BugTraq Mode:
(Page 2 of 525)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[slackware-security] curl (SSA:2018-192-02) 2018-07-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2018-192-02)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
[slackware-security] bind (SSA:2018-192-01) 2018-07-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2018-192-01)

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/b

[ more ]  [ reply ]
[CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 2018-07-11
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

QNAP Qcenter Virtual Appliance Multiple Vulnerabilities

1. *Advisory Information*

Title: QNAP Qcenter Virtual Appliance Multiple Vulnerabilities
Advisory ID: CORE-2018-0006
Advisory URL:
http://www.coresecurity.com/advisories/qna

[ more ]  [ reply ]
[SECURITY] [DSA 4243-1] cups security update 2018-07-11
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4243-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
July 11, 2018

[ more ]  [ reply ]
AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities 2018-07-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2108

AT&T Reference ID: 1502971499862

Vulnerability Magazine:
https://www.vulnerability-db.com/?

[ more ]  [ reply ]
Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1425

Release Date:
=============
2018-07-10

Vulnerability Laboratory ID (VL-ID):
===================

[ more ]  [ reply ]
Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1423

Release Date:
=============
2018-07-09

Vulnerability Laboratory ID (VL-ID):
===============

[ more ]  [ reply ]
ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1993

Release Date:
=============
2018-06-27

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Intel System CU - Buffer Overflow (Denial of Service) Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Intel System CU - Buffer Overflow (Denial of Service) Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2133

Security ID: INTEL-SA-00134

https://nvd.nist.gov/vuln/detail/CVE-2018-3661
https://cve.mitre.org

[ more ]  [ reply ]
Secutech DSL WR RIS 330 - Filter Bypass Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Secutech DSL WR RIS 330 - Filter Bypass Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1988

Release Date:
=============
2018-07-09

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T 2018-07-11
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180711-0 >
=======================================================================
title: Remote code execution via multiple attack vectors
product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1
vulnerable version: FW 01 - 0

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2018-191-01) 2018-07-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2018-191-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix bugs and security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------

[ more ]  [ reply ]
APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows

iTunes 12.8 for Windows is now available and addresses the
following:

CFNetwork
Available for: Windows 7 and later
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue

[ more ]  [ reply ]
APPLE-SA-2018-7-9-3 tvOS 11.4.1 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-3 tvOS 11.4.1

tvOS 11.4.1 is now available and addresses the following:

CFNetwork
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue wa

[ more ]  [ reply ]
APPLE-SA-2018-7-9-6 iCloud for Windows 7.6 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-6 iCloud for Windows 7.6

iCloud for Windows 7.6 is now available and addresses the following:

CFNetwork
Available for: Windows 7 and later
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue wa

[ more ]  [ reply ]
APPLE-SA-2018-7-9-2 watchOS 4.3.2 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-2 watchOS 4.3.2

watchOS 4.3.2 is now available and addresses the following:

CFNetwork
Available for: All Apple Watch models
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue was addressed wit

[ more ]  [ reply ]
APPLE-SA-2018-7-9-5 Safari 11.1.2 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-5 Safari 11.1.2

Safari 11.1.2 is now available and addresses the following:

Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.6
Impact: Visiting a malicious website may lead to address

[ more ]  [ reply ]
APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update
2018-004 Sierra, Security Update 2018-004 El Capitan

macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and
Security Update 2018-004 El Capitan are now available and address
the

[ more ]  [ reply ]
APPLE-SA-2018-7-9-1 iOS 11.4.1 2018-07-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-1 iOS 11.4.1

iOS 11.4.1 is now available and addresses the following:

CFNetwork
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in Safari
Description: A

[ more ]  [ reply ]
[SECURITY] [DSA 4242-1] ruby-sprockets security update 2018-07-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4242-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 09, 2018

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2018-186-01) 2018-07-05
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2018-186-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 4241-1] libsoup2.4 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4241-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2018

[ more ]  [ reply ]
APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 2018-07-05
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0

Wi-Fi Update for Boot Camp 6.4.0 is now available and addresses the
following:

Wi-Fi
Available for the following machines while running Boot Camp:
MacBook (Late 2009 and later), MacBook Pro (Mid

[ more ]  [ reply ]
[SECURITY] [DSA 4240-1] php7.0 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4240-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2018

[ more ]  [ reply ]
SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)
Also see our other two advisories regarding critical ADB vulnerabilities
as they have been split up for better readability:

Local root:
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-
network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/

Privilege escalation:
htt

[ more ]  [ reply ]
SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)
Also see our other two advisories regarding critical ADB vulnerabilities
as they have been split up for better readability:

Local root:
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-
network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/

Authorization bypass:
htt

[ more ]  [ reply ]
SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)
Also see our other two advisories regarding critical ADB vulnerabilities
as they have been split up for better readability:

Authorization bypass:
https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-a
ll-adb-broadband-gateways-routers/

Privilege escalation:
https://www.sec-consult

[ more ]  [ reply ]
[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool 2018-07-04
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers of Intel's Processor Diagnostic Tool
(IPDT) before v4.1.0.27 have three vulnerabilities^Wbeginner's
errors which all allow arbitrary code execution with escalation
of privilege, plus a fourth which allows denial of service.

Intel published advisory SA-00140
<https

[ more ]  [ reply ]
[SECURITY] [DSA 4239-1] gosa security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4239-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 03, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4238-1] exiv2 security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4238-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 03, 2018

[ more ]  [ reply ]
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox 1.8.0 to 1.8.14
Apache PDFBox 2.0.0 to 2.0.10
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
A carefu

[ more ]  [ reply ]
[SECURITY] [DSA 4237-1] chromium-browser security update 2018-07-01
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4237-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
June 30, 2018

[ more ]  [ reply ]
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox 1.8.0 to 1.8.14
Apache PDFBox 2.0.0 to 2.0.10
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
A carefu

[ more ]  [ reply ]
TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27
Tim Coen (tc coen gmail com)
* Vulnerability: Broken Authentication
* Affected Software: TP-Link TL-WR841N v13
* Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n
* Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
* Risk: High
* Vendor Contacted: 05/20/2018
* Vendor Fix: Issue was independent

[ more ]  [ reply ]
TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577) 2018-06-27
Tim Coen (tc coen gmail com)
* Vulnerability: Authenticated Blind Command Injection
* Affected Software: TP-Link TL-WR841N v13
* Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
* Patched Version: None
* Risk: High
* Vendor Contacted: 05/20/2018
* Vendor Fix: None
* Public Disclosure: 06/27/2018

###

[ more ]  [ reply ]
APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 2018-06-27
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0

SwiftNIO 1.8.0 is now available and addresses the following:

SwiftNIO
Available for: macOS Sierra 10.12 and later, Ubuntu 14.04 and later
Impact: A remote attacker may be able to overwrite arbitrary memory
Descri

[ more ]  [ reply ]
[SECURITY] [DSA 4236-1] xen security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4236-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 27, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4235-1] firefox-esr security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4235-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 27, 2018

[ more ]  [ reply ]
TP-Link TL-WR841N v13: CSRF (CVE-2018-12574) 2018-06-27
Tim Coen (tc coen gmail com)
* Vulnerability: Cross-Site Request Forgery
* Affected Software: TP-Link TL-WR841N v13
* Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
* Patched Version: None
* Risk: High
* Vendor Contacted: 05/20/2018
* Vendor Fix: None
* Public Disclosure: 06/27/2018

##### Overview

[ more ]  [ reply ]
PRTG < 18.2.39 Command Injection 2018-06-26
Josh Berry (josh berry codewatch org)
Bugtraq,

I (Josh Berry) discovered an authenticated command injection vulnerability
in the ?Demo? PowerShell notification script provided by versions of PRTG
Network Monitor prior to 18.2.39.  The PowerShell notifications demo script
on versions of the application prior to 18.2.39 do not properly s

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2018-176-01) 2018-06-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-176-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability 2018-06-25
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability

Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability
Advisory ID: KL-001-2018-008
Publication Date: 2018.06.25
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt

1. Vulnerability Details

[ more ]  [ reply ]
[SECURITY] [DSA 4234-1] lava-server security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4234-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 22, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4233-1] bouncycastle security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4233-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 22, 2018

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-18:07.lazyfpu Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 4232-1] xen security update 2018-06-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4232-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 20, 2018

[ more ]  [ reply ]
[slackware-security] gnupg (SSA:2018-170-01) 2018-06-19
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnupg (SSA:2018-170-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+------------------------

[ more ]  [ reply ]
XSS in Canopy login page 2018-06-19
RYT (me ryantzj com)
[Title]

XSS in Canopy login page

------------------------------------------

[Description]

CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer,

allowing attacks by low-privileged users against higher-privileged users.This

instance of stored cross-site scripting (XSS) v

[ more ]  [ reply ]
[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4231-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 17, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031800
69

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03180069

Version: 1

MFSBGN03810 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 4229-1] strongswan security update 2018-06-16
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4229-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
June 14, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4230-1] redis security update 2018-06-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4230-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 17, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031800
66

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03180066

Version: 1

MFSBGN03809 rev.1

[ more ]  [ reply ]
CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20180614-01: Security Notice for CA Privileged Access Manager

Issued: June 14th, 2018
Last Updated: June 14th, 2018

CA Technologies Support is alerting customers to multiple potential
risks with CA Privileged Access Manager. Multiple vulnerabili

[ more ]  [ reply ]
CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-06-15
Branco, Rodrigo (rodrigo branco intel com)
0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?$??¬Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0AD2_01D40404.7886AFA0"

X-MS-TNEF-Correlator: 0000000061FF3D5B41EB9E4A831DBFB26BCC1B7407001A0BDC17ADE6FC4F8E4C8C6EA98D
1323000000054673000043EA03D60070E54ABCAD1E76C5F7039E004D7A42497700

[ more ]  [ reply ]
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 2018-06-14
Michael Catanzaro (mcatanzaro igalia com)
------------------------------------------------------------------------

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005
------------------------------------------------------------------------

Date reported : June 13, 2018
Advisory ID : WSA-2018-0005

[ more ]  [ reply ]
[SECURITY] [DSA 4228-1] spip security update 2018-06-14
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4228-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 14, 2018

[ more ]  [ reply ]
APPLE-SA-2018-06-13-01 Xcode 9.4.1 2018-06-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-06-13-01 Xcode 9.4.1

Xcode 9.4.1 is now available and addresses the following:

Git
Available for: macOS High Sierra 10.13.2 or later
Impact: Multiple issues in git, the most significant of which may
lead to arbitrary code execution
Des

[ more ]  [ reply ]
Multiple Security Issues in Ecos Secure Boot Stick (SBS) 2018-06-13
Michael Rossberg (michael rossberg tu-ilmenau de)

MULTIPLE SECURITY ISSUES IN ECOS SECURE BOOT STICK (SBS)

- Software: Ecos Secure Boot Stick
- Version: Stick Version 5.6.5, System Management Version 5.2.68
- Vendor Status: Vendor informed
- Release Date: 13/06/2018

The latest version of this document may be downloaded from
https://telem

[ more ]  [ reply ]
Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 2018-06-13
yavuz atlas (yavatlas gmail com)
I. VULNERABILITY
-------------------------
Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-11689

III. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689

IV. CREDIT
-----------

[ more ]  [ reply ]
CSNC-2018-021 - Vert.x - HTTP Header Injection 2018-06-13
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Vert.x [1]
# CSNC ID: CSNC-2018-021
# Subject: HTTP Header Injection

[ more ]  [ reply ]
[SECURITY] [DSA 4227-1] plexus-archiver security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4227-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 12, 2018

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities 2018-06-12
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin
Multiple SQL injection Security Vulnerabilities

Advisory ID: DC-2018-05-002
Advisory Title: WordPress WP Google Map Plugin Multiple SQL injection
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Sof

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) 2018-06-12
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder
Lite Plugin Multiple Vulnerabilities (XSS and SQLi)

Advisory ID: DC-2018-05-009
Advisory Title: WordPress Ultimate Form Builder Lite Plugin Multiple
Vulnerabilities (XSS and SQLi)
Advisory URL: http://www.defensecode.com

[ more ]  [ reply ]
[SECURITY] [DSA 4226-1] perl security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4226-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 12, 2018

[ more ]  [ reply ]
AST-2018-008: PJSIP endpoint presence disclosure when using ACL 2018-06-11
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2018-008

Product Asterisk
Summary PJSIP endpoint presence disclosure when using ACL
Nature of Advisory Unauthorized data disclosure

[ more ]  [ reply ]
AST-2018-007: Infinite loop when reading iostreams 2018-06-11
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2018-007

Product Asterisk
Summary Infinite loop when reading iostreams
Nature of Advisory Denial of Service

[ more ]  [ reply ]
[SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release) 2018-06-08
Security Explorations (contact security-explorations com)

Hello All,

We have decided to release to the public domain our SRP-2018-01 security
research project related to the security of STMicroelectronics chipsets.

The research material (70+ pages long technical paper accompanied by two
reverse engineering tools) can be downloaded from the SRP section o

[ more ]  [ reply ]
[SECURITY] [DSA 4225-1] openjdk-7 security update 2018-06-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4225-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 10, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4224-1] gnupg security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4224-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4220-1] firefox-esr security update 2018-06-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4220-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 08, 2018

[ more ]  [ reply ]
SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect) 2018-06-08
ch sangsakul gmail com
SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect)

# Exploit Title: SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect)
# Date: 08-06-2018
# Software Link: https://symfony.com/
# Exploit Author: HaMM0nz (Chakrit S.), a member of KPMG Cyber Security team in Thailand
# CV

[ more ]  [ reply ]
[SECURITY] [DSA 4223-1] gnupg1 security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4223-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4222-1] gnupg2 security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4222-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2018

[ more ]  [ reply ]
[slackware-security] gnupg2 (SSA:2018-159-01) 2018-06-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnupg2 (SSA:2018-159-01)

New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and
- -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
[SECURITY] [DSA 4221-1] libvncserver security update 2018-06-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4221-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 08, 2018

[ more ]  [ reply ]
Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS) 2018-06-08
yavuz atlas (yavatlas gmail com)
I. VULNERABILITY
-------------------------
Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-11690

III. VENDOR
-------------------------
https://extensions.joomla.org/extension/gridbox/

IV. REFERENCES
-----------------

[ more ]  [ reply ]
[SECURITY] [DSA 4219-1] jruby security update 2018-06-08
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4219-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 08, 2018

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin
Multiple Security Vulnerabilities

Advisory ID: DC-2018-05-001
Advisory Title: WordPress Form Maker Plugin Multiple Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress Form Maker pl

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker
Plugin Multiple Security Vulnerabilities

Advisory ID: DC-2018-05-004
Advisory Title: WordPress Contact Form Maker Plugin Multiple
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: Word

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2018-157-01) 2018-06-07
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-157-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 4218-1] memcached security update 2018-06-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4218-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 06, 2018

[ more ]  [ reply ]
Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) 2018-06-05
yavuz atlas (yavatlas gmail com)
I. VULNERABILITY
-------------------------
Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting

II. CVE REFERENCE
-------------------------
CVE-2018-11688

III. VENDOR HOMEPAGE
-------------------------
https://www.igniterealtime.org/projects/openfire/

IV. DESCRIPTION
---------

[ more ]  [ reply ]
[SECURITY] [DSA 4214-1] zookeeper security update 2018-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4214-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 01, 2018

[ more ]  [ reply ]
APPLE-SA-2018-06-01-4 iOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-4 iOS 11.4

iOS 11.4 addresses the following:

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer

[ more ]  [ reply ]
[CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Quest DR Series Disk Backup Multiple Vulnerabilities

1. *Advisory Information*

Title: Quest DR Series Disk Backup Multiple Vulnerabilities
Advisory ID: CORE-2018-0002
Advisory URL:
http://www.coresecurity.com/advisories/quest-dr-

[ more ]  [ reply ]
[SECURITY] [DSA 4216-1] prosody security update 2018-06-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4216-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 02, 2018

[ more ]  [ reply ]
APPLE-SA-2018-06-01-3 iCloud for Windows 7.5 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-3 iCloud for Windows 7.5

iCloud for Windows 7.5 is now available and addresses the following:

Security
Available for: Windows 7 and later
Impact: A local user may be able to read a persistent device
identifier
Description: An aut

[ more ]  [ reply ]
APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5,
Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan

macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and
Security Update 2018-003 El Capitan are now available and address
th

[ more ]  [ reply ]
[CORE-2018-0004] - Quest KACE System Management Appliance Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Quest KACE System Management Appliance Multiple Vulnerabilities

1. *Advisory Information*

Title: Quest KACE System Management Appliance Multiple Vulnerabilities
Advisory ID: CORE-2018-0004
Advisory URL:
http://www.coresecurity.co

[ more ]  [ reply ]
[SECURITY] [DSA 4191-2] redmine regression update 2018-06-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4191-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 03, 2018

[ more ]  [ reply ]
APPLE-SA-2018-06-01-2 Safari 11.1.1 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-2 Safari 11.1.1

Safari 11.1.1 is now available and addresses the following:

Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to cause a den

[ more ]  [ reply ]
[SECURITY] [DSA 4217-1] wireshark security update 2018-06-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4217-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 03, 2018

[ more ]  [ reply ]
APPLE-SA-2018-06-01-6 tvOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-6 tvOS 11.4

tvOS 11.4 addresses the following:

Crash Reporter
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addr

[ more ]  [ reply ]
APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows

iTunes 12.7.5 for Windows addresses the following:

Security
Available for: Windows 7 and later
Impact: A local user may be able to read a persistent device
identifier
Description: An authorization issu

[ more ]  [ reply ]
[SECURITY] [DSA 4215-1] batik security update 2018-06-02
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4215-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 02, 2018

[ more ]  [ reply ]
[slackware-security] git (SSA:2018-152-01) 2018-06-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] git (SSA:2018-152-01)

New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 2018-05-30
Amine Taouirsa (taouirsa gmail com)
Vendor: Appnitro
Product webpage: https://www.machform.com/
Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/
Fix: https://www.machform.com/blog-machform-423-security-release/

Author: Amine Taouirsa
Twitter: @metalamin

Google dork examples:
----------------------
"machform" inurl:"

[ more ]  [ reply ]
APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-5 watchOS 4.3.1

watchOS 4.3.1 addresses the following:

Crash Reporter
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with

[ more ]  [ reply ]
CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Vulnerability 2018-05-30
mehta himanshu21 gmail com
Aloha,

*1. Introduction*

Vendor: NCH Software
Affected Product: AXON PBX - 2.02
Vendor Website: http://www.nch.com.au/pbx/index.html
Vulnerability Type: Reflected XSS
Remote Exploitable: Yes
CVE: CVE-2018-11552

*2. Overview*

There is a reflected

[ more ]  [ reply ]
(Page 2 of 525)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus