BugTraq Mode:
(Page 11 of 1727)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >
[CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c 2017-06-24
wpengfeinudt gmail com
Hi all,

I found this double-fetch vulnerability when I was doing my research on double fetch issue analysis, and I?d like to make an announcement here.

This was found in Linux kernel file Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c. The kernel (driver) use memcpy_fromio() to fetch twice

[ more ]  [ reply ]
[CVE-2017-8813] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c 2017-06-22
wpengfeinudt gmail com
Hi all,

I found this double-fetch vulnerability when I was doing my research on double fetch issue analysis, and I’?d like to make an announcement here.

This was found in Linux kernel file Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c. The kernel (driver) use memcpy_fromio() to fetch

[ more ]  [ reply ]
[SECURITY] [DSA 3893-1] jython security update 2017-06-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3893-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 22, 2017

[ more ]  [ reply ]
[slackware-security] openvpn (SSA:2017-172-01) 2017-06-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openvpn (SSA:2017-172-01)

New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+---------------------

[ more ]  [ reply ]
Sitecore 7.1-7.2 Cross Site Scripting Vulnerability 2017-06-21
hamedizadi gmail com
Sitecore 7.1-7.2 Cross Site Scripting Vulnerability

Information
--------------------
Author: Hamed Izadi
Email: ("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in Sitecore
Affected Software : Sitecore.NET
Affected Versions: v7.2-7.1 and possibly below
Vendor Homepage : http://www.sit

[ more ]  [ reply ]
[SECURITY] [DSA 3890-1] spip security update 2017-06-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3890-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 21, 2017

[ more ]  [ reply ]
ESA-2017-053: EMC Isilon OneFS Privilege Escalation Vulnerability 2017-06-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-053: EMC Isilon OneFS Privilege Escalation Vulnerability

EMC Identifier: ESA-2017-053

CVE Identifier: CVE-2017-4988

Severity Rating: CVSS v3 Base Score:

Base Score=> 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affected pro

[ more ]  [ reply ]
ESA-2017-054: EMC Avamar Multiple Vulnerabilities 2017-06-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-054: EMC Avamar Multiple Vulnerabilities

EMC Identifier: ESA-2017-054

CVE Identifiers:

CVE-2017-4989, CVE-2017-4990

Affected products:

? EMC Avamar Server Software 7.4.1-58, 7.4.0-242 (CVE-2017-4990)

? EMC Avamar Server Softwar

[ more ]  [ reply ]
CVE-2017-3167: Apache httpd 2.x ap_get_basic_auth_pw authentication bypass 2017-06-19
Jacob Champion (jchampion apache org)
CVE-2017-3167: ap_get_basic_auth_pw authentication bypass

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.2.0 to 2.2.32
httpd 2.4.0 to 2.4.25

Description:
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead t

[ more ]  [ reply ]
CVE-2017-7659: mod_http2 null pointer dereference 2017-06-19
Jim Jagielski (jim apache org)
CVE-2017-7659: mod_http2 null pointer dereference

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.24 (unreleased)
httpd 2.4.25

Description:
A maliciously constructed HTTP/2 request could cause mod_http2 to
dereference a NULL pointer and crash the server p

[ more ]  [ reply ]
[SECURITY] [DSA 3886-1] linux security update 2017-06-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3886-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 19, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3887-1] glibc security update 2017-06-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3887-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 19, 2017

[ more ]  [ reply ]
[security bulletin] HPESBGN03758 rev.2 - HPE UCMDB, Remote Code Execution 2017-06-19
HPE Product Security Response Team (security-alert hpe com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03758en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03758en_us

Version: 2

[ more ]  [ reply ]
Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting 2017-06-19
ghasseminia gmail com
# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version: 9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia
# CVE ID: CVE-2016-6201

# PROOF OF CONCEPT

Vulnerable URL:
/WorkAre

[ more ]  [ reply ]
Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting 2017-06-19
ghasseminia gmail com
# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version: 9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia
# CVE ID: CVE-2016-6133

# PROOF OF CONCEPT

Vulnerable URL:
/WorkArea

[ more ]  [ reply ]
Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting 2017-06-19
ghasseminia gmail com
# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version: 9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia, Edmund Goh
# CVE ID: CVE-2016-6133

# PROOF OF CONCEPT

Vulnerable U

[ more ]  [ reply ]
ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station 2017-06-16
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station

EMC Identifier: ESA-2017-041

CVE Identifier: CVE-2017-4984, CVE-2017-4985, CVE-2017-4987

Severity Rating: CVSS v3 Base Score: See below for individual CV

[ more ]  [ reply ]
June 2017 - Bamboo - Critical Security Advisory 2017-06-16
Atlassian (security atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/KgwUNg .

CVE ID:

* CVE-2017-8907.

Product: Bamboo.

Affected Bamboo product versions:

5.0.0 <= version < 5.15.7
6.0.0 <= version < 6.0.1

Fixed Bamboo product version

[ more ]  [ reply ]
[security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege 2017-06-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03761en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03761en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 3882-1] request-tracker4 security update 2017-06-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3882-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 15, 2017

[ more ]  [ reply ]
CVE-2017-9613: Stored Cross-Site Scripting in SAP successfactors 2017-06-15
dunstan pinto gmail com
CVE-2017-9613: Stored Cross-Site Scripting in SAP successfactors

Severity: High

Vendor: SAP

Versions Affected: SAP successfactors - Release build b1702p5e.1190658

Description: Stored Cross-site scripting (XSS) vulnerability in SAP Successfactors allows remote authenticated users to inject arbitr

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2017-165-02) 2017-06-15
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2017-165-02)

New mozilla-firefox packages are available for Slackware 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/

[ more ]  [ reply ]
[slackware-security] bind (SSA:2017-165-01) 2017-06-15
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2017-165-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3881-1] firefox-esr security update 2017-06-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3881-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 14, 2017

[ more ]  [ reply ]
ESA-2017-043: EMC ESRS Virtual Edition Authentication Bypass Vulnerability 2017-06-14
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-043: EMC ESRS Virtual Edition Authentication Bypass Vulnerability

EMC Identifier: ESA-2017-043

CVE Identifier: CVE-2017-4986

Severity Rating: CVSS v3 Base Score: See below for individual scores of each CVE

Affected products:

E

[ more ]  [ reply ]
ESA-2017-031: RSA BSAFE® Cert-C Improper Certificate Processing Vulnerability 2017-06-14
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-031: RSA BSAFE® Cert-C Improper Certificate Processing Vulnerability

EMC Identifier: ESA-2017-031

CVE Identifier: CVE-2017-4981

Severity Rating: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)

Affected Products:

RSA BS

[ more ]  [ reply ]
[SECURITY] [DSA 3880-1] libgcrypt20 security update 2017-06-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3880-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 14, 2017

[ more ]  [ reply ]
Secunia Research: libsndfile "aiff_read_chanmap()" Information Disclosure Vulnerability 2017-06-13
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2017/06/09

libsndfile "aiff_read_chanmap()" Information Disclosure Vulnerability

==========================================================

[ more ]  [ reply ]
SEC Consult SA-20170613-0 :: Access Restriction Bypass in Atlassian Confluence 2017-06-13
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170613-0 >
=======================================================================
title: Access Restriction Bypass
product: Atlassian Confluence
vulnerable version: 4.3.0 - 6.1.1
fixed version: 6.2.1
CVE n

[ more ]  [ reply ]
Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities 2017-06-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2073

Release Date:
=============
2017-06-09

Vulnerability Laboratory ID (VL-ID):
========================

[ more ]  [ reply ]
(Page 11 of 1727)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus