BugTraq Mode:
(Page 3 of 1721)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
APPLE-SA-2017-07-19-1 iOS 10.3.3 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-1 iOS 10.3.3

iOS 10.3.3 is now available and addresses the following:

Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A remote attacker may be able to cause unexpe

[ more ]  [ reply ]
APPLE-SA-2017-07-19-6 iTunes 12.6.2 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-6 iTunes 12.6.2

iTunes 12.6.2 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An access iss

[ more ]  [ reply ]
APPLE-SA-2017-07-19-4 tvOS 10.2.2 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-4 tvOS 10.2.2

tvOS 10.2.2 is now available and addresses the following:

Contacts
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execut

[ more ]  [ reply ]
[SECURITY] [DSA 3914-1] imagemagick security update 2017-07-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3914-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 18, 2017

[ more ]  [ reply ]
[CVE-2017-7728] - Authentication Bypass allows alarm's commands execution in iSmartAlarm 2017-07-13
ilia shnaidman bullguard com
[+] Credits: Ilia Shnaidman
[+] @0x496c on Twitter
[+] Source:
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-i
s-compromised-by-iot-vulnerabilities/


Vendor:
=============
iSmartAlarm, inc.


Product:
===========================
iSmartAlarm cube - All

iSmartAlarm is on

[ more ]  [ reply ]
CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload 2017-07-13
Maxim Solodovnik (solomax apache org)
Severity: Low

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.0.0

Description: Apache OpenMeetings doesn't check contents of files being
uploaded. An attacker can cause a denial of service by uploading
multiple large files to the server
CVE-2017-7684

The issue was

[ more ]  [ reply ]
CVE-2017-7663 - Apache OpenMeetings - XSS in chat 2017-07-13
Maxim Solodovnik (solomax apache org)
Severity: High

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.2.0

Description: Both global and Room chat are vulnerable to XSS attack
CVE-2017-7663

The issue was fixed in 3.3.0
All users are recommended to upgrade to Apache OpenMeetings 3.3.0

Credit: This issue

[ more ]  [ reply ]
CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update 2017-07-13
Maxim Solodovnik (solomax apache org)
Severity: Low

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.0.0

Description: Apache OpenMeetings updates user password in insecure manner.
CVE-2017-7688

The issue was fixed in 3.3.0
All users are recommended to upgrade to Apache OpenMeetings 3.3.0

Credit: This

[ more ]  [ reply ]
CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation 2017-07-13
Maxim Solodovnik (solomax666 gmail com)
Severity: High

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.1.0

Description: Uploaded XML documents were not correctly validated
CVE-2017-7664

The issue was fixed in 3.3.0
All users are recommended to upgrade to Apache OpenMeetings 3.3.0

Credit: This issue was

[ more ]  [ reply ]
CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest 2017-07-13
William A Rowe Jr (wrowe apache org)
CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
all versions through 2.2.33 and 2.4.26

Description:
The value placeholder in [Proxy-]Authorization headers
of type 'Digest' was not initialized or reset

[ more ]  [ reply ]
CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2 2017-07-13
William A Rowe Jr (wrowe apache org)
CVE-2017-9789: Read after free in mod_http2.c

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.26

Description:
When under stress, closing many connections, the HTTP/2
handling code would sometimes access memory after it has
been freed, resulting in potentia

[ more ]  [ reply ]
[SECURITY] [DSA 3908-1] nginx security update 2017-07-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3908-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 12, 2017

[ more ]  [ reply ]
SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products 2017-07-12
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170712-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: AGFEO Smart Home ES 5xx
AGFEO Smart Home ES 6xx
vulnerable version:

[ more ]  [ reply ]
[CVE request]linux kernel xfrm migrate out-of-bound access 2017-07-11
bo Zhang (zhangbo5891001 gmail com)
Issue description:

xfrm migrate is a mechanism of kernel ipsec xfrm framework.

When dealing with XFRM_MSG_MIGRATE message, xfrm_migrate func does not
check dir value of xfrm_userpolicy_id.
This will cause out of bound access to net->xfrm.policy_bydst in
policy_hash_direct func and others when dir

[ more ]  [ reply ]
[RT-SA-2017-011] Remote Command Execution in PDNS Manager 2017-07-11
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Remote Command Execution in PDNS Manager

RedTeam Pentesting discovered that PDNS Manager is vulnerable to a
remote command execution vulnerability, if for any reason the
configuration file config/config-user.php does not exist.

Details
=======

Product: PDNS Manager
Affected Versions: G

[ more ]  [ reply ]
CVE-2017-4918: Code Injection in VMware Horizonâ??s macOS Client 2017-07-10
Florian Bogner (florian bogner sh)
CVE-2017-4918: Code Injection in VMware Horizonâ??s macOS Client

Metadata
===================================================
Release Date: 10-July-2017
Author: Florian Bogner // https://bogner.sh
Affected product: VMware Horizonâ??s macOS Client
Fixed in: Version 4.5
Tested on: OS X El Capitan 10.

[ more ]  [ reply ]
[security bulletin] HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution 2017-07-10
HPE Product Security Response Team (security-alert hpe com)


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03763en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03763en_us

Version: 1

[ more ]  [ reply ]
[security bulletin] HPESBGN03762 rev.1 - HPE Network Node Manager i (NNMi) Software, Remote Bypass Security Restrictions, Cross-Site Scripting (XSS), URL Redirection 2017-07-10
HPE Product Security Response Team (security-alert hpe com)


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03762en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03762en_us

Version: 1

[ more ]  [ reply ]
[security bulletin] HPESBHF03745 rev.2 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2017-07-10
HPE Product Security Response Team (security-alert hpe com)


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03745en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03745en_us

Version: 2

[ more ]  [ reply ]
[security bulletin] HPESBNS03755 rev.1 - HPE NonStop Server using Samba, Multiple Remote Vulnerabilities 2017-07-10
HPE Product Security Response Team (security-alert hpe com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns
03755en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbns03755en_us

Version: 1

[ more ]  [ reply ]
CVE-2017-5640 Apache Impala (incubating) Information Disclosure 2017-07-10
Sailesh Mukil (sailesh apache org)
CVE-2017-5640 Apache Impala (incubating) Information Disclosure

Severity: High

Versions Affected:
Apache Impala (incubating) 2.7.0 to 2.8.0

Description:
It was noticed that a malicious process impersonating an Impala daemon
could cause Impala daemons to skip authentication checks when Kerberos
is

[ more ]  [ reply ]
[SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure 2017-07-10
Sailesh Mukil (sailesh apache org)
CVE-2017-5652 Apache Impala (incubating) Information Disclosure

Severity: High

Versions Affected:
Apache Impala (incubating) 2.7.0 to 2.8.0

Description:
During a routine security analysis, it was found that one of the ports
sent data in plaintext even when the cluster was configured to use
TLS. T

[ more ]  [ reply ]
ToorCon 19 Call For Papers Closing This Week! 2017-07-10
h1kari toorcon org
TOORCON 19 CALL FOR PAPERS CLOSING THIS WEEK!

It's that time of year again! ToorCon 19 is coming so get your code finished and submit a talk this time around. This year's event has been pushed earlier in the year to the end of August, so make sure to save the new dates on your calendar. We're letti

[ more ]  [ reply ]
[slackware-security] irssi (SSA:2017-190-01) 2017-07-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] irssi (SSA:2017-190-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[SECURITY] [DSA 3905-1] xorg-server security update 2017-07-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3905-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 09, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3904-1] bind9 security update 2017-07-08
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3904-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
July 08, 2017

[ more ]  [ reply ]
[slackware-security] php (SSA:2017-188-01) 2017-07-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2017-188-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
CVE-2017-10974 Yaws Web Server v1.91 Unauthenticated Remote File Disclosure 2017-07-08
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHE
NTICATED-REMOTE-FILE-DISCLOSURE.txt
[+] ISR: ApparitionSec

Vendor:
==========
yaws.hyber.org

Product:
===========
Yaws v

[ more ]  [ reply ]
[ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr 2017-07-07
Shalin Shekhar Mangar (shalin apache org)
CVE-2017-7660: Security Vulnerability in secure inter-node
communication in Apache Solr

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Solr 5.3 to 5.5.4
Solr 6.0 to 6.5.1

Description:

Solr uses a PKI based mechanism to secure inter-node communication
when security

[ more ]  [ reply ]
[SYSS-2017-011] Office 365: Insufficient Session Expiration (CWE-613) 2017-07-07
Micha Borrmann (micha borrmann syss de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Advisory ID: SYSS-2017-011
Product: Office 365 (Sharepoint)
Manufacturer: Microsoft
Affected Version(s): ?
Tested Version(s): Office 365 Enterprise E3 (version from February 2017)
Vulnerability Type: Insufficient Session Expiration (CWE-613)
Risk Leve

[ more ]  [ reply ]
(Page 3 of 1721)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus