BugTraq Mode:
(Page 4 of 1724)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3928-2] firefox-esr security update 2017-08-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3928-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2017

[ more ]  [ reply ]
Microsoft Resnet - DNS Configuration Web Vulnerability 2017-08-16
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Resnet - DNS Configuration Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2087

Acknowledgements: https://technet.microsoft.com/en-us/security/cc308589.aspx

Release Date:
=============
201

[ more ]  [ reply ]
FreeBSD <= 10.3 jail SHM hole 2017-08-16
WhiteWinterWolf (bugtraq lists whitewinterwolf com)
AFFECTED PRODUCTS

This issue affects FreeBSD from 7.0 to 10.3 included.

DESCRIPTION

FreeBSD jail incompletely protects the access to the IPC primitives.

The 'allow.sysvipc' setting only affects IPC queues, leaving other IPC
objects unprotected, making them reachable system-wide independently of

[ more ]  [ reply ]
[SECURITY] [DSA 3943-1] gajim security update 2017-08-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3943-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2017

[ more ]  [ reply ]
CVE-2017-9802: Apache Sling XSS vulnerability 2017-08-14
Robert Munteanu (rombert apache org)
CVE-2017-9802: Apache Sling XSS vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Sling Servlets Post 2.3.20

Description:
The Javascript method Sling.evalString() uses the javascript `eval`
function to parse input strings, which allows for XSS att

[ more ]  [ reply ]
[CVE-2017-9767] Quali CloudShell (v7.1.0.6508 Patch 6) Multiple Stored Cross Site Scripting Vulnerability 2017-08-14
x62x65x6e gmail com
# Vulnerability type: Multiple Stored Cross Site Scripting
# Vendor: Quali
# Product: CloudShell
# Affected version: v7.1.0.6508 (Patch 6)
# Patched version: v8 and up
# Credit: Benjamin Lee
# CVE ID: CVE-2017-9767

==========================================================

# Overview
Quali CloudS

[ more ]  [ reply ]
[SECURITY] [DSA 3940-1] iortcw security update 2017-08-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3940-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 13, 2017

[ more ]  [ reply ]
[slackware-security] mercurial (SSA:2017-223-03) 2017-08-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mercurial (SSA:2017-223-03)

New mercurial packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/

[ more ]  [ reply ]
[SECURITY] [DSA 3937-1] zabbix security update 2017-08-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3937-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 12, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3936-1] postgresql-9.6 security update 2017-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3936-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3935-1] postgresql-9.4 security update 2017-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3935-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2017

[ more ]  [ reply ]
[security bulletin] HPESB3P03762 rev.1 - HPE C Switch Software using Cisco Prime Data Center Network Manager (DCNM), Remote Code Execution 2017-08-10
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesb3p
03762en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesb3p03762en_us

Version: 1

HP

[ more ]  [ reply ]
[ANN] Apache Struts: S2-049 Security Bulletin update 2017-08-10
Lukasz Lenart (lukaszlenart apache org)
This is an update of the recently announced Security Bulletin S2-049 -
http://struts.apache.org/docs/s2-049.html

The bulletin was extended with an additional information when the
potential vulnerability can be present in your application. Please
re-read the mentioned bulletin and apply required act

[ more ]  [ reply ]
[SECURITY] [DSA 3932-1] subversion security update 2017-08-10
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3932-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
August 10, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3933-1] pjproject security update 2017-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3933-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2017

[ more ]  [ reply ]
[SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released 2017-08-10
Daniel Shahaf (danielsh apache org)
I'm happy to announce the release of Apache Subversion 1.9.7.
Please choose the mirror closest to you by visiting:

http://subversion.apache.org/download.cgi?update=201708081800#recommende
d-release

This is a stable security release of the Apache Subversion open source
version control system. I

[ more ]  [ reply ]
[SECURITY] [DSA 3929-1] libsoup2.4 security update 2017-08-10
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3929-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 10, 2017

[ more ]  [ reply ]
[slackware-security] curl (SSA:2017-221-01) 2017-08-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2017-221-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2017-221-02) 2017-08-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2017-221-02)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Easy Modal Plugin Multiple Security Vulnerabilities 2017-08-07
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
WordPress Easy Modal Plugin
Multiple Security Vulnerabilities

Advisory ID: DC-2017-01-007
Advisory Title: WordPress Easy Modal Plugin Multiple Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.

[ more ]  [ reply ]
[SECURITY] [DSA 3927-1] linux security update 2017-08-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3927-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 07, 2017

[ more ]  [ reply ]
Re: [oss-security] [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() 2017-08-05
Brad Spengler (spender grsecurity net)
This bothers me, and since nobody else has bothered to ask, I'll chime in:
Can someone please clear up this timeline for me?

We have:
(nearly a month ago) 7/7/2017 Silent upstream fix for vulnerability, no
stable cc, no backports performed, no distro fixes.

Possibly before this, possibly after (p

[ more ]  [ reply ]
[SECURITY] [DSA 3926-1] chromium-browser security update 2017-08-04
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3926-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
August 04, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3925-1] qemu security update 2017-08-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3925-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 04, 2017

[ more ]  [ reply ]
SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection 2017-08-04
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170804-1 >
=======================================================================
title: Authenticated Command Injection
product: Ubiquiti Networks UniFi Cloud Key
vulnerable version: Firmware v0.6.1
fixed version:

[ more ]  [ reply ]
SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability 2017-08-04
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170804-0 >
=======================================================================
title: Server Side Request Forgery Vulnerability
product: phpBB
vulnerable version: 3.2.0
fixed version: 3.2.1
CVE number:

[ more ]  [ reply ]
[security bulletin] HPESB3P03767 rev.1 - HPE Proliant ML10 Gen9 servers using Intel Xeon E3-1200M v5 and 6th Generation Intel Core Processors, Unauthorized Write to Filesystem 2017-08-04
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesb3p
03767en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesb3p03767en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 3924-1] varnish security update 2017-08-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3924-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 02, 2017

[ more ]  [ reply ]
[slackware-security] gnupg (SSA:2017-213-01) 2017-08-02
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnupg (SSA:2017-213-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+------------------------

[ more ]  [ reply ]
CVE-2017-1500 - Relected XSS in IBM WorkLight OAuth Server Web Api 2017-08-02
gabriele gristina gmail com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

☾ Reflected Cross-Site Scripting in IBM Worklight OAuth Server Web Api ☽

======== ☾ Table of Contents ☽ =========================================

0. Overview
1. Detailed Description
2. Proof Of Concept
3. Solution
4

[ more ]  [ reply ]
(Page 4 of 1724)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus