BugTraq Mode:
(Page 1 of 522)  1 2 3 4 5 6 7 8 9 10 11  Next >
MagniComp SysInfo Information Exposure [CVE-2018-7268] 2018-05-18
Harry Sintonen (bugtraq kyber fi)
MagniComp SysInfo Information Exposure [CVE-2018-7268]
======================================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.tx
t

Overview
--------

MagniComp SysInfo contains a information e

[ more ]  [ reply ]
[SECURITY] [DSA 4203-1] vlc security update 2018-05-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4203-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 17, 2018

[ more ]  [ reply ]
[slackware-security] curl (SSA:2018-136-01) 2018-05-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2018-136-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/c

[ more ]  [ reply ]
[slackware-security] php (SSA:2018-136-02) 2018-05-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2018-136-02)

New php packages are available for Slackware 14.0, 14.1, and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php-5.6.36-i5

[ more ]  [ reply ]
[SECURITY] [DSA 4202-1] curl security update 2018-05-16
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4202-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
May 16, 2018

[ more ]  [ reply ]
CVE-2018-11101: Signal-desktop HTML tag injection variant 2 2018-05-16
Alfredo Ortega (ortegaalfredo gmail com)

Title: Signal-desktop HTML tag injection variant 2

Date Published: 2018-05-16

Last Update: 2018-05-16

CVE Name: CVE-2018-11101

Class: Code injection

Remotely Exploitable: Yes

Locally Exploitable: No

Vendors contacted: Signal.org

Vulnerability Description:

Signal-desktop is the standalone d

[ more ]  [ reply ]
SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager 2018-05-16
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180516-0 >
=======================================================================
title: XXE & XSS vulnerabilities
product: RSA Authentication Manager
vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P1
fixed vers

[ more ]  [ reply ]
[SECURITY] [DSA 4201-1] xen security update 2018-05-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4201-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 15, 2018

[ more ]  [ reply ]
CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking 2018-05-15
Advisories (advisories compass-security com)
########################################################################
########
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
########################################################################
########
#
# Product: totemomail Encryption Gateway
# Vend

[ more ]  [ reply ]
CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery 2018-05-15
Advisories (advisories compass-security com)
########################################################################
########
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
########################################################################
########
#
# Product: totemomail Encryption Gateway
# Vend

[ more ]  [ reply ]
CVE-2018-10994: HTML tag injection in Signal-desktop 2018-05-14
Alfredo Ortega (ortegaalfredo gmail com)
Title: HTML tag injection in Signal-desktop

Date Published: 14-05-2018

CVE Name: CVE-2018-10994

Class: Code injection

Remotely Exploitable: Yes

Locally Exploitable: No

Vendors contacted: Signal.org

Vulnerability Description:

Signal-desktop is the standalone desktop version of the secure Sign

[ more ]  [ reply ]
[SECURITY] [DSA 4200-1] kwallet-pam security update 2018-05-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4200-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 14, 2018

[ more ]  [ reply ]
SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com) (1 replies)
SEC Consult Vulnerability Lab Security Advisory < 20180514-0 >
=======================================================================
title: Arbitrary File Upload & Cross-site scripting
product: MyBiz MyProcureNet
vulnerable version: 5.0.0
fixed version: unknown

[ more ]  [ reply ]
Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-15
SEC Consult Vulnerability Lab (research sec-consult com)
Vulnerabilities in IBMs Flashsystems and Storwize Products 2018-05-11
Sebastian Neuner (sneuner google com)
Vulnerabilities in IBMs Flashsystems and Storwize Products
------------------------------------------------------------------------
-

Introduction
============
Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem
900 and IBM Storwize V7000. These were discovered during a black

[ more ]  [ reply ]
[slackware-security] mariadb (SSA:2018-130-01) 2018-05-10
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mariadb (SSA:2018-130-01)

New mariadb packages are available for Slackware 14.1 and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mariadb-10.0

[ more ]  [ reply ]
[security bulletin] MFSBGN03807 rev.1 - HP Service Manager Software, SQL Injection 2018-05-10
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031586
56

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03158656

Version: 1

MFSBGN03807 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 4199-1] firefox-esr security update 2018-05-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4199-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 10, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-05-10
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031586
29

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03158629

Version: 2

MFSBGN03802 - Vir

[ more ]  [ reply ]
[security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information 2018-05-10
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031586
13

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03158613

Version: 1

MFSBGN03805 - HP

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2018-129-01) 2018-05-10
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-129-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[slackware-security] wget (SSA:2018-129-02) 2018-05-10
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] wget (SSA:2018-129-02)

New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information 2018-05-09
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031580
61

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03158061

Version: 1

MFSBGN03804 - HP

[ more ]  [ reply ]
[SECURITY] [DSA 4197-1] wavpack security updaze 2018-05-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4197-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4198-1] prosody security update 2018-05-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4198-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities 2018-05-09
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031580
14

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03158014

Version: 1

MFSBGN03806 rev.1

[ more ]  [ reply ]
t2'18: Call For Papers 2018 (Helsinki, Finland) 2018-05-09
Tomi Tuominen (tomi tuominen t2 fi)
#
# t2'18 - Call For Papers (Helsinki, Finland) - October 25 - 26, 2018
#

Join us for the 15th anniversary celebrations on Oct 25-26! CFP and ticket
sales are now open.

To truly appreciate the full spectrum of cyber, one simply needs to visit
Helsinki. Sooner or later you need a break from the sun

[ more ]  [ reply ]
[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy 2018-05-08
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

during installation of Microsoft Office 2003 and newer versions
as well as single components of Microsoft Office products, the
executable of the "Office Source Engine", ose.exe, is copied as
"%TEMP%\ose00000.exe" and then executed with elevated privileges.

%TEMP% is writable by unprivilege

[ more ]  [ reply ]
[SECURITY] [DSA 4196-1] linux security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4196-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 08, 2018

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg 2018-05-08
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-18:06.debugreg Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-05-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-05-08-1 Additional information for
APPLE-SA-2018-04-24-2 Security Update 2018-001

Security Update 2018-001 addresses the following:

Crash Reporter
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to gain elev

[ more ]  [ reply ]
[SECURITY] [DSA 4195-1] wget security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4195-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 08, 2018

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2018-0004 2018-05-07
Michael Catanzaro (mcatanzaro igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2018-0004
------------------------------------------------------------------------

Date reported : May 07, 2018
Advisory ID : WSA-2018-0004
Advisory UR

[ more ]  [ reply ]
[SECURITY] [DSA 4194-1] lucene-solr security update 2018-05-06
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4194-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 06, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4193-1] wordpress security update 2018-05-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4193-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 05, 2018

[ more ]  [ reply ]
CANADIAN JOB VACANCY!!! 2018-05-06
SUNCOR ENERGY (info suncor-recruitments com)
SUNCOR ENERGY
HEAD OFFICE ADDRESS
CORPORATE LEGAL DEPARTMENT
150 - 6TH AVENUE S.W.,
P.O. BOX 38. CALGARY, ALBERTA
T2P 3E3, CANADA.
TELL: (816) 774-1034
FAX : (403) 724-3460

ATTN: JOB SEEKER.

WE ARE USING THIS MEDIA TO ANNOUNCE THAT SUNCOR ENERGY CURRENTLY SEEKING AN EXPERIENCE AND ENTHUSIASTIC 13

[ more ]  [ reply ]
[SECURITY] [DSA 4192-1] libmad security update 2018-05-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4192-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 04, 2018

[ more ]  [ reply ]
[slackware-security] python (SSA:2018-124-01) 2018-05-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] python (SSA:2018-124-01)

New python packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packag

[ more ]  [ reply ]
APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 2018-05-04
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for
Ubuntu 14.04

Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 is
now available and addresses the following:

Swift for Ubuntu
Available for: Ubuntu 14.04
Not impacted: Ubuntu 16.04 a

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2018-123-01) 2018-05-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2018-123-01)

New seamonkey packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/seam

[ more ]  [ reply ]
Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-05-04
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Changelog:

2018-05-03: VMSA-2018-0007.3 Updated in conjunction with the release of

vSphere Data Protection (VDP) 6.1.5 on 2018-05-03.

-----BEGIN PGP SIGNATURE-----

Version: Encryption Desktop 10.4.1 (Build 490)

Charset: utf-8

wj8DBQFa6wKlDE

[ more ]  [ reply ]
[SECURITY] [DSA 4191-1] redmine security update 2018-05-03
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4191-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 03, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4190-1] jackson-databind security update 2018-05-03
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4190-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 03, 2018

[ more ]  [ reply ]
SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM) 2018-05-03
SEC Consult Vulnerability Lab (research sec-consult com)
We have published an accompanying blog post to this technical advisory with
further information:

Blog:
https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-ident
ity-crisis/

Demo video: https://www.youtube.com/watch?v=YK7_1NozAwQ

SEC Consult Vulnerability Lab Security Advisory < 20

[ more ]  [ reply ]
Command injections via USB upgrade in MSTAR Set-Top box products 2018-05-03
IM (ivanm security-net biz)

While I was working on diagnostic device for some of my clients I found
command injections in MSTAR Set-Top box products. Diagnostic device is
not specialy target this vendor but we used it in development phase and
for testing.
Vulnerable functionality is in automatic USB upgrade process. It is
pos

[ more ]  [ reply ]
[SECURITY] [DSA 4189-1] quassel security update 2018-05-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4189-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 02, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4187-1] linux security update 2018-05-01
Ben Hutchings (benh debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4187-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Ben Hutchings
May 01, 2018

[ more ]  [ reply ]
CA20180501-01: Security Notice for CA Spectrum 2018-05-02
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20180501-01: Security Notice for CA Spectrum

Issued: May 1st, 2018
Last Updated: May 1st, 2018

CA Technologies Support is alerting customers to a potential risk
with CA Spectrum. A vulnerability exists that can allow an
unauthenticated remote atta

[ more ]  [ reply ]
[SECURITY] [DSA 4188-1] linux security update 2018-05-01
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4188-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 01, 2018

[ more ]  [ reply ]
Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF 2018-05-01
robin verton telekom de
Telekom Security
security.telekom.com

Advisory: Trovebox - Authentication Bypass, SQLi, SSRF
Release Date: 2018/04/30
Author: Robin Verton (robin.verton (at) telekom (dot) de [email concealed])
CVE: requested

Application: Trovebox <= 4.0.0-rc6

[ more ]  [ reply ]
CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability 2018-05-01
Akira Ajisaka (aajisaka apache org)
CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected:
All the Apache Hadoop versions from 2.2.0 to 2.7.3

Description:
A user who can escalate to yarn user can possibly run arbitrary commands as root user.

Mit

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2018-120-02) 2018-05-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-120-02)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[slackware-security] libwmf (SSA:2018-120-01) 2018-05-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libwmf (SSA:2018-120-01)

New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+-----------------------

[ more ]  [ reply ]
Advisory - Sourcetree for Windows - CVE-2018-5226 2018-04-30
Atlassian (security atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/ERyUO .

CVE ID:

* CVE-2018-5226.

Product: Sourcetree for Windows.

Affected Sourcetree for Windows product versions:

version < 2.5.5.0

Fixed Sourcetree for Windows p

[ more ]  [ reply ]
[SECURITY] [DSA 4183-1] tor security update 2018-04-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4183-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4186-1] gunicorn security update 2018-04-28
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4186-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4184-1] sdl-image1.2 security update 2018-04-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4184-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4185-1] openjdk-8 security update 2018-04-28
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4185-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4181-1] roundcube security update 2018-04-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4181-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4182-1] chromium-browser security update 2018-04-28
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4182-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
April 28, 2018

[ more ]  [ reply ]
[slackware-security] openvpn (SSA:2018-116-01) 2018-04-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openvpn (SSA:2018-116-01)

New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------

[ more ]  [ reply ]
[HITB-Announce] HITBGSEC2018 CFP - Final Call 2018-04-26
Hafez Kamal (aphesz hackinthebox org)
FINAL CALL!!

The Call for Papers for the HITB GSEC 2018 Singapore is now open!

Call for Papers: https://gsec.hitb.org/call-for-papers/
Event Website: https://gsec.hitb.org/sg2018/

HITB GSEC is a three-day security conference where attendees
get to vote on the final agenda of talks. Attendees can

[ more ]  [ reply ]
[SECURITY] [DSA 4180-1] drupal7 security update 2018-04-25
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4180-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 25, 2018

[ more ]  [ reply ]
Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability 2018-04-25
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/04/25

Oracle Outside In Technology Use-After-Free Vulnerability

======================================================================
Table of Contents

Affected Software............

[ more ]  [ reply ]
APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-04-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-04-24-2 Security Update 2018-001

Security Update 2018-001 is now available and addresses the
following:

Crash Reporter
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to gain elevated privileges
Description:

[ more ]  [ reply ]
APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-04-24-1 iOS 11.3.1

iOS 11.3.1 is now available and addresses the following:

Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and
iPod touch 6th generation
Impact: An application may be able to gain elevated privil

[ more ]  [ reply ]
APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4,
and 13605.1.33.1.4)

Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4)
is now available and addresses the following:

WebKit
Available for: OS X El Capitan 10.11.6

[ more ]  [ reply ]
[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4179-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Ben Hutchings
April 24, 2018

[ more ]  [ reply ]
SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180424-0 >
=======================================================================
title: Reflected Cross-Site Scripting
product: Zyxel ZyWALL: see "Vulnerable / tested version"
vulnerable version: ZLD 4.30 and before

[ more ]  [ reply ]
SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180423-0 >
=======================================================================
title: Multiple Stored XSS Vulnerabilities
product: WSO2 Carbon, WSO2 Dashboard Server
vulnerable version: WSO2 Identity Server 5.3.0

[ more ]  [ reply ]
[SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4176-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 20, 2018

[ more ]  [ reply ]
Seagate Media Server path traversal vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Seagate Media Server path traversal vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2017

------------------------------------------------------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 4175-1] freeplane security update 2018-04-18
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4175-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 18, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4178-1] libreoffice security update 2018-04-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4178-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2018

[ more ]  [ reply ]
[SE-2011-01] The origin and impact of vulnerabilities in ST chipsets 2018-04-21
Security Explorations (contact security-explorations com)

Hello All,

We have published an initial document describing the origin and impact
of the vulnerabilities discovered in ST chipsets along some rationale
indicating why it's worth to dig further into this case:

http://www.security-explorations.com/materials/se-2011-01-st-impact.pdf

This document i

[ more ]  [ reply ]
[SECURITY] [DSA 4177-1] libsdl2-image security update 2018-04-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4177-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2018

[ more ]  [ reply ]
Seagate Media Server stored Cross-Site Scripting vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Seagate Media Server stored Cross-Site Scripting vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2017

------------------------------------------------------------

[ more ]  [ reply ]
[slackware-security] gd (SSA:2018-108-01) 2018-04-19
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gd (SSA:2018-108-01)

New gd packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
This update fixes two security is

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2018-0003 2018-04-17
Michael Catanzaro (mcatanzaro igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------

Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2

[ more ]  [ reply ]
[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4174-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
April 17, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4173-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 16, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031404
87

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03140487

Version: 1

MFSBGN03802 - Vir

[ more ]  [ reply ]
[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031411
80

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03141180

Version: 1

MFSBGN03803 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 4079-2] poppler regression update 2018-04-12
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4079-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 12, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4169-1] pcs security update 2018-04-11
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4169-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
April 11, 2018

[ more ]  [ reply ]
Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10
Yves Younan (wootcfp fort-knox org)
Dear all,

We are pleased to announce the Call for Papers for the 12th USENIX
Workshop on Offensive Technologies! WOOT '18 will be held on August
13â??14, 2018, in conjunction with USENIX Security in Baltimore, MD, USA.

WOOT provides a forum for high-quality, peer-reviewed work discussing
tools and

[ more ]  [ reply ]
[SECURITY] [DSA 4170-1] pjproject security update 2018-04-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4170-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 09, 2018

[ more ]  [ reply ]
secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)
Affected Products

OCS Inventory NG ocsreports 2.4

OCS Inventory NG ocsreports 2.3.1

(older/other releases have not been tested)

References

https://www.secuvera.de/advisories/secuvera-SA-2017-04.txt (used for updates)

https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH 2018-04-09
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

on their "Security Research & Defense" blog, members of Microsoft's
Security Response Center recently posted
<https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-plant
ing-vulnerability/>

This blog post but clearly shows that the MSRC doesn't know how Windows
handles the PATH

[ more ]  [ reply ]
secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)
Affected Products

OCSInventory-ocsreports 2.4

(older releases have not been tested)

References

https://www.secuvera.de/advisories/secuvera-SA-2017-03.txt (used for updates)

https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-r
eleased/ (Release announcement of OCS

[ more ]  [ reply ]
[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4168-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 08, 2018

[ more ]  [ reply ]
[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: CyberArk Password Vault Web Access Remote Code Execution

The CyberArk Password Vault Web Access application uses authentication
tokens which consist of serialized .NET objects. By crafting manipulated
tokens, attackers are able to gain unauthenticated remote code execution
on the web serv

[ more ]  [ reply ]
[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: CyberArk Password Vault Memory Disclosure

Data in the CyberArk Password Vault may be accessed through a proprietary
network protocol. While answering to a client's logon request, the vault
discloses around 50 bytes of its memory to the client.

Details
=======

Product: CyberArk Password

[ more ]  [ reply ]
[slackware-security] patch (SSA:2018-096-01) 2018-04-07
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] patch (SSA:2018-096-01)

New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 4167-1] sharutils security update 2018-04-05
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4167-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
April 05, 2018

[ more ]  [ reply ]
Advisory - Fisheye and Crucible - CVE-2018-5223 2018-04-05
Atlassian (security atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/aS5sO and
https://confluence.atlassian.com/x/Zi5sO .

CVE ID:

* CVE-2018-5223.

Product: Fisheye and Crucible.

Affected Fisheye and Crucible product versions:

version <

[ more ]  [ reply ]
Advisory - Bamboo - CVE-2018-5224 2018-04-05
Atlassian (security atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/PS9sO .

CVE ID:

* CVE-2018-5224.

Product: Bamboo.

Affected Bamboo product versions:

2.7.0 <= version < 6.3.3
6.4.0 <= version < 6.4.1

Fixed Bamboo product versions:

[ more ]  [ reply ]
[SECURITY] [DSA 4166-1] openjdk-7 security update 2018-04-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4166-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 04, 2018

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-18:05.ipsec Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-18:04.vt 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-18:04.vt Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
(Page 1 of 522)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus