BugTraq Mode:
(Page 2 of 1719)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products 2017-07-12
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170712-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: AGFEO Smart Home ES 5xx
AGFEO Smart Home ES 6xx
vulnerable version:

[ more ]  [ reply ]
[CVE request]linux kernel xfrm migrate out-of-bound access 2017-07-11
bo Zhang (zhangbo5891001 gmail com)
Issue description:

xfrm migrate is a mechanism of kernel ipsec xfrm framework.

When dealing with XFRM_MSG_MIGRATE message, xfrm_migrate func does not
check dir value of xfrm_userpolicy_id.
This will cause out of bound access to net->xfrm.policy_bydst in
policy_hash_direct func and others when dir

[ more ]  [ reply ]
[RT-SA-2017-011] Remote Command Execution in PDNS Manager 2017-07-11
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Remote Command Execution in PDNS Manager

RedTeam Pentesting discovered that PDNS Manager is vulnerable to a
remote command execution vulnerability, if for any reason the
configuration file config/config-user.php does not exist.

Details
=======

Product: PDNS Manager
Affected Versions: G

[ more ]  [ reply ]
CVE-2017-4918: Code Injection in VMware Horizonâ??s macOS Client 2017-07-10
Florian Bogner (florian bogner sh)
CVE-2017-4918: Code Injection in VMware Horizonâ??s macOS Client

Metadata
===================================================
Release Date: 10-July-2017
Author: Florian Bogner // https://bogner.sh
Affected product: VMware Horizonâ??s macOS Client
Fixed in: Version 4.5
Tested on: OS X El Capitan 10.

[ more ]  [ reply ]
[security bulletin] HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution 2017-07-10
HPE Product Security Response Team (security-alert hpe com)


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03763en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03763en_us

Version: 1

[ more ]  [ reply ]
[security bulletin] HPESBGN03762 rev.1 - HPE Network Node Manager i (NNMi) Software, Remote Bypass Security Restrictions, Cross-Site Scripting (XSS), URL Redirection 2017-07-10
HPE Product Security Response Team (security-alert hpe com)


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03762en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03762en_us

Version: 1

[ more ]  [ reply ]
[security bulletin] HPESBHF03745 rev.2 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2017-07-10
HPE Product Security Response Team (security-alert hpe com)


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03745en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03745en_us

Version: 2

[ more ]  [ reply ]
[security bulletin] HPESBNS03755 rev.1 - HPE NonStop Server using Samba, Multiple Remote Vulnerabilities 2017-07-10
HPE Product Security Response Team (security-alert hpe com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns
03755en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbns03755en_us

Version: 1

[ more ]  [ reply ]
CVE-2017-5640 Apache Impala (incubating) Information Disclosure 2017-07-10
Sailesh Mukil (sailesh apache org)
CVE-2017-5640 Apache Impala (incubating) Information Disclosure

Severity: High

Versions Affected:
Apache Impala (incubating) 2.7.0 to 2.8.0

Description:
It was noticed that a malicious process impersonating an Impala daemon
could cause Impala daemons to skip authentication checks when Kerberos
is

[ more ]  [ reply ]
[SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure 2017-07-10
Sailesh Mukil (sailesh apache org)
CVE-2017-5652 Apache Impala (incubating) Information Disclosure

Severity: High

Versions Affected:
Apache Impala (incubating) 2.7.0 to 2.8.0

Description:
During a routine security analysis, it was found that one of the ports
sent data in plaintext even when the cluster was configured to use
TLS. T

[ more ]  [ reply ]
ToorCon 19 Call For Papers Closing This Week! 2017-07-10
h1kari toorcon org
TOORCON 19 CALL FOR PAPERS CLOSING THIS WEEK!

It's that time of year again! ToorCon 19 is coming so get your code finished and submit a talk this time around. This year's event has been pushed earlier in the year to the end of August, so make sure to save the new dates on your calendar. We're letti

[ more ]  [ reply ]
[slackware-security] irssi (SSA:2017-190-01) 2017-07-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] irssi (SSA:2017-190-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[SECURITY] [DSA 3905-1] xorg-server security update 2017-07-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3905-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 09, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3904-1] bind9 security update 2017-07-08
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3904-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
July 08, 2017

[ more ]  [ reply ]
[slackware-security] php (SSA:2017-188-01) 2017-07-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2017-188-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
CVE-2017-10974 Yaws Web Server v1.91 Unauthenticated Remote File Disclosure 2017-07-08
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHE
NTICATED-REMOTE-FILE-DISCLOSURE.txt
[+] ISR: ApparitionSec

Vendor:
==========
yaws.hyber.org

Product:
===========
Yaws v

[ more ]  [ reply ]
[ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr 2017-07-07
Shalin Shekhar Mangar (shalin apache org)
CVE-2017-7660: Security Vulnerability in secure inter-node
communication in Apache Solr

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Solr 5.3 to 5.5.4
Solr 6.0 to 6.5.1

Description:

Solr uses a PKI based mechanism to secure inter-node communication
when security

[ more ]  [ reply ]
[SYSS-2017-011] Office 365: Insufficient Session Expiration (CWE-613) 2017-07-07
Micha Borrmann (micha borrmann syss de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Advisory ID: SYSS-2017-011
Product: Office 365 (Sharepoint)
Manufacturer: Microsoft
Affected Version(s): ?
Tested Version(s): Office 365 Enterprise E3 (version from February 2017)
Vulnerability Type: Insufficient Session Expiration (CWE-613)
Risk Leve

[ more ]  [ reply ]
Firefox v54.0.1 Denial Of Service 2017-07-07
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/FIREFOX-v54.0.1-DENIAL-OF-SER
VICE.txt
[+] ISR: ApparitionSec

Vendor:
===============
www.mozilla.org

Product:
===============
Firefox v54.0.1

Vuln

[ more ]  [ reply ]
KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials 2017-07-06
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials

Title: Solarwinds LEM Hardcoded Credentials
Advisory ID: KL-001-2017-015
Publication Date: 2017.07.06
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-015.txt

1. Vulnerability Details

Affected Vendor: Solarwin

[ more ]  [ reply ]
KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack 2017-07-06
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack

Title: Barracuda WAF Support Tunnel Hijack
Advisory ID: KL-001-2017-014
Publication Date: 2017.07.06
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-014.txt

1. Vulnerability Details

Affected Vendor: Barracuda

[ more ]  [ reply ]
KL-001-2017-012 : Barracuda WAF Grub Password Complexity 2017-07-06
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-012 : Barracuda WAF Grub Password Complexity

Title: Barracuda WAF Grub Password Complexity
Advisory ID: KL-001-2017-012
Publication Date: 2017.07.06
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-012.txt

1. Vulnerability Details

Affected Vendor: Barr

[ more ]  [ reply ]
KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure 2017-07-06
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure

Title: Barracuda WAF Internal Development Credential Disclosure
Advisory ID: KL-001-2017-011
Publication Date: 2017.07.06
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-011.txt

1. Vulnerability

[ more ]  [ reply ]
[SECURITY] [DSA 3903-1] tiff security update 2017-07-05
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3903-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3902-1] jabberd2 security update 2017-07-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3902-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 05, 2017

[ more ]  [ reply ]
[security bulletin] HPSBMU02933 rev.3 - HPE SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS) 2017-07-05
HPE Product Security Response Team (security-alert hpe com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c039694
35

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03969435

Version: 3

HPSBMU02933 rev

[ more ]  [ reply ]
[slackware-security] Slackware 14.0 kernel (SSA:2017-184-01) 2017-07-03
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 14.0 kernel (SSA:2017-184-01)

New kernel packages are available for Slackware 14.0 to fix security issues.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/linux-3.

[ more ]  [ reply ]
[SECURITY] [DSA 3901-1] libgcrypt20 security update 2017-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3901-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2017

[ more ]  [ reply ]
[CVE-2017-9313] Webmin 1.840 Multiple XSS Vulnerabilities 2017-07-02
andys3c gmail com
Vulnerability type: Reflected Cross Site Scripting
------------------------
Product: Webmin
------------------------
Affected version: Webmin 1.840 and possibly
earlier
------------------------
Patched version: Webmin 1.850
------------------------
Credit: Andy Tan
------------------------
CVE ID:

[ more ]  [ reply ]
InsomniaX loader allows loading of arbitrary Kernel Extensions 2017-07-02
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

InsomniaX loader allows loading of arbitrary Kernel Extensions
------------------------------------------------------------------------

Yorick Koster, April 2017

----------------------------------------------------------------

[ more ]  [ reply ]
(Page 2 of 1719)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus