BugTraq Mode:
(Page 1 of 1719)  1 2 3 4 5 6 7 8 9 10 11  Next >
[security bulletin] HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Local Denial of Service (DoS) 2017-07-20
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03766en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03766en_us

Version: 1

HP

[ more ]  [ reply ]
File Upload in Integration Gateway (PSIGW) 2017-07-20
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION
Title: File Upload in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-039]
Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-integration-ga
teway-psigw-peoplesoft/
Risk: High
Date published: 18.07.2017
Vendor contacted: Oracle

2. VULNERABILITY INFO

[ more ]  [ reply ]
Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft) 2017-07-20
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION
Title: Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)
Advisory ID: [ERPSCAN-17-037]
Advisory URL: https://erpscan.com/advisories/erpscan-17-037-multiple-xss-vulnerabiliti
es-testservlet-peoplesoft/
Risk: Medium
Date published: 18.07.2017
Vendor contac

[ more ]  [ reply ]
Directory Traversal vulnerability in Integration Gateway (PSIGW) 2017-07-20
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION
Title: Directory Traversal vulnerability in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-038]
Advisory URL: https://erpscan.com/advisories/erpscan-17-038-directory-traversal-vulner
ability-integration-gateway-psigw/
Risk: High
Date published: 18.07.2017
Vendor contact

[ more ]  [ reply ]
APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2

iCloud for Windows 6.2.2 is now available and addresses the
following:

libxml2
Available for: Windows 7 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user infor

[ more ]  [ reply ]
APPLE-SA-2017-07-19-5 Safari 10.1.2 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-5 Safari 10.1.2

Safari 10.1.2 is now available and addresses the following:

Safari
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may le

[ more ]  [ reply ]
APPLE-SA-2017-07-19-2 macOS 10.12.6 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-2 macOS 10.12.6

macOS 10.12.6 is now available and addresses the following:

afclip
Available for: macOS Sierra 10.12.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memor

[ more ]  [ reply ]
APPLE-SA-2017-07-19-3 watchOS 3.2.2 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-3 watchOS 3.2.2

watchOS 3.2.2 is now available and addresses the following:

Contacts
Available for: All Apple Watch models
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execu

[ more ]  [ reply ]
APPLE-SA-2017-07-19-1 iOS 10.3.3 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-1 iOS 10.3.3

iOS 10.3.3 is now available and addresses the following:

Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A remote attacker may be able to cause unexpe

[ more ]  [ reply ]
APPLE-SA-2017-07-19-6 iTunes 12.6.2 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-6 iTunes 12.6.2

iTunes 12.6.2 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An access iss

[ more ]  [ reply ]
APPLE-SA-2017-07-19-4 tvOS 10.2.2 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-4 tvOS 10.2.2

tvOS 10.2.2 is now available and addresses the following:

Contacts
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execut

[ more ]  [ reply ]
[SECURITY] [DSA 3914-1] imagemagick security update 2017-07-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3914-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 18, 2017

[ more ]  [ reply ]
[CVE-2017-7728] - Authentication Bypass allows alarm's commands execution in iSmartAlarm 2017-07-13
ilia shnaidman bullguard com
[+] Credits: Ilia Shnaidman
[+] @0x496c on Twitter
[+] Source:
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-i
s-compromised-by-iot-vulnerabilities/


Vendor:
=============
iSmartAlarm, inc.


Product:
===========================
iSmartAlarm cube - All

iSmartAlarm is on

[ more ]  [ reply ]
CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload 2017-07-13
Maxim Solodovnik (solomax apache org)
Severity: Low

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.0.0

Description: Apache OpenMeetings doesn't check contents of files being
uploaded. An attacker can cause a denial of service by uploading
multiple large files to the server
CVE-2017-7684

The issue was

[ more ]  [ reply ]
CVE-2017-7663 - Apache OpenMeetings - XSS in chat 2017-07-13
Maxim Solodovnik (solomax apache org)
Severity: High

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.2.0

Description: Both global and Room chat are vulnerable to XSS attack
CVE-2017-7663

The issue was fixed in 3.3.0
All users are recommended to upgrade to Apache OpenMeetings 3.3.0

Credit: This issue

[ more ]  [ reply ]
CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update 2017-07-13
Maxim Solodovnik (solomax apache org)
Severity: Low

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.0.0

Description: Apache OpenMeetings updates user password in insecure manner.
CVE-2017-7688

The issue was fixed in 3.3.0
All users are recommended to upgrade to Apache OpenMeetings 3.3.0

Credit: This

[ more ]  [ reply ]
CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation 2017-07-13
Maxim Solodovnik (solomax666 gmail com)
Severity: High

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.1.0

Description: Uploaded XML documents were not correctly validated
CVE-2017-7664

The issue was fixed in 3.3.0
All users are recommended to upgrade to Apache OpenMeetings 3.3.0

Credit: This issue was

[ more ]  [ reply ]
CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest 2017-07-13
William A Rowe Jr (wrowe apache org)
CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
all versions through 2.2.33 and 2.4.26

Description:
The value placeholder in [Proxy-]Authorization headers
of type 'Digest' was not initialized or reset

[ more ]  [ reply ]
CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2 2017-07-13
William A Rowe Jr (wrowe apache org)
CVE-2017-9789: Read after free in mod_http2.c

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.26

Description:
When under stress, closing many connections, the HTTP/2
handling code would sometimes access memory after it has
been freed, resulting in potentia

[ more ]  [ reply ]
[SECURITY] [DSA 3908-1] nginx security update 2017-07-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3908-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 12, 2017

[ more ]  [ reply ]
SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products 2017-07-12
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170712-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: AGFEO Smart Home ES 5xx
AGFEO Smart Home ES 6xx
vulnerable version:

[ more ]  [ reply ]
[CVE request]linux kernel xfrm migrate out-of-bound access 2017-07-11
bo Zhang (zhangbo5891001 gmail com)
Issue description:

xfrm migrate is a mechanism of kernel ipsec xfrm framework.

When dealing with XFRM_MSG_MIGRATE message, xfrm_migrate func does not
check dir value of xfrm_userpolicy_id.
This will cause out of bound access to net->xfrm.policy_bydst in
policy_hash_direct func and others when dir

[ more ]  [ reply ]
[RT-SA-2017-011] Remote Command Execution in PDNS Manager 2017-07-11
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Remote Command Execution in PDNS Manager

RedTeam Pentesting discovered that PDNS Manager is vulnerable to a
remote command execution vulnerability, if for any reason the
configuration file config/config-user.php does not exist.

Details
=======

Product: PDNS Manager
Affected Versions: G

[ more ]  [ reply ]
CVE-2017-4918: Code Injection in VMware Horizonâ??s macOS Client 2017-07-10
Florian Bogner (florian bogner sh)
CVE-2017-4918: Code Injection in VMware Horizonâ??s macOS Client

Metadata
===================================================
Release Date: 10-July-2017
Author: Florian Bogner // https://bogner.sh
Affected product: VMware Horizonâ??s macOS Client
Fixed in: Version 4.5
Tested on: OS X El Capitan 10.

[ more ]  [ reply ]
[security bulletin] HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution 2017-07-10
HPE Product Security Response Team (security-alert hpe com)


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03763en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03763en_us

Version: 1

[ more ]  [ reply ]
[security bulletin] HPESBGN03762 rev.1 - HPE Network Node Manager i (NNMi) Software, Remote Bypass Security Restrictions, Cross-Site Scripting (XSS), URL Redirection 2017-07-10
HPE Product Security Response Team (security-alert hpe com)


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03762en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03762en_us

Version: 1

[ more ]  [ reply ]
[security bulletin] HPESBHF03745 rev.2 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2017-07-10
HPE Product Security Response Team (security-alert hpe com)


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03745en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03745en_us

Version: 2

[ more ]  [ reply ]
[security bulletin] HPESBNS03755 rev.1 - HPE NonStop Server using Samba, Multiple Remote Vulnerabilities 2017-07-10
HPE Product Security Response Team (security-alert hpe com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns
03755en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbns03755en_us

Version: 1

[ more ]  [ reply ]
CVE-2017-5640 Apache Impala (incubating) Information Disclosure 2017-07-10
Sailesh Mukil (sailesh apache org)
CVE-2017-5640 Apache Impala (incubating) Information Disclosure

Severity: High

Versions Affected:
Apache Impala (incubating) 2.7.0 to 2.8.0

Description:
It was noticed that a malicious process impersonating an Impala daemon
could cause Impala daemons to skip authentication checks when Kerberos
is

[ more ]  [ reply ]
[SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure 2017-07-10
Sailesh Mukil (sailesh apache org)
CVE-2017-5652 Apache Impala (incubating) Information Disclosure

Severity: High

Versions Affected:
Apache Impala (incubating) 2.7.0 to 2.8.0

Description:
During a routine security analysis, it was found that one of the ports
sent data in plaintext even when the cluster was configured to use
TLS. T

[ more ]  [ reply ]
(Page 1 of 1719)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus