BugTraq Mode:
(Page 7 of 1709)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
Microsoft Remote Desktop Client for Mac Remote Code Execution - Update 2017-01-23
Filippo Cavallarin (filippo cavallarin wearesegment com)

Advisory ID: SGMA16-004
Title: Microsoft Remote Desktop Client for Mac Remote Code Execution
Product: Microsoft Remote Desktop Client for Mac
Version: 8.0.36 and probably prior
Vendor: www.microsoft.com
Type: Arbi

[ more ]  [ reply ]
[SECURITY] [DSA 3770-1] mariadb-10.0 security update 2017-01-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3770-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 22, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3769-1] libphp-swiftmailer security update 2017-01-22
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3769-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 22, 2017

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution 2017-01-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers of "Pelle's C",
<http://smorgasbordet.com/pellesc/800/setup64.exe> and,
<http://smorgasbordet.com/pellesc/800/setup.exe>, available
from <http://smorgasbordet.com/pellesc/index.htm>, are vulnerable
to DLL hijacking: they load (tested on Windows 7) at least the
foll

[ more ]  [ reply ]
NTOPNG Web Interface v2.4 CSRF Token Bypass 2017-01-21
apparitionsec gmail com (hyp3rlinx)
[+]#####################################################################
################
[+] Credits / Discovery: John Page AKA Hyp3rlinX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/NTOPNG-CSRF-TOKEN-BYPASS.txt
[+] ISR: ApparitionSEC
[+]############

[ more ]  [ reply ]
[SECURITY] [DSA 3767-1] mysql-5.5 security update 2017-01-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3767-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 19, 2017

[ more ]  [ reply ]
Novel Contributions to the field - How I broke MySQL's code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day 2017-01-19
Nicholas Lemonias. (lem nikolas googlemail com)
************************************************************************
************
*
*
* Copyright (c) 2017, Advanced Information Security Corp / Oracle Inc. *
*
*
*

[ more ]  [ reply ]
Novel Contributions to the Field - How I broke MySQL's codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day 2017-01-18
lem nikolas gmail com
**************************************************
(c) 2017 Advanced Information Security Corporation and Oracle Inc.

**************************************************

Author: Nicholas Lemonias
Date: 17/01/2017

MySQL Remote 0day / Remote Buffer Overflows in 'NDBAPI' Cluster

Full report

[ more ]  [ reply ]
[RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection 2017-01-18
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Mattermost
Vendor URL: www.mattermost.org
Type: Cross-site Scripting [CWE-79]
Date found: 02/12/2016
Date published: 16/01/2017
CVSSv3 Score: 4.7 (CVSS:3.0/AV:N/AC:

[ more ]  [ reply ]
[security bulletin] HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities 2017-01-18
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053769
17

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05376917

Version: 1

HPSBMU03685 rev.1

[ more ]  [ reply ]
ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability 2017-01-18
EMC Product Security Response Center (Security_Alert emc com)

----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability

EMC Identifier: ESA-2016-161

CVE Identifier: CVE-2016-9870

Severity Rating: CVSS v3 Base Score: 6.0 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

Affected products:

? EMC Isilon

[ more ]  [ reply ]
ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability 2017-01-18
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2016-143

CVE Identifier: CVE-2016-8213

Severity Rating: CVSS v3 Base Score: 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)

Affected p

[ more ]  [ reply ]
[SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue 2017-01-16
Joe Witt (joewitt apache org)
CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
Apache NiFi 1.0.0
Apache NiFi 1.1.0

Description: There is a cross-site scripting vulnerability in
connection details dialog when accessed by an

[ more ]  [ reply ]
[SECURITY] [DSA 3765-1] icoutils security update 2017-01-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3765-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 14, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3743-2] python-bottle regression update 2017-01-15
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3743-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 15, 2017

[ more ]  [ reply ]
[security bulletin] HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click Jacking 2017-01-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053701
00

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05370100

Version: 1

HPSBGN03689 rev.1

[ more ]  [ reply ]
[security bulletin] HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities 2017-01-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053332
97

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05333297

Version: 2

HPSBST03671 rev.2

[ more ]  [ reply ]
[SECURITY] [DSA 3764-1] pdns security update 2017-01-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3764-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2017

[ more ]  [ reply ]
[security bulletin] HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information 2017-01-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053694
03

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05369403

Version: 1

HPSBGN03694 rev.1

[ more ]  [ reply ]
ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers) 2017-01-12
Fernando Gont (fgont si6networks com)
Folks,

I'm curious about whether folks are filtering ICMPv6 PTB<1280
and/or IPv6 fragments targeted to BGP routers (off-list datapoints are
welcome).

In any case, you mind find it worth reading to check if you're affected
(from Section 2 of recently-published RFC8021):

---- cut here ----
The s

[ more ]  [ reply ]
[SECURITY] [DSA 3760-1] ikiwiki security update 2017-01-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3760-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 12, 2017

[ more ]  [ reply ]
CVE-2017-5350: Unexpected SystemUI FC driven by arbitrary application 2017-01-12
unlimitsec gmail com
Description of the potential vulnerability:Lack of appropriate exception handling in some applications allows attackers to make a systemUI crash easily resulting in a possible DoS attack
Affected versions: L(5.0/5.1), M(6.0), and N(7.0)
Disclosure status: Privately disclosed.
The patch prevents sys

[ more ]  [ reply ]
[slackware-security] bind (SSA:2017-011-01) 2017-01-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2017-011-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[slackware-security] gnutls (SSA:2017-011-02) 2017-01-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnutls (SSA:2017-011-02)

New gnutls packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packag

[ more ]  [ reply ]
CA20170109-01: Security Notice for CA Service Desk Manager 2017-01-12
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20170109-01: Security Notice for CA Service Desk Manager

Issued: January 10, 2017
Last Updated: January 10, 2017

CA Technologies support is alerting customers to a potential risk
with CA Service Desk Manager. A vulnerability exists in RESTful
web

[ more ]  [ reply ]
[SECURITY] [DSA 3758-1] bind9 security update 2017-01-11
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3758-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
January 11, 2017

[ more ]  [ reply ]
Multiple Vulnerabilities in cPanel 2017-01-11
Open Security (open opensecurity ca)
===[ Introduction ]===

cPanel offers web hosting software that automates the intricate workings
of web hosting servers.
cPanel equips server administrators with the necessary tools to provide
top-notch hosting to customers on tens of thousands of servers worldwide.

===[ Description ]===

I) Cross

[ more ]  [ reply ]
IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced 2017-01-11
Andrea Barisani (andrea inversepath com)

The following issue has been reported to Siemens ProductCERT in relation to
Siemens Security Advisory SSA-603476, published on 2016-11-21.

The issue has been treated with lower priority and treated outside the scope
of SSA-603476 due to its lower security impact.

As the finding is now addressed [

[ more ]  [ reply ]
[SECURITY] [DSA 3757-1] icedove security update 2017-01-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3757-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 11, 2017

[ more ]  [ reply ]
Re: [oss-security] Docker 1.12.6 - Security Advisory 2017-01-11
Andreas Stieger (astieger suse com)

On 01/11/2017 03:29 AM, Kurt Seifried wrote:
> On Tue, Jan 10, 2017 at 6:58 PM, Nathan McCauley <nathan.mccauley (at) docker (dot) com [email concealed]
>> [CVE-2016-9962] Insecure opening of file-descriptor allows privilege
>> escalation
>>
>> [...]
>> Credit for this discovery goes to Aleksa Sarai from SUSE and Tõnis Tiigi

[ more ]  [ reply ]
(Page 7 of 1709)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus