Monthly Archive: January 2017

Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. Date published :...

The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object....

The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object....

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods. Date published : 2017-01-18 http://www.securityfocus.com/bid/95929 http://svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/java/org/apache/directory/groovyldap/LDAP.java?r1=1765362&r2=1765361&pathrev=1765362&view=patch

Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. Date published : 2017-01-18 http://www.securityfocus.com/bid/95288 https://www.exploit-db.com/exploits/40989/

The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. Date published : 2017-01-18 http://www.securityfocus.com/bid/95928 https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477. Date published : 2017-01-18 http://www.securityfocus.com/bid/95922 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703. Date published : 2017-01-18 http://www.securityfocus.com/bid/95921 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0

Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. Date published : 2017-01-18 http://www.securityfocus.com/bid/95917 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0

Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029. Date published : 2017-01-18 http://www.securityfocus.com/bid/95918 https://forums.zimbra.org/viewtopic.php?f=8&t=59816

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996. Date published : 2017-01-18 http://www.securityfocus.com/bid/95895 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791. Date published :...

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609. Date published : 2017-01-18 http://www.securityfocus.com/bid/95901 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839. Date published :...