BugTraq Mode:
(Page 1 of 525)  1 2 3 4 5 6 7 8 9 10 11  Next >
Local information disclosure in OpenSMTPD (CVE-2020-8793) 2020-02-24
Qualys Security Advisory (qsa qualys com)

Qualys Security Advisory

Local information disclosure in OpenSMTPD (CVE-2020-8793)

========================================================================
======
Contents
========================================================================
======

Summary
Analysis
Exploitation
POKE 47196, 201

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components 2020-02-24
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

since Microsoft Server 2003 R2, Microsoft dares to ship and install the
abomination known as .NET Framework with every new version of Windows.

Among other components current versions of Windows and .NET Framework
include

C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe,

[ more ]  [ reply ]
LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) 2020-02-24
Qualys Security Advisory (qsa qualys com)

Qualys Security Advisory

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

========================================================================
======
Contents
========================================================================
======

Summary
Analysis
...
Acknowledgments

=====

[ more ]  [ reply ]
[SECURITY] [DSA 4633-1] curl security update 2020-02-24
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4633-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
February 22, 2020

[ more ]  [ reply ]
Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888) 2020-02-25
Jamie R (jamie blacktraffic co uk)
I've quoted the Cisco summary below as it's pretty accurate.

tl;dr is an admin user on the web console can gain command execution
and then escalate to root. If this is an issue in your environment,
then please patch.

Thanks to Cisco PSIRT who were responsive and professional.

Shouts to Andrew, Da

[ more ]  [ reply ]
[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass 2020-02-24
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the lets-try-it-this-way Department
Qihoo360 | GDATA | Rising | Webroot | Dr Web Generic Archive Bypass
________________________________________________________________________

Release mode : Vendors do n

[ more ]  [ reply ]
[TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) 2020-02-24
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the low-hanging-fruit-department
F-SECURE Generic Malformed Container bypass (GZIP)
________________________________________________________________________

Ref : [TZO-16-2020] - F-SECURE Ge

[ more ]  [ reply ]
[slackware-security] proftpd (SSA:2020-051-01) 2020-02-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] proftpd (SSA:2020-051-01)

New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/pac

[ more ]  [ reply ]
[SECURITY] [DSA 4628-1] php7.0 security update 2020-02-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4628-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2020

[ more ]  [ reply ]
[SECURITY] [DSA 4629-1] python-django security update 2020-02-19
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4629-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 19, 2020

[ more ]  [ reply ]
[TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP) 2020-02-18
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the low-hanging-fruit-department
Bitdefender Generic Malformed Archive Bypass (GZIP)
________________________________________________________________________

Release mode : Silent Patch
Ref

[ more ]  [ reply ]
[TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN) 2020-02-17
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the low-hanging-fruit-department
Kaspersky Generic Malformed Archive Bypass (ZIP Filename Length)
________________________________________________________________________

Release mode : Coordinate

[ more ]  [ reply ]
[SECURITY] [DSA 4626-1] php7.3 security update 2020-02-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4626-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 17, 2020

[ more ]  [ reply ]
[SECURITY] [DSA 4627-1] webkit2gtk security update 2020-02-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4627-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alberto Garcia
February 17, 2020

[ more ]  [ reply ]
[SECURITY] [DSA 4621-1] openjdk-8 security update 2020-02-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4621-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020

[ more ]  [ reply ]
[SECURITY] [DSA 4620-1] firefox-esr security update 2020-02-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4620-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020

[ more ]  [ reply ]
[TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR) 2020-02-14
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the low-hanging-fruit-department
F-SECURE Generic Malformed Container bypass (RAR)
________________________________________________________________________

Ref : [TZO-15-2020] - F-SECURE

[ more ]  [ reply ]
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002 2020-02-14
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002
------------------------------------------------------------------------

Date reported : February 14, 2020
Advisory ID : WSA-2020-0

[ more ]  [ reply ]
[slackware-security] libarchive (SSA:2020-043-01) 2020-02-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libarchive (SSA:2020-043-01)

New libarchive packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/pack

[ more ]  [ reply ]
CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability 2020-02-14
Imre Rad (radimre83 gmail com)
The TrustedInstaller service running on the Windows operating system
hosts a COM service called Sxs Store Class; its ISxsStore interface
provides methods to install/uninstall assemblies via application
manifests files into the WinSxS store. These API methods were meant to
be available for users with

[ more ]  [ reply ]
[SECURITY] [DSA 4624-1] evince security update 2020-02-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4624-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 14, 2020

[ more ]  [ reply ]
[SECURITY] [DSA 4625-1] thunderbird security update 2020-02-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4625-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 15, 2020

[ more ]  [ reply ]
[TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG) 2020-02-13
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the low-hanging-fruit-department
AVIRA Generic Malformed Container bypass (ZIP GPFLAG)
________________________________________________________________________

Release mode : No Patch - Coordinated o

[ more ]  [ reply ]
[TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum) 2020-02-13
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the low-hanging-fruit-department
ESET Generic Malformed Archive Bypass (BZ2 Checksum)
________________________________________________________________________

Release mode : Coordinated D

[ more ]  [ reply ]
[EnumJavaLibs]_ Remote Java classpath enumerator 2020-02-13
RedTimmy Security (redazione segfault it) (1 replies)
Hi,
we have just released EnumJavaLibs to perform java classes enumeration against java services.

To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding calls to readObject() and finding a way for user input to reach that function. In case

[ more ]  [ reply ]
Web Application Firewall bypass via Bluecoat device 2020-02-16
RedTimmy Security (redazione segfault it)
[SECURITY] [DSA 4623-1] postgresql-11 security update 2020-02-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4623-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2020-042-01) 2020-02-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2020-042-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 4622-1] postgresql-9.6 security update 2020-02-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4622-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2020-042-02) 2020-02-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2020-042-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 4268-1] openjdk-8 security update 2018-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4268-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4269-1] postgresql-9.6 security update 2018-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4269-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4267-1] kamailio security update 2018-08-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4267-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 08, 2018

[ more ]  [ reply ]
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08
Joachim De Zutter (dezutterjoachim gmail com)
CVE ID: CVE-2018-12584

TIMELINE

Bug report with test code sent to main reSIProcate developers: 2018-06-15
Patch created by Scott Godin: 2018-06-18
CVE ID assigned: 2018-06-19
Patch committed to reSIProcate repository: 2018-06-21
Advisory first published on website: 2018-06-22

[ more ]  [ reply ]
CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20180802-01: Security Notice for CA API Developer Portal

Issued: August 2, 2018
Last Updated: August 2, 2018

CA Technologies Support is alerting customers to a potential risk
with CA API Developer Portal. A medium risk vulnerability exists that
ca

[ more ]  [ reply ]
[CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08
eL_Bart0 (eL_Bart0 protonmail ch)
man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a Parameter (e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd) the Script will read and return the local file. This is happening because of the way the Script calls the "man" comm

[ more ]  [ reply ]
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08
Michael Catanzaro (mcatanzaro igalia com)
------------------------------------------------------------------------

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006
------------------------------------------------------------------------

Date reported : August 07, 2018
Advisory ID : WSA-2018-000

[ more ]  [ reply ]
New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability 2018-08-07
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2018-0019
Severity: Important
Synopsis: Horizon 6, 7, and Horizon Client for Windows updates
address an out-of-bounds

[ more ]  [ reply ]
RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06
Andrius Duksta (duk danskebank lt)
Sorry, but the viable/practical attack vector on this one is practically non-existent. I really can't see anyone actually using this as a real-life attack. The circumstances required to succeed are such that if this attack works, it's waaay too late to blame Rufus as your system was obviously alread

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-18:08.tcp 2018-08-06
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-18:08.tcp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 4266-1] linux security update 2018-08-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4266-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 06, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4262-1] symfony security update 2018-08-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4262-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 03, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4265-1] xml-security-c security update 2018-08-05
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4265-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 05, 2018

[ more ]  [ reply ]
[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] lftp (SSA:2018-214-01)

New lftp packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4260-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 02, 2018

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installer of VMware Player 12.5.9, published in
January 2018, available from
<https://download3.vmware.com/software/player/file/VMware-player-12.5.9-
7535481.exe>,
is vulnerable.

JFTR: VMware Player 12.5.9 is the last version which runs on
32-bit Windows, and the last t

[ more ]  [ reply ]
[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] blueman (SSA:2018-213-01)

New blueman packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/blueman

[ more ]  [ reply ]
CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

on February 13, 2016, I sent a vulnerability report regarding the
then current executable installer of VMware-player 7.1.3 to its
vendor.

On September 14, 2016, VMware published
<http://blogs.vmware.com/security/2016/09/vmsa-2016-0014.html> and
<http://www.vmware.com/security/advisories/VM

[ more ]  [ reply ]
[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4259-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 31, 2018

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2018-212-02)

New seamonkey packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/seam

[ more ]  [ reply ]
[slackware-security] file (SSA:2018-212-01) 2018-07-31
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] file (SSA:2018-212-01)

New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/f

[ more ]  [ reply ]
[SECURITY] [DSA 4258-1] ffmpeg security update 2018-07-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4258-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 29, 2018

[ more ]  [ reply ]
secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 2018-07-30
Tobias Glemser (tglemser secuvera de)
secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306

Affected Products:

Microsoft Wireless Display Adapter V2:

- Microsoft Wireless Display Adapter V2 Softwareversion 2.0.8350 to 2.0.8372 have been tested an

[ more ]  [ reply ]
[SECURITY] [DSA 4257-1] fuse security update 2018-07-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4257-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 28, 2018

[ more ]  [ reply ]
[slackware-security] Slackware 14.2 kernel (SSA:2018-208-01) 2018-07-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 14.2 kernel (SSA:2018-208-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.

[ more ]  [ reply ]
[SECURITY] [DSA 4256-1] chromium-browser security update 2018-07-27
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4256-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
July 26, 2018

[ more ]  [ reply ]
[CORE-2018-0009] - SoftNAS Cloud OS Command Injection 2018-07-26
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

SoftNAS Cloud OS Command Injection

1. *Advisory Information*

Title: SoftNAS Cloud OS Command Injection
Advisory ID: CORE-2018-0009
Advisory URL:
http://www.coresecurity.com/advisories/softnas-cloudnas-OS-command-injec
tion
Date pu

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials
Plugin Multiple XSS Security Vulnerabilities

Advisory ID: DC-2018-05-007
Advisory Title: WordPress Strong Testimonials Plugin Multiple XSS
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software:

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook
Plugin XSS Security Vulnerability

Advisory ID: DC-2018-05-008
Advisory Title: WordPress Gwolle Guestbook Plugin XSS Security
Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress Gwol

[ more ]  [ reply ]
[SECURITY] [DSA 4255-1] ant security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4255-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2018

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin
Multiple XSS Security Vulnerabilities

Advisory ID: DC-2018-05-006
Advisory Title: WordPress Snazzy Maps Plugin Multiple XSS
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress S

[ more ]  [ reply ]
[SECURITY] [DSA 4254-1] slurm-llnl security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4254-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2018

[ more ]  [ reply ]
FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-07-24
Branco, Rodrigo (rodrigo branco intel com)
CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018

[ - Introduction - ]

It is a pleasure to invite you to submit abstracts to iSecCon 2018, the annual Security Conference at Intel.

This prestigious conference aims to bring together esteemed speakers from the industry, government and acad

[ more ]  [ reply ]
[SECURITY] [DSA 4253-1] network-manager-vpnc security update 2018-07-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4253-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 23, 2018

[ more ]  [ reply ]
APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-23-3 Additional information for
APPLE-SA-2018-06-01-4 iOS 11.4

iOS 11.4 addresses the following:

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be a

[ more ]  [ reply ]
APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-23-4 Additional information for
APPLE-SA-2018-06-01-6 tvOS 11.4

tvOS 11.4 addresses the following:

Bluetooth
Available for: Apple TV 4K
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
D

[ more ]  [ reply ]
APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-07-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-23-5 Additional information for
APPLE-SA-2018-06-01-5 watchOS 4.3.1

watchOS 4.3.1 addresses the following:

Bluetooth
Not impacted: Apple Watch Series 3
Impact: An attacker in a privileged network position may be able to
intercept Blu

[ more ]  [ reply ]
APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-07-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-23-2 Additional information for
APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update
2018-003 Sierra, Security Update 2018-003 El Capitan

macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and
Security Update 2018

[ more ]  [ reply ]
APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4
macOS High Sierra 10.13.6, Security Update 2018-004 Sierra,
Security Update 2018-004 El Capitan

macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and
Security Update 2018-0

[ more ]  [ reply ]
Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235 2018-07-23
Anton Black (ablack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This email refers to the advisory found at
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-adviso
ry-2018-07-18-953674465.html
.

CVE ID:

* CVE-2018-11235.
* CVE-2018-13385.
* CVE-2018-13386.

Product: Sourcetree.

Affected Sourcet

[ more ]  [ reply ]
[slackware-security] php (SSA:2018-201-01) 2018-07-20
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2018-201-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/07/20

Oracle Outside In Technology Multiple Vulnerabilities

======================================================================
Table of Contents

Affected Software.............

[ more ]  [ reply ]
Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/07/20

Oracle Outside In Technology Multiple Vulnerabilities

======================================================================
Table of Contents

Affected Software.............

[ more ]  [ reply ]
Secunia Research: LibRaw "parse_minolta()" Infinite Loop Denial of Service Vulnerability 2018-07-19
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/07/17

LibRaw "parse_minolta()" Infinite Loop
Denial of Service Vulnerability

=====================================================================

[ more ]  [ reply ]
Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-07-19
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/07/17
LibRaw Multiple Denial of Service Vulnerabilities

======================================================================
Table of Contents

Affected Software............

[ more ]  [ reply ]
Adobe Systems - Arbitrary Code Injection Vulnerability 2018-07-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:

===============

Adobe Systems - Arbitrary Code Injection Vulnerability

References (Source):

====================

https://www.vulnerability-lab.com/get_content.php?id=2120

PSIRT ID: 7873

Vulnerability Magazine:

https://www.vulnerability-db.com/?q=articles/2018/07/19/ha

[ more ]  [ reply ]
[slackware-security] httpd (SSA:2018-199-01) 2018-07-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] httpd (SSA:2018-199-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[SECURITY] [DSA 4252-1] znc security update 2018-07-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4252-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 18, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4251-1] vlc security update 2018-07-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4251-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 18, 2018

[ more ]  [ reply ]
GhostMail - (Status Message) Persistent Web Vulnerability 2018-07-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
GhostMail - (Status Message) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1470

Release Date:
=============
2018-06-27

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
Binance v1.5.0 - Insecure File Permission Vulnerability 2018-07-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Binance v1.5.0 - Insecure File Permission Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2135

Release Date:
=============
2018-07-17

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
GhostMail - (filename to link) POST Inject Web Vulnerability 2018-07-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
GhostMail - (filename to link) POST Inject Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1471

Release Date:
=============
2018-06-26

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability 2018-07-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=662

Release Date:
=============
2018-07-18

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability 2018-07-18
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Microsoft released <https://support.microsoft.com/en-us/help/4336919>
"Description of the security update for the remote code execution
vulnerability in Visual Studio 2010 Service Pack 1: July 10, 2018"
some days ago.

The executable installer VS10SP1-KB4336919-x86.exe offered for
download

[ more ]  [ reply ]
[SECURITY] [DSA 4250-1] wordpress security update 2018-07-18
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4250-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
July 18, 2018

[ more ]  [ reply ]
[slackware-security] mutt (SSA:2018-198-01) 2018-07-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mutt (SSA:2018-198-01)

New mutt packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/m

[ more ]  [ reply ]
[SECURITY] [DSA 4248-1] blender security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4248-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 17, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4249-1] ffmpeg security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4249-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 17, 2018

[ more ]  [ reply ]
[CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper 2018-07-17
Justin Bull (me justinbull ca)
Good morning everyone,

A security bulletin for all of you.

Software:
--------
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
----------
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
---------------
4.2.0 - 4.3.2
5.0.0.rc1

Fixed Versions:

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities 2018-07-17
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Microsoft released <https://support.microsoft.com/en-us/help/4340040/>
"July 2018 servicing release for Microsoft Desktop Optimization Pack"
some days ago.

<https://www.microsoft.com/en-us/download/details.aspx?id=57157> offers
three executable installers to update existing installations:

[ more ]  [ reply ]
[SECURITY] [DSA 4247-1] ruby-rack-protection security update 2018-07-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4247-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 16, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4246-1] mailman security update 2018-07-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4246-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 15, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4245-1] imagemagick security update 2018-07-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4245-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 14, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4244-1] thunderbird security update 2018-07-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4244-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 13, 2018

[ more ]  [ reply ]
Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability 2018-07-13
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2132

Security ID: huawei-sa-20180309-01-ensp

https://nvd.nist.gov/vuln/detail/CVE-2017-17321
https://cve.mitre.org/c

[ more ]  [ reply ]
Secunia Research: Clam AntiVirus "parsehwp3_paragraph()" Denial of Service Vulnerability 2018-07-12
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/07/12

Clam AntiVirus "parsehwp3_paragraph()"
Denial of Service Vulnerability

==============================

[ more ]  [ reply ]
SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS 2018-07-12
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180712-0 >
=======================================================================
title: Remote Code Execution & Local File Disclosure
product: Zeta Producer Desktop CMS
vulnerable version: <=14.2.0
fixed version:

[ more ]  [ reply ]
[security bulletin] MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities 2018-07-12
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM032010
85

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03201085

Version: 1

MFSBGN03811 rev.1

[ more ]  [ reply ]
Barracuda ADC v5.x - Multiple Persistent Vulnerabilities 2018-07-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda ADC v5.x - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1424

Release Date:
=============
2018-07-12

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability 2018-07-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Lenovo SU v5.07 - Buffer Overflow & Code Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2131

Lenovo Security ID: LEN-19625

https://nvd.nist.gov/vuln/detail/CVE-2018-9063
https://cve.mitre.org/

[ more ]  [ reply ]
(Page 1 of 525)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus