BugTraq Mode:
(Page 10 of 1723)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
May 2017 - SourceTree - Critical Security Advisory 2017-05-22
Atlassian (security atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/jW2xNQ .

CVE ID:

* CVE-2017-8768.

Product: SourceTree.

Affected SourceTree product versions:

* SourceTree for Mac 1.4.0 <= version < 2.5.1
* SourceTree for Windows 0.8

[ more ]  [ reply ]
CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal 2017-05-20
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY
-TRAVERSAL.txt
[+] ISR: ApparitionSec

Vendor:
====================
www.secure-bytes.com

Product:
=====================
S

[ more ]  [ reply ]
[SECURITY] [DSA 3858-1] openjdk-7 security update 2017-05-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3858-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 19, 2017

[ more ]  [ reply ]
[SECURITY] CVE-2017-5657: Apache Archiva CSRF vulnerability for REST endpoints 2017-05-19
Martin (martin_s apache org)
CVE-2017-5657: Apache Archiva CSRF vulnerabilities for various REST endpoints

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Archiva 2.0.0 - 2.2.1
The unsupported versions 1.x are also affected.

Several REST service endpoints of Apache Archiva are not pro

[ more ]  [ reply ]
[SECURITY] [DSA 3853-1] bitlbee security update 2017-05-15
Sebastien Delafond (seb untangle com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3853-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 15, 2017

[ more ]  [ reply ]
Secunia Research: LibRaw "parse_tiff_ifd()" Memory Corruption Vulnerability 2017-05-15
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2017/05/11

LibRaw "parse_tiff_ifd()" Memory Corruption Vulnerability

======================================================================

Table of Contents

Affected Software

[ more ]  [ reply ]
PingID (MFA) - Reflected Cross-Site Scripting 2017-05-17
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: PingID (MFA) [1]
# Vendor: Ping Identity Corporation
# CSNC ID: CSNC-20

[ more ]  [ reply ]
[slackware-security] kdelibs (SSA:2017-136-02) 2017-05-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kdelibs (SSA:2017-136-02)

New kdelibs packages are available for Slackware 13.37, 14.0, 14.1, 14.2,
and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
[security bulletin] HPESBGN03748 rev.1 - HPE Cloud Optimizer, Remote Disclosure of Information 2017-05-18
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03748en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03748en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 3856-1] deluge security update 2017-05-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3856-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 18, 2017

[ more ]  [ reply ]
Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages 2017-05-15
Manuel Mancera (sinkmanu gmail com)
==================================================================
Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages
==================================================================

Information
------------------------------------------------------------------
Name: Nextcloud/Own

[ more ]  [ reply ]
APPLE-SA-2017-05-15-6 iTunes 12.6.1 2017-05-15
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-05-15-6 iTunes 12.6.1

iTunes 12.6.1 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple

[ more ]  [ reply ]
APPLE-SA-2017-05-15-4 watchOS 3.2.1 2017-05-15
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-05-15-4 watchOS 3.2.1

watchOS 3.2.1 is now available and addresses the following:

AVEVideoEncoder
Available for: All Apple Watch models
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issu

[ more ]  [ reply ]
[security bulletin] HPESBHF03745 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2017-05-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03745en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03745en_us

Version: 1

HP

[ more ]  [ reply ]
Secunia Research: FLAC "read_metadata_vorbiscomment_()" Memory Leak Denial of Service Vulnerability 2017-05-15
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2017/05/11

FLAC "read_metadata_vorbiscomment_()" Memory Leak

Denial of Service Vulnerability

===========================================================

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: GOOGLE google-api-php-client Multiple Security Vulnerabilities 2017-05-11
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
GOOGLE google-api-php-client
Multiple Security Vulnerabilities

Advisory ID: DC-2017-04-012
Advisory Title: google-api-php-client Multiple XSS Vulnerabilities
Advisory URL:
http://defensecode.com/advisories/DC-2017-04-012_go

[ more ]  [ reply ]
SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager 2017-05-11
SEC Consult Vulnerability Lab (research sec-consult com)
A blog post with additional information is available here:
http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.htm
l

We have also released a video showing arbitrary code execution:
https://www.youtube.com/watch?v=1EngNIXSNQw

SEC Consult Vulnerability Lab Security Advisory < 201705

[ more ]  [ reply ]
DefenseCode WebScanner DAST Advisory: WordPress User Access Manager Plugin Security Vulnerability 2017-05-11
DefenseCode (defensecode defensecode com)

DefenseCode WebScanner DAST Advisory
WordPress User Access Manager Plugin
Security Vulnerability

Advisory ID: DC-2017-01-021
Advisory Title: WordPress User Access Manager Plugin Cross Site
Scripting vulnerability
Advisory URL:
http://www.defensecode

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities 2017-05-11
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
WordPress Tracking Code Manager Plugin
Multiple Security Vulnerabilities

Advisory ID: DC-2017-01-020
Advisory Title: WordPress Tracking Code Manager Plugin Multiple
Vulnerabilities
Advisory URL:
http://www.defensecode.com/advi

[ more ]  [ reply ]
ESA-2017-017: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability 2017-05-10
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

EMC Identifier: ESA-2017-017: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability

CVE Identifier: CVE-2017-4978

Severity Rating: CVSS v3 Score: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products:

RSA Ad

[ more ]  [ reply ]
ESA-2017-027: EMC Isilon OneFS NFS Export Upgrade Vulnerability 2017-05-10
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-027: EMC Isilon OneFS NFS Export Upgrade Vulnerability

EMC Identifier: ESA-2017-027

CVE Identifier: CVE-2017-4979

Severity Rating: CVSS v3 Base Score: 7.1 (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

Affected products: The issue oc

[ more ]  [ reply ]
[CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability 2017-05-10
Core Security Advisories Team (advisories coresecurity com)
1. *Advisory Information*

Title: SAP SAPCAR Heap Based Buffer Overflow Vulnerability
Advisory ID: CORE-2017-0001
Advisory URL: http://www.coresecurity.com/advisories/sap-sapcar-
heap-based-buffer-overflow-vulnerability
Date published: 2017-05-10
Date of last update: 2017-05-10
Vendors contacted: SA

[ more ]  [ reply ]
SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App 2017-05-10
SEC Consult Vulnerability Lab (research sec-consult com)
A short demo video is available here:
https://youtu.be/0jZdM9peVSk

SEC Consult Vulnerability Lab Security Advisory < 20170510-0 >
=======================================================================
title: Insecure Handling Of URI Schemes
product: Microsoft OneDrive iO

[ more ]  [ reply ]
[SECURITY] [DSA 3848-1] git security update 2017-05-10
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3848-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 10, 2017

[ more ]  [ reply ]
Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892] 2017-05-10
Nightwatch Cybersecurity Research (research nightwatchcybersecurity com)
[Original post here:
https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabili
ties-in-asus-routers/]

Summary

Various models of ASUS RT routers have several CSRF vulnerabilities
allowing malicious sites to login and change settings in the router;
multiple JSONP vulnerabilities allowi

[ more ]  [ reply ]
[SECURITY] [DSA 3847-1] xen security update 2017-05-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3847-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2017

[ more ]  [ reply ]
[security bulletin] HPESBST03739 rev.1 - HPE StoreFabric B-series Switches, Remote Elevation of Privilege 2017-05-09
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst
03739en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbst03739en_us

Version: 1

HP

[ more ]  [ reply ]
CVE-2016-6799: Internal system information leak 2017-05-09
Simon MacDonald (macdonst apache org)
CVE-2016-6799: Internal system information leak

Severity: High

Vendor: The Apache Software Foundation

Versions Affected: Cordova Android (5.2.2 and below)

Description: The application calls methods of the Log class. Messages
passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and
Log.e(

[ more ]  [ reply ]
SEC Consult SA-20170509-0 :: Multiple vulnerabilities in I, Librarian PDF manager 2017-05-09
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170509-0 >
=======================================================================
title: Multiple vulnerabilities
product: I, Librarian PDF manager
vulnerable version: <=4.6 & 4.7
fixed version: 4.8
CVE nu

[ more ]  [ reply ]
[SECURITY] [DSA 3846-1] libytnef security update 2017-05-09
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3846-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 09, 2017

[ more ]  [ reply ]
(Page 10 of 1723)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus