<![CDATA[ZDI: Published Advisories]]> http://www.zerodayinitiative.com/advisories/published/ Mon Sep 26 04:08:41 2016 +0000 zdi@hp.com (Author) Tippingpoint, all rights reserved ZDI Bird Feeder en http://blogs.law.harvard.edu/tech/rss <![CDATA[ZDI-16-526: (0Day) Google Chrome Protocol Handler Logic Error Restrictions Bypass Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/64RqwyCSjMQ/ This vulnerability allows remote attackers to bypass restrictions on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/64RqwyCSjMQ" height="1" width="1" alt=""/> Wed, 21 Sep 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-526/ <![CDATA[ZDI-16-525: (0Day) Fatek Automation PM Designer Heap Memory Corruption Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/aRUeH-b2JfA/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation PM Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/aRUeH-b2JfA" height="1" width="1" alt=""/> Wed, 21 Sep 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-525/ <![CDATA[ZDI-16-524: Google Chrome Logic Error Safe Browsing Bypass Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Q2uaGw1Q_Dc/ This vulnerability allows remote attackers to bypass restrictions on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/Q2uaGw1Q_Dc" height="1" width="1" alt=""/> Wed, 21 Sep 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-524/ <![CDATA[ZDI-16-523: Hewlett Packard Enterprise Network Automation RMI Registry Deserialization of Untrusted Data Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/CrELK9eMyEg/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/CrELK9eMyEg" height="1" width="1" alt=""/> Wed, 21 Sep 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-523/ <![CDATA[ZDI-16-522: Apple OS X IOThunderboltFamily Uninitialized Memory Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/bpYhAfC8P3s/ This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/bpYhAfC8P3s" height="1" width="1" alt=""/> Tue, 20 Sep 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-522/ <![CDATA[ZDI-16-521: Apple OS X AppleHSSPIHIDDriver Buffer Overflow Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/mZKHr8ky1Lc/ This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/mZKHr8ky1Lc" height="1" width="1" alt=""/> Tue, 20 Sep 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-521/ <![CDATA[ZDI-16-520: Apple OS X AppleUpstreamUserClient Out-Of-Bounds Access Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/JOycd1slVFI/ This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/JOycd1slVFI" height="1" width="1" alt=""/> Tue, 20 Sep 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-520/ <![CDATA[ZDI-16-519: Apple OS X AudioAUUC Integer Overflow Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Tk7LBY2PrKM/ This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/Tk7LBY2PrKM" height="1" width="1" alt=""/> Tue, 20 Sep 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-519/ <![CDATA[ZDI-16-518: Rockwell Automation RSLogix Micro Starter Lite Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Spq5pVj4m-g/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rockwell Automation RSLogix Micro Starter Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/Spq5pVj4m-g" height="1" width="1" alt=""/> Mon, 19 Sep 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-518/ <![CDATA[ZDI-16-517: AlienVault Unified Security Management Remote Authentication Bypass Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/3pxqUE1AtHg/ This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of AlienVault Unified Security Manager. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/3pxqUE1AtHg" height="1" width="1" alt=""/> Mon, 19 Sep 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-517/