the property. Why didn’t the ambulance speed up, and was there no alarm light nor a sirene?”. To Mo and Souza it’s clear: Michael’s disappearance is linked to other major events: World improvers as Reverend King, President Kennedy and Princess Diana were removed, the secret society of the Illuminati is about to hit, the Age of Aquarius is coming. Kollumerland’s Mo keeps her identity a secret because threats were ventilated towards them. She knows that she’s laughed at, but it is less important. She is convinced that she will have the last laugh when Michael emerges. Please be patient.
5 suggerimenti dal team di Hotmail per difendersi dai messaggi di posta elettronica indesiderati?
Si tratta di :Phishing e Truffe
Gentile utente, Hotmail è impegnata a difendere la tua posta dai messaggi indesiderati e ogni giorno vengono bloccati oltre 4,5 miliardi di messaggi in tutto il mondo. Disponiamo di un team dedicato che si adopera costantemente per ridurre ed eliminare i messaggi indesiderati dalle caselle di posta di Hotmail. Recentemente ci è pervenuta una crescente richiesta di verifica della legittimità di messaggi di posta elettronica ricevuti. Abbiamo quindi creato questa guida per aiutare tutti gli utenti di Hotmail a riconoscere i messaggi indesiderati che riescono a eludere i nostri filtri. |
|
![]() |
|
![]() |
|
![]() |
|
1) Diffida dai messaggi che richiedono i tuoi dati personali. | |
![]() |
|
![]() |
Qualsiasi messaggio di posta in cui sia richiesto il tuo nome, la data di nascita, il codice fiscale, il nome utente e la password di posta elettronica o qualsiasi altro tipo di dato personale, indipendentemente dal mittente, è quasi certamente un messaggio indesiderato.
Se hai motivo di dubitare che un messaggio sia legittimo, non rispondere al messaggio o non selezionare alcun collegamento ipertestuale. Copia e incolla l’URL oppure visita il sito Web della società per ottenere informazioni sui contatti. Non esitare a contattare il canale di supporto della società per confermare la legittimità del messaggio ricevuto. |
![]() |
|
2) Leggi attentamente i messaggi di posta elettronica che ti sembrano sospetti. | |
![]() |
|
![]() |
I messaggi che contengono poche parole, errori ortografici o frasi quali “questo non è uno scherzo” oppure “inoltra questo messaggio ai tuoi amici” in genere sono messaggi indesiderati. Talvolta i nomi o marchi delle società sono scritti in modo errato o impreciso, ad esempio, Windows Hotmail anziché Windows Live™ Hotmail. |
![]() |
|
3) Proteggi la tua password di Hotmail. | |
![]() |
|
![]() |
Crea una password sicura per l’account di Hotmail utilizzando più di 7 caratteri e utilizzando una combinazione di caratteri maiuscoli e minuscoli, numeri e caratteri speciali, quali i simboli chiocciola (@) o cancelletto (#). È buona norma inoltre modificare la password regolarmente.
Se ricevi una notifica da parte del Supporto tecnico Microsoft che conferma la tua richiesta di modifica della password, ma recentemente non l’hai modificata, significa che qualcuno sta cercando di ottenere l’accesso al tuo account di Hotmail. In questo caso, cambia immediatamente la password. Per modificare la password, visita il sito all’indirizzo http://account.live.com oppure, dall’interno di Hotmail, fai clic su Opzioni, quindi su Visualizza e modifica le informazioni personali. Ti verrà chiesto di eseguire di nuovo l’accesso. Una volta eseguito l’accesso, cerca”Informazioni sulla reimpostazione della password” visualizzata sotto il nome nella parte superiore della finestra. Cambia sia la password che la domanda e la risposta segrete in quanto tutte possono essere state compromesse. |
![]() |
|
4) Agisci! | |
![]() |
|
![]() |
Se pensi che qualcuno abbia utilizzato il tuo account di Hotmail, che la pagina di accesso di Windows Live ID sia falsa o se ricevi un messaggio di posta elettronica sospetto che chiede conferma di una modifica di password che non hai autorizzato, cambia immediatamente la password seguendo le istruzioni sopra indicate oppure visita il sito all’indirizzo: http://account.live.com. |
![]() |
|
5) Aiutaci ad identificare i nuovi messaggi indesiderati. | |
![]() |
|
![]() |
Se utilizzi la versione completa di Hotmail, puoi selezionare il menu a discesa accanto a “Posta indesiderata”, quindi selezionare “Segnala tentativo di phishing”. In ogni caso non rispondere al mittente del messaggio. |
![]() |
|
![]() |
Per ulteriori informazioni sull’argomento, fai clic qui. |
![]() |
|
![]() |
Consigliamo vivamente di conservare questo messaggio come riferimento futuro per poter agire correttamente nel caso tu riceva messaggi indesiderati aiutandoci a mantenere sicura e protetta la tua casella di posta.
Distinti saluti, Il team di Windows Live Hotmail |
![]() |
|
![]() |
|
![]() |
|
*Phishing: termine che indica la pratica di attirare persone ignare su un sito Web contraffatto utilizzando messaggi di posta elettronica all’apparenza autentici, talvolta utilizzando il vero logo dell’organizzazione, nel tentativo di appropriarsi di dati personali importanti, quali i numeri delle carte di credito, le password, gli account o altre informazioni. |
Videos: Turkish UFO Footage, a Well Shot Hoax?
Si tratta di :Bufale e Hoax
I’S A HOAX DONT’ WORRY…
?stanbul / Kumburgaz UFO’s and ALIENS ARE BACK in 2008
?stanbul Kumburgaz 2008 K?sa Kay?t from fox mulder on Vimeo.
Ufo around the word in this page
http://www.uberreview.com/2008/10/videos-turkish-ufo-footage-a-well-shot-hoax.htm
you can see a page you can read ” I am a massive skeptic, but I do so love a good hoax. The footage was allegedly shot by 42-year-old night guard, Yalcin Yalman. I mean if this were real, Tommy Lee Jones would have erased their memories months ago.” this is a very good hoax i agree, the page continue ….
“One more video after the jump.” here the video
?stanbul / Kumburgaz UFO’s and ALIENS ARE BACK in 2008! from fox mulder on Vimeo.
Oscurità mondiale: il 17 settembre 2008 dalle 21.50 alle 22.00
Sta circolando una e-mail per sensibilizzare il consumatore finale a risparmiare energia elettrica il titolo della e-mail che gira in molte lingue è il seguente Oscurità mondiale: il 17 settembre 2008 dalle 21.50 alle 22.00.
E’ un nobile gesto che può fare qualcosa di concreto perchè risparmiare oggi ci consente di avere un futuro domani, ricordo che girano pure varianti che invitano a impostare gli sfondi del computer con sfondi di colore nero per risparmiare energia addirittura in alcune ci sono consigli per impostare in word il nero come sfondo, questa tecnica se usdata nei monitor tradizionali può a lungo termine preservare il monitor anche se vi confesso che dipende da monitor a monitor, ad ogni modo in un computer dotato di monitor LCD è DEL TUTTO INUTILE impostare lo sfondo nero.. dopo questa breve parentesi di seguito il testo della e-mail per consentire al pianeta di respirare almeno per 10 minuti.
Proponiamo di spegnere tutte le luci e gli apparecchi elettronici affinchè il nostro pianeta possa ‘respirare’. Se ci sarà una risposta collettiva l’energia risparmiata sarà moltissima. Solo dieci minuti e vedremo cosa succede. Stiamo 10 minuti nell’oscurità, prendiamo una candela e semplicemente fermiamoci a guardarla mentre il nostro pianeta respira.
Ricordate che l’unione fa la forza e internet ha molta influenza, può essere qualcosa di veramente grande.
Gira la mail, se hai amici che vivono in altri paesi fai girare loro la notizia.
APAGÓN MUNDIAL EL 17 DE SEPTIEMBRE DE 2008
ESTE APAGÓN SERÁ DE 21:50 A
22:00, A LA MISMA HORA LOCAL DE CADA PAÍS
EN TODO EL MUNDO.
On
Wendesday, September 17, 2008, I invite people around the world to
turn
off their lights for ten minutes – from 9:50pm to 10:00pm in
their
local time zone.
Castellano:
Oscuridad mundial: En Septiembre 17,
2008 desde las 21:50 a las 22:00 horas.
Se propone apagar todas las
luces y si es posible todos los aparatos
eléctricos, para que nuestro
planeta pueda ‘respirar’.
Si la respuesta es masiva, la energía que se
ahorra puede ser brutal.
Solo 10 minutos y vea que pasa.
Si estamos 10
minutos en la oscuridad, prendamos una vela y
simplemente la miramos y
nosotros estaremos respirando y nuestro
planeta.
Recuerde que la unión
hace la fuerza y el Internet puede tener mucho
poder y puede ser aun
algo más grande.
Pase la noticia, si usted tiene amigos que viven en
otros países
envíeselo a ellos.
Ingles:
Darkness world: On September
17, 2008 from 21:50 to 22:00 hours.
Proposes to delete all lights and
if possible all electrical
appliances, to our planet can ‘breathe’.
if
the answer is massive, energy saving can be brutal.
Only 10 minutes,
and see what happens.
Yes, we are 10 minutes in the dark, we light a
candle and simply
Be looking at it, we breathe and our planet.
Remember
that the union is strength and the Internet can be very power and can
Even do something big.
Moves the news, if you have friends to live in
other countries send to them.
Chino:
???????2008?9?17??21?50??22:00 ?
?
????????????????????????????’??’ ?
?????????????????
??10??????????????
????10???????????????????????????????
?????????????????????????????????
??
????.
Portugués:
Escuridão mundial: No dia 17 de Setembro de 2008
das 21:50 às 22:00 horas
propõe-se apagar todas as luzes e se possível
todos os aparelhos
eléctricos, para o nosso planeta poder ‘respirar’.
Se a resposta for massiva, a poupança energética pode ser brutal.
Só 10
minutos, para ver o que acontece.
Sim, estaremos 10 minutos às escuras,
podemos acender uma vela e simplesmente
ficar a olhar para ela,
estaremos a respirar nós e o planeta.
Lembrem-se que a união faz a
força e a Internet pode ter muito poder e podemos
mesmo fazer algo em
grande.
Passa a notícia, se tiveres amigos a viver noutros países
envia-lhes.
Árabe:
???? ?????? : ??? 17 ?????? 2008 ?? ?????? 21:50
??? 22:00
? ?????? ??? ???? ??????? ???? ???? ???? ??????? ?????????? ?
?????
??????? ‘?????’.
??? ??? ?????? ????? ? ????? ???????? ??
??????? ?????? ??????.
???? 10 ????? ??? ? ???? ?? ??????.
??? ? ???
??? 10 ????? ?? ?????? ? ???? ??? ??? ???? ????????
?? ????? ????? ?
???? ????? ????????.
????? ?? ??????? ?? ?????? ????? ???????? ???? ??
???? ????? ????? ??????
??? ???? ???? ??????.
???????? ??????? .
Francés:
?Darkness monde: Le 17 Septembre 2008 de 21:50 à 22:00 heures
Propose de supprimer toutes les lumières et, si possible, tous les
appareils électriques, à notre planète peut ‘respirer’.
Si la réponse
est massive, les économies d’énergie peuvent être brutales.
Seulement
10 minutes, et de voir ce qui se passe.
Oui, nous sommes 10 minutes
dans le noir, on allume une bougie et simplement
??tre regarder, que
nous respirons et de notre planète.
N’oubliez pas que l’union fait la
force et l’Internet peuvent être
très électricité et peut
Même faire
quelque chose de grand.
Déplace l’actualité.
Griego:
??????? ???µ?:
???? 17 ??? ??? 2008 ??? 21:50 ??? 22:00 ????
????????? ?? ?????????
??? ?? ???? ??? ?? ????? ???????, ???? ???
?????????? ????????, ??
??????? µ?? µ????? ?? «????????».
??? ? ???????? ????? µ?????, ?
????????µ??? ????????? µ????? ?? ????? ????????.
???? 10 ?????, ??? ??
???µ? ?? ??µß?????.
???, ??µ???? 10 ????? ??? ???????, ?? ?????? ???
???? ??? ????
?? ????????µ?, ??? ????????µ? ??? ??? ??????? µ??.
??µ?????? ??? ? ????? ????? ? ????µ? ??? ?? Internet µ????? ?? ?????
???? ????µ? ??? µ?????? ??
???µ? ?????µ? ???? µ?????.
???????????? ???
??????, ?? ????? ?????? ?? ???? ?? ????? ????? ??
???????? ???? ???
????.
Alemán:
Darkness Welt: Am 17 September 2008 von 21:50 bis 22:00
Uhr
Schlägt vor, alle Lichter zu löschen und, wenn möglich, alle
elektrischen Geräte, die unseren Planeten kann ‘atmen’.
Wenn die
Antwort ist derb, Energieeinsparung kann brutal.
Nur 10 Minuten, und
sehen Sie, was passiert.
Ja, wir sind 10 Minuten im Dunkeln, wir Licht
einer Kerze und einfach
Sei es bei der Suche, die wir atmen, und
unseres Planeten.
Denken Sie daran, dass die Gewerkschaft ist Stärke
und das Internet
kann sehr Macht und können
Selbst etwas tun groß.
Verschiebt den Nachrichten.
Ruso:
???? ?? ?????: 17 ???????? 2008
???? ? 21:50 ?? 22:00 ????? ?????????
??? ????, ?, ?? ???????????, ???
??????????????, ????? ???? ???????
????? ???????? ‘????????’ ???? 10
?????.
? ?????? ????????? ???????, ???? ?????? ???????? ? ?????????
?????????? ??????? ?? ????? ??????? ????. ????? ?????? 10 ?????, ? ??
??????? ??? ????? ????? ?????????.
?? ??? 10 ????? ????? ??????
???????? ? ???????, ?????? ????? ?
???????? ??? ?? ?????. ? ?? ???
????? ???? ??????? ?????? ????????
??????????.
???????, ??? ??????????
???????? – ??? ????, ? ???????? – ??? ???????
????, ?????? ?? ?????
???????? ????? ???????.
?????? ? ??? ??????!!!
Holandés:
Darkness
wereld: Op 17 September 2008 van 21:50 tot 22:00 uur
Stelt voor om alle
lichten en zo mogelijk alle elektrische apparaten,
om onze planeet kan
‘ademen’.
Indien het antwoord is enorm, de energiebesparing kan worden
wreder.
Slechts 10 minuten, en zie wat er gebeurt.
Ja, we zijn 10
minuten in het donker, we licht van een kaars en gewoon
Wordt kijken,
we inademen en onze planeet.
Vergeet niet dat de unie is kracht en het
internet kan zeer macht en kan
Zelfs iets te groot.
Il Virus Klingerman
Il Virus Klingerman
Questa è una e-mail di allerta per un VIRUS vero e proprio… uno che colpisce le persone non il vostro computer…
Già 23 persone sono state infettate dal Virus Kingerman, la particolarità di questo virus reale è che arriva direttamente nella tua cassetta della posta reale non nella tua e-mail !!!
Qualcuno ha già inviato grandi buste gialle, a persone prese in modo casuale dall’elenco telefonico, all’interno del territorio Italiano…
Nella parte davanti della busta c’è una scritta in grassetto che dice “Un regalo per te dalla Fondazione Klingerman”.
Attenzione non appena la busta viene aperta, c’è una piccola spugnetta avvolta in una plastica. Questa spugna è impreganata con il virus Klingerman, questo è un pericolo per la salute pubblica è una tipologia di virus molto strana non è stata mai identificata in passato… si tratta quindi di un virus molto pericoloso !
Quando abbiamo chiesto alle autorità, il capitano Saro Falsaperla ha affermato “stiamo mobilitando tutti i distretti sanitari e le A.S.L. in collaborazione con le poste Italiane” per cercare di rintracciare chi spedisce questompericoloso virus.
Gli indirizzi del mittente sono tutti diversi , di sicuro utilizzano molti comlpici e avranno una rete capillare di pazzoidi che inviano di nascosto queste buste pericolose…
Quelli che hanno avuto un qualsiasi contatto con una busta di queste sono stati ricoverati per una forte scarica di dissenteria. Sono morte già 7 persone delle 23 colpite.
Non si capisce il perchè la fantomatica Associazione Klingerman continua a mandare queste buste con la scritta regalo.
Se per caso ricevi una busta gialla molto grossa con la scritta “un regalo per te dalla fondazione Klingerman”,
NON APRIRLO !!. Metti la busta gialla in un sacchetto di plastica, va bene anche una busta tipo quella della spesa, e portala subito al Sindaco… se non puoi chiama la polizia .
Ricorda che dentro non c’è nessun regalo non farti tentare, rischi la morte !!!
PER FAVORE FALLA GIRARE, AIUTERAI IL PROSSIMO... STIAMO IN GUARDIA!!!
SI TRATTA DI UNA BUFALA… BELLA GROSSA …. QUESTO E’ UN HOAX SORRIDI….
Klingerman Virus
This is an alert about a virus in the original sense of the word… one that affects your body, not your hard drive.
There have been 23 confirmed cases of people attacked by the Klingerman Virus, a virus that arrives in your real mail box, not your e-mail in box.
Someone has been mailing large blue envelopes, seemingly at random, to people inside the US.
On the front of the envelope in bold black letters is printed, “A gift for you from the Klingerman Foundation.”
When the envelopes are opened, there is a small sponge sealed in plastic. This sponge carries what has come to be known as the Klingerman Virus, as public health officials state this is a strain of virus they have not previously encountered.
When asked for comment, Florida police Sergeant Stetson said, “We are working with the CDC and the USPS, but have so far been unable to track down the origins of these letters.
The return addresses have all been different, and we are certain a remailing service is being used, making our jobs that much more difficult.”
Those who have come in contact with the Klingerman Virus have been hospitalized with severe dysentery. So far seven of the twenty three victims have died. There is no legitimate Klingerman Foundation mailing unsolicited gifts.
If you receive an oversized blue envelope in the mail marked,”A gift from the Klingerman foundation”, DO NOT open it. Place the envelope in a strong plastic bag or container, and call the police immediately.
The “gift” inside is one you definitely do not want.
PLEASE PASS THIS ON TO EVERYONE YOU CARE ABOUT.
THIS IS AN HOAX, IT’S ALL FALSE !! SMILE !!
Caro Membro CartaSi, CARTA SI SERVIZIO VERIFIED – TRUFFA, PHISHING AI DANNI CLIENTI TITOLARI CARTA SI, ONLINE BANKING
Si tratta di :Phishing e Truffe
ATTENZIONE TRUFFA, NUOVO TENTATIVO PHISHING AI DANNI DEI CLIENTI CARTA SI
OGGETTO : Caro Membro CartaSi, CARTA SI SERVIZIO VERIFIED
SITO TRUFFA : http://www. mobeli nc.com/ medi a /s i.html
PRIMA COMUNICAZIONE INGANNEVOLE PROVENIENTE DA TERZI, PER IMPOSSESSARSI DEI VOSTRI CODICI DI ACCESSO AL CONTO…..
La sua iscrizione al servizio Verified by Visa e’ avvenuta con successo!
Le ricordiamo, da questo momento, di utilizzare la sua Password personale ogni volta che le verra’ richiesta: in caso contrario l’acquisto non potra’ concludersi.
Grazie ancora per aver scelto i servizi on-line di CartaSi.
I migliori saluti.
Servizio Clienti CartaSi
******************************
VUOLE CONTESTARE SU UNA SPESA?
Easy Claim ? il servizio che fa per lei!
****************************************************************
IMPORTANTE! Se ha altre CartaSi deve iscriverle singolarmente al servizio
Inviato ai sensi del Provvedimento in materia di trasparenza delle operazioni e dei servizi finanziari emanato il 25 luglio dalla Banca d’Italia su delibera CICR del 04/04/2003.
****************************************************************
Per favore, non risponda a questa mail: per eventuali comunicazioni, acceda al Portale Titolari (https://titolari.cartasi.it) e ci scriva attraverso ‘Lo sportello del Cliente’: e’ il modo piu’ semplice per ottenere una rapida risposta dai nostri operatori.
Grazie della collaborazione.
Grazie ancora per aver scelto i servizi on-line di CartaSi.
I migliori saluti.
Servizio Clienti CartaSi
****************************************************************
VUOLE CONTESTARE SU UNA SPESA?
Easy Claim ? il servizio che fa per lei!
****************************************************************
IMPORTANTE! Se ha altre CartaSi deve iscriverle singolarmente al servizio
Inviato ai sensi del Provvedimento in materia di trasparenza delle operazioni e dei servizi finanziari emanato il 25 luglio dalla Banca d’Italia su delibera CICR del 04/04/2003.
****************************************************************
Per favore, non risponda a questa mail: per eventuali comunicazioni, acceda al Portale Titolari (https://titolari.cartasi.it) e ci scriva attraverso ‘Lo sportello del Cliente’: e’ il modo piu’ semplice per ottenere una rapida risposta dai nostri operatori.
Grazie della collaborazione.
SECONDA COMUNICAZIONE INGANNEVOLE PROVENIENTE DA TERZI, PER IMPOSSESSARSI DEI VOSTRI CODICI DI ACCESSO AL CONTO…..
Caro CartaSi cliente,
Abbiamo identificato da poco tempo che diversi computer si sono stati collegati al Suo conto Online Banking e sono stati presenti molteplici errori di parola prima del collegamento. Adesso e’ necessario che Lei ci riconfermi le informazioni del Suo presente conto.
Se non riceviamo le informazioni entro il 27 augosto , saremo costretti a sospendere il Suo conto per un periodo indefinito, come se fosse stato usato in scopi fraudolenti. La ringraziamo per la Sua cooperazione in questo problema.
Per confirmare i dati del Suo conto Online Banking cliccare sul seguente link:
https://titolari.cartasi.it/portal/server.pt
La ringraziamo per la Sua pazienza riguardando questo inconveniente.
Copyright © 2008 CartaSi S.p.A. – P.IVA 04107060966
Per assistenza tecnica: numero verde 803.160 (segui le istruzioni della guida vocale e scegli l’opzione Servizi Internet) .
Copyright © 2008 CartaSi S.p.A. – P.IVA 04107060966.
Vulnerabilita’ multiple in Microsoft Office
Descrizione del problema
Sono state riscontrate vulnerabilita’ multiple in Microsoft Office che
potrebbero essere sfruttata per compromettere un sistema che ne sia affetto.
Queste vulnerabilita’ sono causate da errori di corruzione della memoria
durante l’elaborazione di file EPS (Encapsulated PostScript), o immagini PICT,
BMP o WPG (WordPerfect Graphics) appositamente predisposti, e potrebbero
essere sfruttate per arrestare un’applicazione che ne sia affetta o eseguire
codice arbitrario inducendo l’utente ad aprire file Office malevoli.
:: Piattaforme e software interessati
– – Microsoft Office 2000
– – Microsoft Office 2003 Professional Edition
– – Microsoft Office 2003 Small Business Edition
– – Microsoft Office 2003 Standard Edition
– – Microsoft Office 2003 Student and Teacher Edition
– – Microsoft Office File Converter Pack
– – Microsoft Office XP
– – Microsoft Project 2002
– – Microsoft Works 8.x
:: Impatto
– – Esecuzione remota di codice arbitrario
:: Soluzioni
Applicare le patch
Microsoft Office 2000 SP3:
http://www.microsoft.com
Microsoft Office XP SP3:
http://www.microsoft.com
Microsoft Office 2003 SP2 (SP3 non e’ affetto):
http://www.microsoft.com
Microsoft Office Project 2002 SP1:
http://www.microsoft.com
Microsoft Office Converter Pack:
http://www.microsoft.com
Microsoft Works 8:
http://www.microsoft.com
:: Riferimenti
Microsoft:
http://www.microsoft.com
FrSirt:
http://www.frsirt.com
Secunia:
http://secunia.com/advisories/31336/
CVE Mitre:
CVE-2008-3018
CVE-2008-3019
CVE-2008-3020
CVE-2008-3021
CVE-2008-3460