|
|
Colapse all |
Post message
[SECURITY] [DSA 4269-1] postgresql-9.6 security update 2018-08-10 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA 4267-1] kamailio security update 2018-08-08 Salvatore Bonaccorso (carnil debian org) [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08 Joachim De Zutter (dezutterjoachim gmail com) CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CA20180802-01: Security Notice for CA API Developer Portal Issued: August 2, 2018 Last Updated: August 2, 2018 CA Technologies Support is alerting customers to a potential risk with CA API Developer Portal. A medium risk vulnerability exists that ca [ more ] [ reply ] [CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08 eL_Bart0 (eL_Bart0 protonmail ch) man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a Parameter (e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd) the Script will read and return the local file. This is happening because of the way the Script calls the "man" comm [ more ] [ reply ] WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08 Michael Catanzaro (mcatanzaro igalia com) New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability 2018-08-07 VMware Security Response Center (security vmware com) RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06 Andrius Duksta (duk danskebank lt) Sorry, but the viable/practical attack vector on this one is practically non-existent. I really can't see anyone actually using this as a real-life attack. The circumstances required to succeed are such that if this attack works, it's waaay too late to blame Rufus as your system was obviously alread [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-18:08.tcp 2018-08-06 FreeBSD Security Advisories (security-advisories freebsd org) [SECURITY] [DSA 4265-1] xml-security-c security update 2018-08-05 Moritz Muehlenhoff (jmm debian org) [slackware-security] lftp (SSA:2018-214-01) 2018-08-02 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] lftp (SSA:2018-214-01) New lftp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ [ more ] [ reply ] [SECURITY] [DSA 4260-1] libmspack security update 2018-08-02 Salvatore Bonaccorso (carnil debian org) Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installer of VMware Player 12.5.9, published in January 2018, available from <https://download3.vmware.com/software/player/file/VMware-player-12.5.9- 7535481.exe>, is vulnerable. JFTR: VMware Player 12.5.9 is the last version which runs on 32-bit Windows, and the last t [ more ] [ reply ] [slackware-security] blueman (SSA:2018-213-01) 2018-08-02 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] blueman (SSA:2018-213-01) New blueman packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/blueman [ more ] [ reply ] CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, on February 13, 2016, I sent a vulnerability report regarding the then current executable installer of VMware-player 7.1.3 to its vendor. On September 14, 2016, VMware published <http://blogs.vmware.com/security/2016/09/vmsa-2016-0014.html> and <http://www.vmware.com/security/advisories/VM [ more ] [ reply ] [slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2018-212-02) New seamonkey packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/seam [ more ] [ reply ] [slackware-security] file (SSA:2018-212-01) 2018-07-31 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] file (SSA:2018-212-01) New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/f [ more ] [ reply ] secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 2018-07-30 Tobias Glemser (tglemser secuvera de) secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 Affected Products: Microsoft Wireless Display Adapter V2: - Microsoft Wireless Display Adapter V2 Softwareversion 2.0.8350 to 2.0.8372 have been tested an [ more ] [ reply ] [slackware-security] Slackware 14.2 kernel (SSA:2018-208-01) 2018-07-27 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-208-01) New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4. [ more ] [ reply ] [SECURITY] [DSA 4256-1] chromium-browser security update 2018-07-27 Michael Gilbert (mgilbert debian org) [CORE-2018-0009] - SoftNAS Cloud OS Command Injection 2018-07-26 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. *Advisory Information* Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: http://www.coresecurity.com/advisories/softnas-cloudnas-OS-command-injec tion Date pu [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25 Defense Code (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities Advisory ID: DC-2018-05-007 Advisory Title: WordPress Strong Testimonials Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25 Defense Code (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability Advisory ID: DC-2018-05-008 Advisory Title: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Gwol [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities 2018-07-25 Defense Code (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities Advisory ID: DC-2018-05-006 Advisory Title: WordPress Snazzy Maps Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress S [ more ] [ reply ] [SECURITY] [DSA 4254-1] slurm-llnl security update 2018-07-24 Salvatore Bonaccorso (carnil debian org) FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-07-24 Branco, Rodrigo (rodrigo branco intel com) CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 [ - Introduction - ] It is a pleasure to invite you to submit abstracts to iSecCon 2018, the annual Security Conference at Intel. This prestigious conference aims to bring together esteemed speakers from the industry, government and acad [ more ] [ reply ] [SECURITY] [DSA 4253-1] network-manager-vpnc security update 2018-07-23 Salvatore Bonaccorso (carnil debian org) APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 iOS 11.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be a [ more ] [ reply ] APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 tvOS 11.4 addresses the following: Bluetooth Available for: Apple TV 4K Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic D [ more ] [ reply ] APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1 watchOS 4.3.1 addresses the following: Bluetooth Not impacted: Apple Watch Series 3 Impact: An attacker in a privileged network position may be able to intercept Blu [ more ] [ reply ] APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and Security Update 2018 [ more ] [ reply ] APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-0 [ more ] [ reply ] Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235 2018-07-23 Anton Black (ablack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This email refers to the advisory found at https://confluence.atlassian.com/sourcetreekb/sourcetree-security-adviso ry-2018-07-18-953674465.html . CVE ID: * CVE-2018-11235. * CVE-2018-13385. * CVE-2018-13386. Product: Sourcetree. Affected Sourcet [ more ] [ reply ] [slackware-security] php (SSA:2018-201-01) 2018-07-20 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2018-201-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php [ more ] [ reply ] Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20 Secunia Research (remove-vuln secunia com) Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20 Secunia Research (remove-vuln secunia com) Secunia Research: LibRaw "parse_minolta()" Infinite Loop Denial of Service Vulnerability 2018-07-19 Secunia Research (remove-vuln secunia com) Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-07-19 Secunia Research (remove-vuln secunia com) Adobe Systems - Arbitrary Code Injection Vulnerability 2018-07-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2018/07/19/ha [ more ] [ reply ] [slackware-security] httpd (SSA:2018-199-01) 2018-07-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2018-199-01) New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] GhostMail - (Status Message) Persistent Web Vulnerability 2018-07-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== GhostMail - (Status Message) Persistent Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1470 Release Date: ============= 2018-06-27 Vulnerability Laboratory ID (VL-ID): ============================= [ more ] [ reply ] Binance v1.5.0 - Insecure File Permission Vulnerability 2018-07-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Binance v1.5.0 - Insecure File Permission Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2135 Release Date: ============= 2018-07-17 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] GhostMail - (filename to link) POST Inject Web Vulnerability 2018-07-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== GhostMail - (filename to link) POST Inject Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1471 Release Date: ============= 2018-06-26 Vulnerability Laboratory ID (VL-ID): ========================== [ more ] [ reply ] Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability 2018-07-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=662 Release Date: ============= 2018-07-18 Vulnerability Laboratory ID (VL-ID): =========================== [ more ] [ reply ] Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability 2018-07-18 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Microsoft released <https://support.microsoft.com/en-us/help/4336919> "Description of the security update for the remote code execution vulnerability in Visual Studio 2010 Service Pack 1: July 10, 2018" some days ago. The executable installer VS10SP1-KB4336919-x86.exe offered for download [ more ] [ reply ] [slackware-security] mutt (SSA:2018-198-01) 2018-07-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mutt (SSA:2018-198-01) New mutt packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/m [ more ] [ reply ] [CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper 2018-07-17 Justin Bull (me justinbull ca) Good morning everyone, A security bulletin for all of you. Software: -------- Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper) Description: ---------- Doorkeeper is an OAuth 2 provider for Rails written in Ruby. Affected Versions: --------------- 4.2.0 - 4.3.2 5.0.0.rc1 Fixed Versions: [ more ] [ reply ] Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities 2018-07-17 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Microsoft released <https://support.microsoft.com/en-us/help/4340040/> "July 2018 servicing release for Microsoft Desktop Optimization Pack" some days ago. <https://www.microsoft.com/en-us/download/details.aspx?id=57157> offers three executable installers to update existing installations: [ more ] [ reply ] [SECURITY] [DSA 4247-1] ruby-rack-protection security update 2018-07-16 Moritz Muehlenhoff (jmm debian org) Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability 2018-07-13 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2132 Security ID: huawei-sa-20180309-01-ensp https://nvd.nist.gov/vuln/detail/CVE-2017-17321 https://cve.mitre.org/c [ more ] [ reply ] Secunia Research: Clam AntiVirus "parsehwp3_paragraph()" Denial of Service Vulnerability 2018-07-12 Secunia Research (remove-vuln secunia com) SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS 2018-07-12 SEC Consult Vulnerability Lab (research sec-consult com) [security bulletin] MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities 2018-07-12 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM032010 85 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03201085 Version: 1 MFSBGN03811 rev.1 [ more ] [ reply ] Barracuda ADC v5.x - Multiple Persistent Vulnerabilities 2018-07-12 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Barracuda ADC v5.x - Multiple Persistent Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1424 Release Date: ============= 2018-07-12 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability 2018-07-12 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Lenovo SU v5.07 - Buffer Overflow & Code Execution Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2131 Lenovo Security ID: LEN-19625 https://nvd.nist.gov/vuln/detail/CVE-2018-9063 https://cve.mitre.org/ [ more ] [ reply ] [slackware-security] curl (SSA:2018-192-02) 2018-07-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2018-192-02) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ [ more ] [ reply ] [slackware-security] bind (SSA:2018-192-01) 2018-07-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2018-192-01) New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/b [ more ] [ reply ] [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 2018-07-11 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 1. *Advisory Information* Title: QNAP Qcenter Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2018-0006 Advisory URL: http://www.coresecurity.com/advisories/qna [ more ] [ reply ] AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities 2018-07-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2108 AT&T Reference ID: 1502971499862 Vulnerability Magazine: https://www.vulnerability-db.com/? [ more ] [ reply ] Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability 2018-07-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1425 Release Date: ============= 2018-07-10 Vulnerability Laboratory ID (VL-ID): =================== [ more ] [ reply ] Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability 2018-07-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1423 Release Date: ============= 2018-07-09 Vulnerability Laboratory ID (VL-ID): =============== [ more ] [ reply ] ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability 2018-07-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=1993 Release Date: ============= 2018-06-27 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] Intel System CU - Buffer Overflow (Denial of Service) Vulnerability 2018-07-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Intel System CU - Buffer Overflow (Denial of Service) Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2133 Security ID: INTEL-SA-00134 https://nvd.nist.gov/vuln/detail/CVE-2018-3661 https://cve.mitre.org [ more ] [ reply ] Secutech DSL WR RIS 330 - Filter Bypass Vulnerability 2018-07-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Secutech DSL WR RIS 330 - Filter Bypass Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=1988 Release Date: ============= 2018-07-09 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T 2018-07-11 SEC Consult Vulnerability Lab (research sec-consult com) [slackware-security] mozilla-thunderbird (SSA:2018-191-01) 2018-07-11 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2018-191-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix bugs and security issues. Here are the details from the Slackware 14.2 ChangeLog: +-------------------- [ more ] [ reply ] APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows 2018-07-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows iTunes 12.8 for Windows is now available and addresses the following: CFNetwork Available for: Windows 7 and later Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue [ more ] [ reply ] APPLE-SA-2018-7-9-3 tvOS 11.4.1 2018-07-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-3 tvOS 11.4.1 tvOS 11.4.1 is now available and addresses the following: CFNetwork Available for: Apple TV 4K and Apple TV (4th generation) Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue wa [ more ] [ reply ] APPLE-SA-2018-7-9-6 iCloud for Windows 7.6 2018-07-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-6 iCloud for Windows 7.6 iCloud for Windows 7.6 is now available and addresses the following: CFNetwork Available for: Windows 7 and later Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue wa [ more ] [ reply ] APPLE-SA-2018-7-9-2 watchOS 4.3.2 2018-07-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-2 watchOS 4.3.2 watchOS 4.3.2 is now available and addresses the following: CFNetwork Available for: All Apple Watch models Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed wit [ more ] [ reply ] APPLE-SA-2018-7-9-5 Safari 11.1.2 2018-07-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-5 Safari 11.1.2 Safari 11.1.2 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6 Impact: Visiting a malicious website may lead to address [ more ] [ reply ] APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan are now available and address the [ more ] [ reply ] APPLE-SA-2018-7-9-1 iOS 11.4.1 2018-07-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-1 iOS 11.4.1 iOS 11.4.1 is now available and addresses the following: CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in Safari Description: A [ more ] [ reply ] [SECURITY] [DSA 4242-1] ruby-sprockets security update 2018-07-09 Salvatore Bonaccorso (carnil debian org) [slackware-security] mozilla-thunderbird (SSA:2018-186-01) 2018-07-05 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2018-186-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ p [ more ] [ reply ] APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 2018-07-05 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 Wi-Fi Update for Boot Camp 6.4.0 is now available and addresses the following: Wi-Fi Available for the following machines while running Boot Camp: MacBook (Late 2009 and later), MacBook Pro (Mid [ more ] [ reply ] SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers 2018-07-04 SEC Consult Vulnerability Lab (research sec-consult com) Also see our other two advisories regarding critical ADB vulnerabilities as they have been split up for better readability: Local root: https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via- network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/ Privilege escalation: htt [ more ] [ reply ] SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers 2018-07-04 SEC Consult Vulnerability Lab (research sec-consult com) Also see our other two advisories regarding critical ADB vulnerabilities as they have been split up for better readability: Local root: https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via- network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/ Authorization bypass: htt [ more ] [ reply ] SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers 2018-07-04 SEC Consult Vulnerability Lab (research sec-consult com) Also see our other two advisories regarding critical ADB vulnerabilities as they have been split up for better readability: Authorization bypass: https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-a ll-adb-broadband-gateways-routers/ Privilege escalation: https://www.sec-consult [ more ] [ reply ] [CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool 2018-07-04 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installers of Intel's Processor Diagnostic Tool (IPDT) before v4.1.0.27 have three vulnerabilities^Wbeginner's errors which all allow arbitrary code execution with escalation of privilege, plus a fourth which allows denial of service. Intel published advisory SA-00140 <https [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4268-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2018
[ more ] [ reply ]