BugTraq Mode:
(Page 11 of 1713)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >
CVE-2017-5350: Unexpected SystemUI FC driven by arbitrary application 2017-01-12
unlimitsec gmail com
Description of the potential vulnerability:Lack of appropriate exception handling in some applications allows attackers to make a systemUI crash easily resulting in a possible DoS attack
Affected versions: L(5.0/5.1), M(6.0), and N(7.0)
Disclosure status: Privately disclosed.
The patch prevents sys

[ more ]  [ reply ]
[slackware-security] bind (SSA:2017-011-01) 2017-01-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2017-011-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[slackware-security] gnutls (SSA:2017-011-02) 2017-01-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnutls (SSA:2017-011-02)

New gnutls packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packag

[ more ]  [ reply ]
CA20170109-01: Security Notice for CA Service Desk Manager 2017-01-12
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20170109-01: Security Notice for CA Service Desk Manager

Issued: January 10, 2017
Last Updated: January 10, 2017

CA Technologies support is alerting customers to a potential risk
with CA Service Desk Manager. A vulnerability exists in RESTful
web

[ more ]  [ reply ]
[SECURITY] [DSA 3758-1] bind9 security update 2017-01-11
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3758-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
January 11, 2017

[ more ]  [ reply ]
Multiple Vulnerabilities in cPanel 2017-01-11
Open Security (open opensecurity ca)
===[ Introduction ]===

cPanel offers web hosting software that automates the intricate workings
of web hosting servers.
cPanel equips server administrators with the necessary tools to provide
top-notch hosting to customers on tens of thousands of servers worldwide.

===[ Description ]===

I) Cross

[ more ]  [ reply ]
IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced 2017-01-11
Andrea Barisani (andrea inversepath com)

The following issue has been reported to Siemens ProductCERT in relation to
Siemens Security Advisory SSA-603476, published on 2016-11-21.

The issue has been treated with lower priority and treated outside the scope
of SSA-603476 due to its lower security impact.

As the finding is now addressed [

[ more ]  [ reply ]
[SECURITY] [DSA 3757-1] icedove security update 2017-01-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3757-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 11, 2017

[ more ]  [ reply ]
Re: [oss-security] Docker 1.12.6 - Security Advisory 2017-01-11
Andreas Stieger (astieger suse com)

On 01/11/2017 03:29 AM, Kurt Seifried wrote:
> On Tue, Jan 10, 2017 at 6:58 PM, Nathan McCauley <nathan.mccauley (at) docker (dot) com [email concealed]
>> [CVE-2016-9962] Insecure opening of file-descriptor allows privilege
>> escalation
>>
>> [...]
>> Credit for this discovery goes to Aleksa Sarai from SUSE and Tõnis Tiigi

[ more ]  [ reply ]
Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability 2017-01-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2028

Release Date:
=============
2017-01-10

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
Bit Defender #39 - Auth Token Bypass Vulnerability 2017-01-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Bit Defender #39 - Auth Token Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1683

Release Date:
=============
2017-01-09

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]
BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability 2017-01-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1901

Release Date:
=============
2017-01-10

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability 2017-01-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1900

Release Date:
=============
2017-01-09

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:01.openssh 2017-01-11
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:01.openssh Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2017-01-10
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

EMC Identifier: ESA-2016-096

CVE Identifier: CVE-2016-0917

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affec

[ more ]  [ reply ]
Directadmin ControlPanel 1.50.1 denial of service Vulnerability 2017-01-10
iedb team gmail com
DirectAdmin Control Panel version 1.50.1 suffers from a denial of service vulnerability.

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@

[ more ]  [ reply ]
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2017-01-10
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

EMC Identifier: ESA-2016-096

CVE Identifier: CVE-2016-0917

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affec

[ more ]  [ reply ]
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2017-01-10
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

EMC Identifier: ESA-2016-096

CVE Identifier: CVE-2016-0917

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affec

[ more ]  [ reply ]
Directadmin ControlPanel 1.50.1 Cross-Site-Scripting Vulnerability 2017-01-10
iedb team gmail com
DirectAdmin Control Panel version 1.50.1 suffers from a cross site scripting vulnerability.

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@

[ more ]  [ reply ]
QuickBooks 2017 Admin Credentials Disclosure 2017-01-06
info thegrideon com
+ Credits: Maxim Tomashevich
+ Website: https://www.thegrideon.com/quickbooks-forensics.html
+ Details: https://www.thegrideon.com/qb-internals-2017.html

Vendor:
---------------------
www.intuit.com
www.intuit.ca

Product:
---------------------
QuickBooks Desktop
versions: 2017

Vulnerability Ty

[ more ]  [ reply ]
[SECURITY] [DSA 3753-1] libvncserver security update 2017-01-05
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3753-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 05, 2017

[ more ]  [ reply ]
[SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure 2017-01-05
Mark Thomas (markt apache org)
CVE-2016-8745 Apache Tomcat Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M13
Apache Tomcat 8.5.0 to 8.5.8
Apache Tomcat 8.0.0.RC1 to 8.0.39 (new)
Apache Tomcat 7.0.0 to 7.0.73 (new)
Apache Tomcat 6.0.16 to 6.0

[ more ]  [ reply ]
ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities 2017-01-05
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities

EMC Identifier: ESA-2016-157

CVE Identifier: CVE-2016-9867, CVE-2016-9868, CVE-2016-9869

Severity Rating: CVSS v3Base Score: See below for individual scores

Affected products:

EMC Scale

[ more ]  [ reply ]
[security bulletin] HPSBGN03688 rev.1 - HPE Operations Orchestration, Remote Code Execution 2017-01-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053619
44

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05361944

Version: 1

HPSBGN03688 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 3750-2] libphp-phpmailer regression update 2017-01-03
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3750-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
January 3, 2017

[ more ]  [ reply ]
0-day: QNAP NAS Devices suffer of heap overflow 2016-12-31
bashis (mcw noemail eu)
Greetings,

Twice I tried to use the QNAP Web page (https://aid.qnap.com/event/_module/nas/safe_report/) for reporting vulnerability, and twice I got mailer-daemon back.

So, Iâ??ll post my vulnerabilities here instead (Was not meant to be 0-dayâ?¦ whatever).

Have a nice day (and happy new ye

[ more ]  [ reply ]
[SECURITY] [DSA 3750-1] libphp-phpmailer security update 2016-12-31
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3750-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
December 31, 2016

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2016-365-03) 2016-12-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2016-365-03)

New seamonkey packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packag

[ more ]  [ reply ]
Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability 2016-12-31
Pedro Santos (pedrosans gmail com)
Forwarding the message em plain text mode to:

- be accepted by securityfocus's mail server ( didn't accepted MIME
Content-Type 'multipart/alternative' )
- add oss-security (at) lists.openwall (dot) com [email concealed] at the open receiver ( openwall
is not accepting emails if in BCC)
- adding missing Apache's security team (

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-365-02) 2016-12-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-365-02)

New mozilla-thunderbird packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+----------------------

[ more ]  [ reply ]
(Page 11 of 1713)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus