BugTraq Mode:
(Page 10 of 1727)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
[SECURITY] [DSA 3905-1] xorg-server security update 2017-07-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3905-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 09, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3904-1] bind9 security update 2017-07-08
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3904-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
July 08, 2017

[ more ]  [ reply ]
[slackware-security] php (SSA:2017-188-01) 2017-07-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2017-188-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
CVE-2017-10974 Yaws Web Server v1.91 Unauthenticated Remote File Disclosure 2017-07-08
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHE
NTICATED-REMOTE-FILE-DISCLOSURE.txt
[+] ISR: ApparitionSec

Vendor:
==========
yaws.hyber.org

Product:
===========
Yaws v

[ more ]  [ reply ]
[ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr 2017-07-07
Shalin Shekhar Mangar (shalin apache org)
CVE-2017-7660: Security Vulnerability in secure inter-node
communication in Apache Solr

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Solr 5.3 to 5.5.4
Solr 6.0 to 6.5.1

Description:

Solr uses a PKI based mechanism to secure inter-node communication
when security

[ more ]  [ reply ]
[SYSS-2017-011] Office 365: Insufficient Session Expiration (CWE-613) 2017-07-07
Micha Borrmann (micha borrmann syss de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Advisory ID: SYSS-2017-011
Product: Office 365 (Sharepoint)
Manufacturer: Microsoft
Affected Version(s): ?
Tested Version(s): Office 365 Enterprise E3 (version from February 2017)
Vulnerability Type: Insufficient Session Expiration (CWE-613)
Risk Leve

[ more ]  [ reply ]
Firefox v54.0.1 Denial Of Service 2017-07-07
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/FIREFOX-v54.0.1-DENIAL-OF-SER
VICE.txt
[+] ISR: ApparitionSec

Vendor:
===============
www.mozilla.org

Product:
===============
Firefox v54.0.1

Vuln

[ more ]  [ reply ]
KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials 2017-07-06
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials

Title: Solarwinds LEM Hardcoded Credentials
Advisory ID: KL-001-2017-015
Publication Date: 2017.07.06
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-015.txt

1. Vulnerability Details

Affected Vendor: Solarwin

[ more ]  [ reply ]
KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack 2017-07-06
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack

Title: Barracuda WAF Support Tunnel Hijack
Advisory ID: KL-001-2017-014
Publication Date: 2017.07.06
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-014.txt

1. Vulnerability Details

Affected Vendor: Barracuda

[ more ]  [ reply ]
KL-001-2017-012 : Barracuda WAF Grub Password Complexity 2017-07-06
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-012 : Barracuda WAF Grub Password Complexity

Title: Barracuda WAF Grub Password Complexity
Advisory ID: KL-001-2017-012
Publication Date: 2017.07.06
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-012.txt

1. Vulnerability Details

Affected Vendor: Barr

[ more ]  [ reply ]
KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure 2017-07-06
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure

Title: Barracuda WAF Internal Development Credential Disclosure
Advisory ID: KL-001-2017-011
Publication Date: 2017.07.06
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-011.txt

1. Vulnerability

[ more ]  [ reply ]
[SECURITY] [DSA 3903-1] tiff security update 2017-07-05
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3903-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3902-1] jabberd2 security update 2017-07-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3902-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 05, 2017

[ more ]  [ reply ]
[security bulletin] HPSBMU02933 rev.3 - HPE SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS) 2017-07-05
HPE Product Security Response Team (security-alert hpe com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c039694
35

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03969435

Version: 3

HPSBMU02933 rev

[ more ]  [ reply ]
[slackware-security] Slackware 14.0 kernel (SSA:2017-184-01) 2017-07-03
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 14.0 kernel (SSA:2017-184-01)

New kernel packages are available for Slackware 14.0 to fix security issues.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/linux-3.

[ more ]  [ reply ]
[SECURITY] [DSA 3901-1] libgcrypt20 security update 2017-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3901-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2017

[ more ]  [ reply ]
[CVE-2017-9313] Webmin 1.840 Multiple XSS Vulnerabilities 2017-07-02
andys3c gmail com
Vulnerability type: Reflected Cross Site Scripting
------------------------
Product: Webmin
------------------------
Affected version: Webmin 1.840 and possibly
earlier
------------------------
Patched version: Webmin 1.850
------------------------
Credit: Andy Tan
------------------------
CVE ID:

[ more ]  [ reply ]
InsomniaX loader allows loading of arbitrary Kernel Extensions 2017-07-02
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

InsomniaX loader allows loading of arbitrary Kernel Extensions
------------------------------------------------------------------------

Yorick Koster, April 2017

----------------------------------------------------------------

[ more ]  [ reply ]
[slackware-security] glibc (SSA:2017-181-01) 2017-06-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] glibc (SSA:2017-181-01)

New glibc packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/glibc-2.23-i

[ more ]  [ reply ]
[slackware-security] kernel (SSA:2017-181-02) 2017-06-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kernel (SSA:2017-181-02)

New kernel packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.

[ more ]  [ reply ]
Microsoft Dynamic CRM 2016 - Cross-Site Scripting vulnerability 2017-06-30
gregory draperi (gregory draperi gmail com)
Hello Everyone,

Product: MS Dynamic CRM 2016
Vendor: Microsoft

Vulnerability type: Cross Site Scripting
Vulnerable version: MS Dynamic CRM 2016 SP1 and previous
Vulnerable component: SyncFilterPage.aspx
Report confidence: Confirmed
Solution status: Not fixed by Vendor, will not patch the vuln.
Fix

[ more ]  [ reply ]
SEC Consult SA-20170630-0 :: Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government 2017-06-30
SEC Consult Vulnerability Lab (research sec-consult com)
We have published an accompanying blog post to this technical advisory with
further information:
German version with less technical details as an overview:
http://blog.sec-consult.com/2017/06/e-government-in-deutschland-schwachs
tellen.html

English version containing more detailed attack scenario de

[ more ]  [ reply ]
ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability 2017-06-28
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability

EMC Identifier: ESA-2017-062

CVE Identifier: CVE-2017-4997

Severity Rating: CVSS v3 Base Score: 8.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)

Affected products:

[ more ]  [ reply ]
[SECURITY] [DSA 3900-1] openvpn security update 2017-06-27
Sebastien Delafond (seb untangle com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3900-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 27, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3886-2] linux regression update 2017-06-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3886-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 27, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3899-1] vlc security update 2017-06-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3899-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 27, 2017

[ more ]  [ reply ]
[slackware-security] kernel (SSA:2017-177-01) 2017-06-26
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kernel (SSA:2017-177-01)

New kernel packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.

[ more ]  [ reply ]
[CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c 2017-06-26
wpengfeinudt gmail com
Hi all,

I found this double-fetch vulnerability when I was doing my research on double fetch issue analysis, and I?d like to make an announcement here.

This was found in Linux kernel file Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c. The kernel (driver) use memcpy_fromio() to fetch twice

[ more ]  [ reply ]
DefenseCode Security Advisory: IBM DB2 Command Line Processor Buffer Overflow 2017-06-26
DefenseCode (defensecode defensecode com)

DefenseCode Security Advisory
IBM DB2 Command Line Processor Buffer Overflow

Advisory ID: DC-2017-04-002
Advisory Title: IBM DB2 Command Line Processor Buffer Overflow
Advisory URL:
http://www.defensecode.com/advisories/IBM_DB2_Command_Line_Processor_Buf
fer_Overflow.pdf
Software: I

[ more ]  [ reply ]
Microsoft Skype v7.2, v7.35 & v7.36 - Stack Buffer Overflow Vulnerability 2017-06-26
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Skype v7.2, v7.35 & v7.36 - Stack Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2071

MSRC ID: 38778
TRK ID: 0461000724

Vulnerability Magazine: https://www.vulnerability-db.co

[ more ]  [ reply ]
(Page 10 of 1727)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus