BugTraq Mode:
(Page 5 of 524)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 4123-1] drupal7 security update 2018-02-24
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4123-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 24, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance 2018-02-22
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030860
19

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03086019

Version: 1

MFSBGN03798 rev.1

[ more ]  [ reply ]
Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 2018-02-22
Justin Bull (me justinbull ca)
On Wed, Feb 21, 2018 at 5:17 PM, Justin Bull <me (at) justinbull (dot) ca [email concealed]> wrote:
> Solution:
> ---------
> Upgrade to Doorkeeper v4.2.6 or later
>

Apologies. This fails to account for a non-trivial scenario.

Any software using Doorkeeper that has generated its own custom
views[0] requires manual work to ver

[ more ]  [ reply ]
[SECURITY] [DSA 4122-1] squid3 security update 2018-02-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4122-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 23, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4120-1] linux security update 2018-02-22
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4120-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
February 22, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4121-1] gcc-6 security update 2018-02-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4121-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 22, 2018

[ more ]  [ reply ]
[CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities 2018-02-21
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Trend Micro Email Encryption Gateway Multiple Vulnerabilities

1. *Advisory Information*

Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities
Advisory ID: CORE-2017-0006
Advisory URL:
http://www.coresecurity.com/ad

[ more ]  [ reply ]
DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability 2018-02-21
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
PureVPN Windows Privilege Escalation Vulnerability

Advisory ID: DC-2018-02-001
Advisory Title: PureVPN Windows Privilege Escalation Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: PureVPN
Version: 5.19.4.0 and below (W

[ more ]  [ reply ]
SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors 2018-02-21
SEC Consult Vulnerability Lab (research sec-consult com)
We have published an accompanying blog post to this technical advisory with
further information:

https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby
-monitors-fail-to-be-smart/index.html

SEC Consult Vulnerability Lab Security Advisory < 20180221-0 >
===========================

[ more ]  [ reply ]
Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com) (1 replies)
Unshar scans the input files (typically email messages) looking for the

start of a shell archive. If no files are given, then standard input is

processed instead. Shipped along with Sharutils.

Bug was found with AFL.

=================================================================

==11164=

[ more ]  [ reply ]
Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com)
Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS 2018-02-21
preethiknambiar gmail com
1. Introduction

Vendor : Yab
Affected Product : Quarx through 2.4.3
Fixed in : Quarx 2.4.5 and 2.4.6
Vendor Website : https://quarxcms.com/
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-727

[ more ]  [ reply ]
Multiple Persistent XSS vulnerabilities in Radiant Content Management System 2018-02-20
suparna kachru gmail com
*1. Introduction*

Vendor : Radiant
Affected Product : Radiant CMS 1.1.4
Fixed in : NA
Vendor Website : http://radiantcms.org/
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-7261

*2. Overview*

Technical Description:

There are multiple P

[ more ]  [ reply ]
APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update 2018-02-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update

macOS High Sierra 10.13.3 Supplemental Update is now available and
addresses the following:

CoreText
Available for: macOS High Sierra 10.13.3
Impact: Processing a maliciously crafte

[ more ]  [ reply ]
APPLE-SA-2018-02-19-3 tvOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-3 tvOS 11.2.6

tvOS 11.2.6 is now available and addresses the following:

CoreText
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A

[ more ]  [ reply ]
APPLE-SA-2018-02-19-1 iOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-1 iOS 11.2.6

iOS 11.2.6 is now available and addresses the following:

CoreText
Available for: iPhone 5s and later, iPad Air and later, and
iPod touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap

[ more ]  [ reply ]
APPLE-SA-2018-02-19-4 watchOS 4.2.3 2018-02-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-4 watchOS 4.2.3

watchOS 4.2.3 is now available and addresses the following:

CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corrupti

[ more ]  [ reply ]
[SECURITY] [DSA 4119-1] libav security update 2018-02-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4119-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 19, 2018

[ more ]  [ reply ]
Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) 2018-02-18
displaymyname gmail com
# Exploit Title: Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)
# Date: 18-02-2018
# Software Link: https://www.kentico.com
# Exploit Author: Keerati T.
# CVE: CVE-2018-7205
# Category: webapps

1. Description

Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Onli

[ more ]  [ reply ]
[SECURITY] [DSA 4118-1] tomcat-native security update 2018-02-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4118-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 17, 2018

[ more ]  [ reply ]
Kentico CMS version 9 through 11 - Arbitrary Code Execution 2018-02-17
displaymyname gmail com
# Exploit Title: Kentico CMS version 9 through 11 - Arbitrary Code Execution
# Date: 17-02-2018
# Software Link: https://www.kentico.com
# Exploit Author: Keerati T.
# CVE: CVE-2018-7046
# Category: webapps

1. Description

Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Mar

[ more ]  [ reply ]
[SECURITY] [DSA 4117-1] gcc-4.9 security update 2018-02-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4117-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 17, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4116-1] plasma-workspace security update 2018-02-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4116-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 16, 2018

[ more ]  [ reply ]
Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12 2018-02-16
dkl mozilla com
Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issue has been discovered
in Bugzilla:

* A CSRF vulnerability in report.cgi would allow a third-party site
to extract confidential information from a bug the victim had

[ more ]  [ reply ]
[slackware-security] irssi (SSA:2018-046-01) 2018-02-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] irssi (SSA:2018-046-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[SECURITY] [DSA 4115-1] quagga security update 2018-02-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4115-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 15, 2018

[ more ]  [ reply ]
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload 2018-02-15
Arvind Vishwakarma (arvind12786 gmail com)
------------------------------------------------------------------
Vulnerability Type: Unrestricted File Upload
Vendor of Product: Tejari
Affected Product Code Base: Bravo Solution
Affected Component: Web Interface Management.
Attack Type: Local - Authenticated
Impact: Malicous File Upload
---------

[ more ]  [ reply ]
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF 2018-02-15
Arvind Vishwakarma (arvind12786 gmail com)
-----------------------------------------------------
Vulnerability Type: Cross Site Request Forgery (CSRF)
Vendor of Product: Tejari
Affected Product Code Base: Bravo Solution
Affected Component: Web Interface Management.
Attack Type: Local - Authenticated
Impact: Unauthorised Access
--------------

[ more ]  [ reply ]
[SECURITY] [DSA 4114-1] jackson-databind security update 2018-02-15
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4114-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 15, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4113-1] libvorbis security update 2018-02-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4113-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4112-1] xen security update 2018-02-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4112-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2018

[ more ]  [ reply ]
NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security) 2018-02-14
apparitionsec gmail com
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTIO
N-CVE-2018-6940.txt
[+] ISR: Apparition Security

[-_-] D1rty0tis

Vendor:
=============
www.nat32.com

Product:
=================
NAT32 Build (22284)

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS 2018-02-14
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

yesterdays "Security update deployment information: February 13, 2018"
<https://support.microsoft.com/en-us/help/20180213> links the following
MSKB articles for the security updates of Microsoft's Office products:
<https://support.microsoft.com/kb/4011715>
<https://support.microsoft.com/kb/

[ more ]  [ reply ]
[security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification 2018-02-13
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030911
03

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03091103

Version: 1

MFSBGN03800 rev.1

[ more ]  [ reply ]
CSNC-2017-027 Microsoft Intune - App PIN Bypass 2018-02-13
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Microsoft Intune [1]
# Vendor: Microsoft
# CSNC ID: CSNC-2017-027
# Sub

[ more ]  [ reply ]
[SECURITY] [DSA 4111-2] libreoffice security update 2018-02-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4111-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2018

[ more ]  [ reply ]
[security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass 2018-02-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03819en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03819en_us

Version: 1

HP

[ more ]  [ reply ]
CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security) 2018-02-12
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-
REMOTE-BUFFER-OVERFLOW.txt
[+] ISR: Apparition Security
[+] SSD Beyond Security Submission: https://blogs.securiteam.com/index

[ more ]  [ reply ]
[SECURITY] [DSA 4111-1] libreoffice security update 2018-02-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4111-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 11, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4109-1] ruby-omniauth security update 2018-02-10
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4109-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
February 09, 2018

[ more ]  [ reply ]
KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability

Title: NetEx HyperIP Local File Inclusion Vulnerability
Advisory ID: KL-001-2018-005
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt

1. Vulnerability Details

A

[ more ]  [ reply ]
[SECURITY] [DSA 4110-1] exim4 security update 2018-02-10
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4110-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 10, 2018

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-09
Stefan Kanthak (stefan kanthak nexgo de) (1 replies)
Hi @ll,

since about two or three years now, Microsoft offers Skype as
optional update on Windows/Microsoft Update.

JFTR: for Microsoft's euphemistic use of "update" see
<http://seclists.org/fulldisclosure/2018/Feb/17>

Once installed, Skype uses its own proprietary update mechanism
instead o

[ more ]  [ reply ]
KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability

Title: NetEx HyperIP Privilege Escalation Vulnerability
Advisory ID: KL-001-2018-004
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-004.txt

1. Vulnerability Details

A

[ more ]  [ reply ]
KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution

Title: NetEx HyperIP Post-Auth Command Execution
Advisory ID: KL-001-2018-003
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-003.txt

1. Vulnerability Details

Affected Vendor

[ more ]  [ reply ]
KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass

Title: Trend Micro IMSVA Management Portal Authentication Bypass
Advisory ID: KL-001-2018-006
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-006.txt

1. Vulnerabili

[ more ]  [ reply ]
KL-001-2018-002 : NetEx HyperIP Authentication Bypass 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-002 : NetEx HyperIP Authentication Bypass

Title: NetEx HyperIP Authentication Bypass
Advisory ID: KL-001-2018-002
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-002.txt

1. Vulnerability Details

Affected Vendor: NetEx

[ more ]  [ reply ]
[SECURITY] [DSA 4108-1] mailman security update 2018-02-09
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4108-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
February 09, 2018

[ more ]  [ reply ]
Advisory - Fisheye and Crucible - CVE-2017-16861 2018-02-09
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/iPQyO and
https://confluence.atlassian.com/x/h-QyO .

CVE ID:

* CVE-2017-16861.

Product: Fisheye and Crucible.

Affected Fisheye and Crucible product versions:

version

[ more ]  [ reply ]
[SECURITY] [DSA 4105-2] mpv security update 2018-02-09
Luciaon Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4105-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
February 08, 2018

[ more ]  [ reply ]
SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro 2018-02-08
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180208-0 >
=======================================================================
title: Multiple Cross-Site Scripting Vulnerabilities
product: Sonatype Nexus Repository Manager OSS/Pro
vulnerable version: <=2.14.5, <=3.

[ more ]  [ reply ]
[SECURITY] [DSA 4107-1] django-anymail security update 2018-02-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4107-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 07, 2018

[ more ]  [ reply ]
[security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) 2018-02-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c041977
64

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04197764

Version: 2

HPSBHF02981 rev.2

[ more ]  [ reply ]
[SECURITY] [DSA 4106-1] libtasn1-6 security update 2018-02-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4106-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 07, 2018

[ more ]  [ reply ]
SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip 2018-02-07
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180207-0 >
=======================================================================
title: Multiple buffer overflow vulnerabilities
product: InfoZip UnZip
vulnerable version: UnZip <= 6.00 / UnZip <= 6.1c22
fixed ver

[ more ]  [ reply ]
[slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) 2018-02-07
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 14.2 kernel (SSA:2018-037-01)

New kernel packages are available for Slackware 14.2 to mitigate the
speculative side channel attack known as Spectre variant 2.

Here are the details from the Slackware 14.2 ChangeLog:
+-

[ more ]  [ reply ]
[SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform 2018-02-07
Security Explorations (contact security-explorations com)

Hello All,

A couple of weeks ago, Platform NC+ [1], one of the major digital SAT
TV providers in Poland issued an official message [2] to subscribers
about the policy of content security. Among other things, the following
statements were included in it:

"Platform nc+ as a technology leader in the

[ more ]  [ reply ]
[SECURITY] [DSA 4105-1] mpv security update 2018-02-07
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4105-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
February 06, 2018

[ more ]  [ reply ]
[CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities 2018-02-05
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Kaspersky Secure Mail Gateway Multiple Vulnerabilities

1. *Advisory Information*

Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities
Advisory ID: CORE-2017-0010
Advisory URL:
http://www.coresecurity.com/advisories/kaspe

[ more ]  [ reply ]
[SECURITY] [DSA 4104-1] p7zip security update 2018-02-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4104-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 04, 2018

[ more ]  [ reply ]
[slackware-security] php (SSA:2018-034-01) 2018-02-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2018-034-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
[security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection 2018-02-01
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030836
53

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03083653

Version: 1

MFSBGN03797 rev.1

[ more ]  [ reply ]
SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range 2018-02-01
SEC Consult Vulnerability Lab (research sec-consult com)
We have published an accompanying blog post to this technical advisory with
further information:

https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-wa
y-to-a-vibrant-future-from-iot-to-iod/index.html

SEC Consult Vulnerability Lab Security Advisory < 20180201-0 >
================

[ more ]  [ reply ]
[SECURITY] [DSA 4103-1] chromium-browser security update 2018-02-01
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4103-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
January 31, 2018

[ more ]  [ reply ]
Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 2018-02-01
Atlassian (security atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/lIIyO.

CVE ID:

* CVE-2017-14592
* CVE-2017-14593
* CVE-2017-17458
* CVE-2017-17831

Product: Sourcetree

Affected Sourcetree product versions:

Sourcetree for macOS 1.0b2

[ more ]  [ reply ]
KonaKart Path Traversal Vulnerability 2018-02-01
ajcraggs gmail com
Product overview:

"KonaKart is a java based eCommerce software platform trusted by top brands throughout the world to give them a stable, high-
performance online store".

Vulnerability overview:

KonaKart eCommerce Platform prior to verion 8.8 is vulnerable to a directory traversal flaw in the adm

[ more ]  [ reply ]
Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key 2018-01-31
cfpmontreal2018 recon cx
- RECON MONTREAL 2018 -

0xE - CFP - Training Registration - Conference - Submit! - PGP key
â??â??â??â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? 
â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? 
â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? 

[ more ]  [ reply ]
SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 2018-01-31
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180131-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Sprecher Automation SPRECON-E-C, PU-2433
vulnerable version: <8.49 (most vulnerabilities, see "Vu

[ more ]  [ reply ]
[SECURITY] [DSA 4094-2] smarty3 security update 2018-01-30
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4094-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
January 30, 2018

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 49): fun with application manifests 2018-01-30
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Microsoft built several bugs^W^Wfollowing features into the
processing of (external) application manifests, i.e. XML files
named <program>.exe.manifest which can accompany any portable
executable <program>.exe

JFTR: the file extension ".exe" is only used per convention;
CreateProcess

[ more ]  [ reply ]
[SECURITY] [DSA 4098-1] curl security update 2018-01-26
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4098-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
January 26, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4101-1] wireshark security update 2018-01-28
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4101-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 28, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4099-1] ffmpeg security update 2018-01-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4099-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2018

[ more ]  [ reply ]
[security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification 2018-01-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03814en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03814en_us

Version: 1

HP

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2018-025-01) 2018-01-26
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2018-025-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-01-29
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/01/29

LibRaw Multiple Denial of Service Vulnerabilities

======================================================================
Tab

[ more ]  [ reply ]
[SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2018-01-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-026
Product: Microsoft Surface Hub Keyboard
Manufacturer: Microsoft
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient Protection against Replay At

[ more ]  [ reply ]
[security bulletin] HPESBHF03811 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities 2018-01-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03811en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03811en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4100-1] tiff security update 2018-01-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4100-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2018

[ more ]  [ reply ]
[security bulletin] HPESBHF03812 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities 2018-01-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03812en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03812en_us

Version: 1

HP

[ more ]  [ reply ]
KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability 2018-01-26
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability

Title: Sophos Web Gateway Persistent Cross Site Scripting Vulnerability
Advisory ID: KL-001-2018-001
Publication Date: 2018.01.26
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-001.txt

[ more ]  [ reply ]
[security bulletin] HPESBHF03813 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03813en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03813en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03810 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Disclosure of Information 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03810en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03810en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03815 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03815en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03815en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03808 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03808en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03808en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03809 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Authentication Restriction Bypass 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03809en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03809en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4097-1] poppler security update 2018-01-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4097-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 25, 2018

[ more ]  [ reply ]
[slackware-security] curl (SSA:2018-024-01) 2018-01-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2018-024-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/c

[ more ]  [ reply ]
[SECURITY] [DSA 4096-1] firefox-esr security update 2018-01-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4096-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 25, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4095-1] gcab security update 2018-01-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4095-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 24, 2018

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2018-0002 2018-01-24
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2018-0002
------------------------------------------------------------------------

Date reported : January 24, 2018
Advisory ID : WSA-2018-0002
Advisor

[ more ]  [ reply ]
CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability 2018-01-24
Akira Ajisaka (aajisaka apache org)
CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Hadoop 2.7.3, 2.7.4

Description:
In Apache Hadoop 2.7.3 and 2.7.4, the security fix for CVE-2016-3086 is incomplete.
The YARN NodeManager can leak the passwo

[ more ]  [ reply ]
APPLE-SA-2018-1-23-1 iOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-1 iOS 11.2.5

iOS 11.2.5 is now available and addresses the following:

Audio
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted audio file may lead to
arbi

[ more ]  [ reply ]
APPLE-SA-2018-1-23-4 tvOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-4 tvOS 11.2.5

tvOS 11.2.5 is now available and addresses the following:

Audio
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Descri

[ more ]  [ reply ]
APPLE-SA-2018-1-23-3 watchOS 4.2.2 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-3 watchOS 4.2.2

watchOS 4.2.2 is now available and addresses the following:

Audio
Available for: All Apple Watch models
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory

[ more ]  [ reply ]
APPLE-SA-2018-1-23-5 Safari 11.0.3 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-5 Safari 11.0.3

Safari 11.0.3 is now available and addresses the following:

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.3
Impact: Processing maliciously crafted web content may

[ more ]  [ reply ]
APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 2018-01-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-7 iCloud for Windows 7.3

iCloud for Windows 7.3 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Descri

[ more ]  [ reply ]
APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3,
Security Update 2018-001 Sierra,
and Security Update 2018-001 El Capitan

macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and
Security Update 2018-001 El Capitan are now available and address

[ more ]  [ reply ]
(Page 5 of 524)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus