BugTraq Mode:
(Page 1 of 524)  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 4268-1] openjdk-8 security update 2018-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4268-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4269-1] postgresql-9.6 security update 2018-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4269-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4267-1] kamailio security update 2018-08-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4267-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 08, 2018

[ more ]  [ reply ]
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08
Joachim De Zutter (dezutterjoachim gmail com)
CVE ID: CVE-2018-12584

TIMELINE

Bug report with test code sent to main reSIProcate developers: 2018-06-15
Patch created by Scott Godin: 2018-06-18
CVE ID assigned: 2018-06-19
Patch committed to reSIProcate repository: 2018-06-21
Advisory first published on website: 2018-06-22

[ more ]  [ reply ]
CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20180802-01: Security Notice for CA API Developer Portal

Issued: August 2, 2018
Last Updated: August 2, 2018

CA Technologies Support is alerting customers to a potential risk
with CA API Developer Portal. A medium risk vulnerability exists that
ca

[ more ]  [ reply ]
[CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08
eL_Bart0 (eL_Bart0 protonmail ch)
man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a Parameter (e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd) the Script will read and return the local file. This is happening because of the way the Script calls the "man" comm

[ more ]  [ reply ]
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08
Michael Catanzaro (mcatanzaro igalia com)
------------------------------------------------------------------------

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006
------------------------------------------------------------------------

Date reported : August 07, 2018
Advisory ID : WSA-2018-000

[ more ]  [ reply ]
New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability 2018-08-07
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2018-0019
Severity: Important
Synopsis: Horizon 6, 7, and Horizon Client for Windows updates
address an out-of-bounds

[ more ]  [ reply ]
RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06
Andrius Duksta (duk danskebank lt)
Sorry, but the viable/practical attack vector on this one is practically non-existent. I really can't see anyone actually using this as a real-life attack. The circumstances required to succeed are such that if this attack works, it's waaay too late to blame Rufus as your system was obviously alread

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-18:08.tcp 2018-08-06
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-18:08.tcp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 4266-1] linux security update 2018-08-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4266-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 06, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4262-1] symfony security update 2018-08-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4262-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 03, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4265-1] xml-security-c security update 2018-08-05
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4265-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 05, 2018

[ more ]  [ reply ]
[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] lftp (SSA:2018-214-01)

New lftp packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4260-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 02, 2018

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installer of VMware Player 12.5.9, published in
January 2018, available from
<https://download3.vmware.com/software/player/file/VMware-player-12.5.9-
7535481.exe>,
is vulnerable.

JFTR: VMware Player 12.5.9 is the last version which runs on
32-bit Windows, and the last t

[ more ]  [ reply ]
[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] blueman (SSA:2018-213-01)

New blueman packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/blueman

[ more ]  [ reply ]
CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

on February 13, 2016, I sent a vulnerability report regarding the
then current executable installer of VMware-player 7.1.3 to its
vendor.

On September 14, 2016, VMware published
<http://blogs.vmware.com/security/2016/09/vmsa-2016-0014.html> and
<http://www.vmware.com/security/advisories/VM

[ more ]  [ reply ]
[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4259-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 31, 2018

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2018-212-02)

New seamonkey packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/seam

[ more ]  [ reply ]
[slackware-security] file (SSA:2018-212-01) 2018-07-31
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] file (SSA:2018-212-01)

New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/f

[ more ]  [ reply ]
[SECURITY] [DSA 4258-1] ffmpeg security update 2018-07-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4258-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 29, 2018

[ more ]  [ reply ]
secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 2018-07-30
Tobias Glemser (tglemser secuvera de)
secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306

Affected Products:

Microsoft Wireless Display Adapter V2:

- Microsoft Wireless Display Adapter V2 Softwareversion 2.0.8350 to 2.0.8372 have been tested an

[ more ]  [ reply ]
[SECURITY] [DSA 4257-1] fuse security update 2018-07-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4257-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 28, 2018

[ more ]  [ reply ]
[slackware-security] Slackware 14.2 kernel (SSA:2018-208-01) 2018-07-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 14.2 kernel (SSA:2018-208-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.

[ more ]  [ reply ]
[SECURITY] [DSA 4256-1] chromium-browser security update 2018-07-27
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4256-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
July 26, 2018

[ more ]  [ reply ]
[CORE-2018-0009] - SoftNAS Cloud OS Command Injection 2018-07-26
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

SoftNAS Cloud OS Command Injection

1. *Advisory Information*

Title: SoftNAS Cloud OS Command Injection
Advisory ID: CORE-2018-0009
Advisory URL:
http://www.coresecurity.com/advisories/softnas-cloudnas-OS-command-injec
tion
Date pu

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials
Plugin Multiple XSS Security Vulnerabilities

Advisory ID: DC-2018-05-007
Advisory Title: WordPress Strong Testimonials Plugin Multiple XSS
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software:

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook
Plugin XSS Security Vulnerability

Advisory ID: DC-2018-05-008
Advisory Title: WordPress Gwolle Guestbook Plugin XSS Security
Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress Gwol

[ more ]  [ reply ]
[SECURITY] [DSA 4255-1] ant security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4255-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2018

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin
Multiple XSS Security Vulnerabilities

Advisory ID: DC-2018-05-006
Advisory Title: WordPress Snazzy Maps Plugin Multiple XSS
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress S

[ more ]  [ reply ]
[SECURITY] [DSA 4254-1] slurm-llnl security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4254-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2018

[ more ]  [ reply ]
FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-07-24
Branco, Rodrigo (rodrigo branco intel com)
CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018

[ - Introduction - ]

It is a pleasure to invite you to submit abstracts to iSecCon 2018, the annual Security Conference at Intel.

This prestigious conference aims to bring together esteemed speakers from the industry, government and acad

[ more ]  [ reply ]
[SECURITY] [DSA 4253-1] network-manager-vpnc security update 2018-07-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4253-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 23, 2018

[ more ]  [ reply ]
APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-23-3 Additional information for
APPLE-SA-2018-06-01-4 iOS 11.4

iOS 11.4 addresses the following:

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be a

[ more ]  [ reply ]
APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-23-4 Additional information for
APPLE-SA-2018-06-01-6 tvOS 11.4

tvOS 11.4 addresses the following:

Bluetooth
Available for: Apple TV 4K
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
D

[ more ]  [ reply ]
APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-07-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-23-5 Additional information for
APPLE-SA-2018-06-01-5 watchOS 4.3.1

watchOS 4.3.1 addresses the following:

Bluetooth
Not impacted: Apple Watch Series 3
Impact: An attacker in a privileged network position may be able to
intercept Blu

[ more ]  [ reply ]
APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-07-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-23-2 Additional information for
APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update
2018-003 Sierra, Security Update 2018-003 El Capitan

macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and
Security Update 2018

[ more ]  [ reply ]
APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4
macOS High Sierra 10.13.6, Security Update 2018-004 Sierra,
Security Update 2018-004 El Capitan

macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and
Security Update 2018-0

[ more ]  [ reply ]
Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235 2018-07-23
Anton Black (ablack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This email refers to the advisory found at
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-adviso
ry-2018-07-18-953674465.html
.

CVE ID:

* CVE-2018-11235.
* CVE-2018-13385.
* CVE-2018-13386.

Product: Sourcetree.

Affected Sourcet

[ more ]  [ reply ]
[slackware-security] php (SSA:2018-201-01) 2018-07-20
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2018-201-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/07/20

Oracle Outside In Technology Multiple Vulnerabilities

======================================================================
Table of Contents

Affected Software.............

[ more ]  [ reply ]
Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/07/20

Oracle Outside In Technology Multiple Vulnerabilities

======================================================================
Table of Contents

Affected Software.............

[ more ]  [ reply ]
Secunia Research: LibRaw "parse_minolta()" Infinite Loop Denial of Service Vulnerability 2018-07-19
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/07/17

LibRaw "parse_minolta()" Infinite Loop
Denial of Service Vulnerability

=====================================================================

[ more ]  [ reply ]
Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-07-19
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/07/17
LibRaw Multiple Denial of Service Vulnerabilities

======================================================================
Table of Contents

Affected Software............

[ more ]  [ reply ]
Adobe Systems - Arbitrary Code Injection Vulnerability 2018-07-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:

===============

Adobe Systems - Arbitrary Code Injection Vulnerability

References (Source):

====================

https://www.vulnerability-lab.com/get_content.php?id=2120

PSIRT ID: 7873

Vulnerability Magazine:

https://www.vulnerability-db.com/?q=articles/2018/07/19/ha

[ more ]  [ reply ]
[slackware-security] httpd (SSA:2018-199-01) 2018-07-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] httpd (SSA:2018-199-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[SECURITY] [DSA 4252-1] znc security update 2018-07-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4252-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 18, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4251-1] vlc security update 2018-07-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4251-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 18, 2018

[ more ]  [ reply ]
GhostMail - (Status Message) Persistent Web Vulnerability 2018-07-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
GhostMail - (Status Message) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1470

Release Date:
=============
2018-06-27

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
Binance v1.5.0 - Insecure File Permission Vulnerability 2018-07-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Binance v1.5.0 - Insecure File Permission Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2135

Release Date:
=============
2018-07-17

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
GhostMail - (filename to link) POST Inject Web Vulnerability 2018-07-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
GhostMail - (filename to link) POST Inject Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1471

Release Date:
=============
2018-06-26

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability 2018-07-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=662

Release Date:
=============
2018-07-18

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability 2018-07-18
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Microsoft released <https://support.microsoft.com/en-us/help/4336919>
"Description of the security update for the remote code execution
vulnerability in Visual Studio 2010 Service Pack 1: July 10, 2018"
some days ago.

The executable installer VS10SP1-KB4336919-x86.exe offered for
download

[ more ]  [ reply ]
[SECURITY] [DSA 4250-1] wordpress security update 2018-07-18
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4250-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
July 18, 2018

[ more ]  [ reply ]
[slackware-security] mutt (SSA:2018-198-01) 2018-07-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mutt (SSA:2018-198-01)

New mutt packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/m

[ more ]  [ reply ]
[SECURITY] [DSA 4248-1] blender security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4248-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 17, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4249-1] ffmpeg security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4249-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 17, 2018

[ more ]  [ reply ]
[CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper 2018-07-17
Justin Bull (me justinbull ca)
Good morning everyone,

A security bulletin for all of you.

Software:
--------
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
----------
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
---------------
4.2.0 - 4.3.2
5.0.0.rc1

Fixed Versions:

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities 2018-07-17
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Microsoft released <https://support.microsoft.com/en-us/help/4340040/>
"July 2018 servicing release for Microsoft Desktop Optimization Pack"
some days ago.

<https://www.microsoft.com/en-us/download/details.aspx?id=57157> offers
three executable installers to update existing installations:

[ more ]  [ reply ]
[SECURITY] [DSA 4247-1] ruby-rack-protection security update 2018-07-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4247-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 16, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4246-1] mailman security update 2018-07-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4246-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 15, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4245-1] imagemagick security update 2018-07-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4245-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 14, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4244-1] thunderbird security update 2018-07-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4244-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 13, 2018

[ more ]  [ reply ]
Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability 2018-07-13
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2132

Security ID: huawei-sa-20180309-01-ensp

https://nvd.nist.gov/vuln/detail/CVE-2017-17321
https://cve.mitre.org/c

[ more ]  [ reply ]
Secunia Research: Clam AntiVirus "parsehwp3_paragraph()" Denial of Service Vulnerability 2018-07-12
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/07/12

Clam AntiVirus "parsehwp3_paragraph()"
Denial of Service Vulnerability

==============================

[ more ]  [ reply ]
SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS 2018-07-12
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180712-0 >
=======================================================================
title: Remote Code Execution & Local File Disclosure
product: Zeta Producer Desktop CMS
vulnerable version: <=14.2.0
fixed version:

[ more ]  [ reply ]
[security bulletin] MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities 2018-07-12
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM032010
85

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03201085

Version: 1

MFSBGN03811 rev.1

[ more ]  [ reply ]
Barracuda ADC v5.x - Multiple Persistent Vulnerabilities 2018-07-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda ADC v5.x - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1424

Release Date:
=============
2018-07-12

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability 2018-07-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Lenovo SU v5.07 - Buffer Overflow & Code Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2131

Lenovo Security ID: LEN-19625

https://nvd.nist.gov/vuln/detail/CVE-2018-9063
https://cve.mitre.org/

[ more ]  [ reply ]
[slackware-security] curl (SSA:2018-192-02) 2018-07-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2018-192-02)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
[slackware-security] bind (SSA:2018-192-01) 2018-07-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2018-192-01)

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/b

[ more ]  [ reply ]
[CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 2018-07-11
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

QNAP Qcenter Virtual Appliance Multiple Vulnerabilities

1. *Advisory Information*

Title: QNAP Qcenter Virtual Appliance Multiple Vulnerabilities
Advisory ID: CORE-2018-0006
Advisory URL:
http://www.coresecurity.com/advisories/qna

[ more ]  [ reply ]
[SECURITY] [DSA 4243-1] cups security update 2018-07-11
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4243-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
July 11, 2018

[ more ]  [ reply ]
AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities 2018-07-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2108

AT&T Reference ID: 1502971499862

Vulnerability Magazine:
https://www.vulnerability-db.com/?

[ more ]  [ reply ]
Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1425

Release Date:
=============
2018-07-10

Vulnerability Laboratory ID (VL-ID):
===================

[ more ]  [ reply ]
Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1423

Release Date:
=============
2018-07-09

Vulnerability Laboratory ID (VL-ID):
===============

[ more ]  [ reply ]
ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1993

Release Date:
=============
2018-06-27

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Intel System CU - Buffer Overflow (Denial of Service) Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Intel System CU - Buffer Overflow (Denial of Service) Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2133

Security ID: INTEL-SA-00134

https://nvd.nist.gov/vuln/detail/CVE-2018-3661
https://cve.mitre.org

[ more ]  [ reply ]
Secutech DSL WR RIS 330 - Filter Bypass Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Secutech DSL WR RIS 330 - Filter Bypass Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1988

Release Date:
=============
2018-07-09

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T 2018-07-11
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180711-0 >
=======================================================================
title: Remote code execution via multiple attack vectors
product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1
vulnerable version: FW 01 - 0

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2018-191-01) 2018-07-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2018-191-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix bugs and security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------

[ more ]  [ reply ]
APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows

iTunes 12.8 for Windows is now available and addresses the
following:

CFNetwork
Available for: Windows 7 and later
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue

[ more ]  [ reply ]
APPLE-SA-2018-7-9-3 tvOS 11.4.1 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-3 tvOS 11.4.1

tvOS 11.4.1 is now available and addresses the following:

CFNetwork
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue wa

[ more ]  [ reply ]
APPLE-SA-2018-7-9-6 iCloud for Windows 7.6 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-6 iCloud for Windows 7.6

iCloud for Windows 7.6 is now available and addresses the following:

CFNetwork
Available for: Windows 7 and later
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue wa

[ more ]  [ reply ]
APPLE-SA-2018-7-9-2 watchOS 4.3.2 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-2 watchOS 4.3.2

watchOS 4.3.2 is now available and addresses the following:

CFNetwork
Available for: All Apple Watch models
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue was addressed wit

[ more ]  [ reply ]
APPLE-SA-2018-7-9-5 Safari 11.1.2 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-5 Safari 11.1.2

Safari 11.1.2 is now available and addresses the following:

Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.6
Impact: Visiting a malicious website may lead to address

[ more ]  [ reply ]
APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update
2018-004 Sierra, Security Update 2018-004 El Capitan

macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and
Security Update 2018-004 El Capitan are now available and address
the

[ more ]  [ reply ]
APPLE-SA-2018-7-9-1 iOS 11.4.1 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-1 iOS 11.4.1

iOS 11.4.1 is now available and addresses the following:

CFNetwork
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in Safari
Description: A

[ more ]  [ reply ]
[SECURITY] [DSA 4242-1] ruby-sprockets security update 2018-07-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4242-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 09, 2018

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2018-186-01) 2018-07-05
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2018-186-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 4241-1] libsoup2.4 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4241-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2018

[ more ]  [ reply ]
APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 2018-07-05
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0

Wi-Fi Update for Boot Camp 6.4.0 is now available and addresses the
following:

Wi-Fi
Available for the following machines while running Boot Camp:
MacBook (Late 2009 and later), MacBook Pro (Mid

[ more ]  [ reply ]
[SECURITY] [DSA 4240-1] php7.0 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4240-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2018

[ more ]  [ reply ]
SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)
Also see our other two advisories regarding critical ADB vulnerabilities
as they have been split up for better readability:

Local root:
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-
network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/

Privilege escalation:
htt

[ more ]  [ reply ]
SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)
Also see our other two advisories regarding critical ADB vulnerabilities
as they have been split up for better readability:

Local root:
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-
network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/

Authorization bypass:
htt

[ more ]  [ reply ]
SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)
Also see our other two advisories regarding critical ADB vulnerabilities
as they have been split up for better readability:

Authorization bypass:
https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-a
ll-adb-broadband-gateways-routers/

Privilege escalation:
https://www.sec-consult

[ more ]  [ reply ]
[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool 2018-07-04
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers of Intel's Processor Diagnostic Tool
(IPDT) before v4.1.0.27 have three vulnerabilities^Wbeginner's
errors which all allow arbitrary code execution with escalation
of privilege, plus a fourth which allows denial of service.

Intel published advisory SA-00140
<https

[ more ]  [ reply ]
[SECURITY] [DSA 4239-1] gosa security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4239-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 03, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4238-1] exiv2 security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4238-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 03, 2018

[ more ]  [ reply ]
(Page 1 of 524)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus