BugTraq Mode:
(Page 6 of 525)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 4094-2] smarty3 security update 2018-01-30
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4094-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
January 30, 2018

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 49): fun with application manifests 2018-01-30
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Microsoft built several bugs^W^Wfollowing features into the
processing of (external) application manifests, i.e. XML files
named <program>.exe.manifest which can accompany any portable
executable <program>.exe

JFTR: the file extension ".exe" is only used per convention;
CreateProcess

[ more ]  [ reply ]
[SECURITY] [DSA 4098-1] curl security update 2018-01-26
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4098-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
January 26, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4101-1] wireshark security update 2018-01-28
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4101-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 28, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4099-1] ffmpeg security update 2018-01-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4099-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2018

[ more ]  [ reply ]
[security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification 2018-01-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03814en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03814en_us

Version: 1

HP

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2018-025-01) 2018-01-26
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2018-025-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-01-29
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/01/29

LibRaw Multiple Denial of Service Vulnerabilities

======================================================================
Tab

[ more ]  [ reply ]
[SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2018-01-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-026
Product: Microsoft Surface Hub Keyboard
Manufacturer: Microsoft
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient Protection against Replay At

[ more ]  [ reply ]
[security bulletin] HPESBHF03811 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities 2018-01-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03811en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03811en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4100-1] tiff security update 2018-01-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4100-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2018

[ more ]  [ reply ]
[security bulletin] HPESBHF03812 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities 2018-01-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03812en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03812en_us

Version: 1

HP

[ more ]  [ reply ]
KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability 2018-01-26
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability

Title: Sophos Web Gateway Persistent Cross Site Scripting Vulnerability
Advisory ID: KL-001-2018-001
Publication Date: 2018.01.26
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-001.txt

[ more ]  [ reply ]
[security bulletin] HPESBHF03813 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03813en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03813en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03810 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Disclosure of Information 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03810en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03810en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03815 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03815en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03815en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03808 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03808en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03808en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03809 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Authentication Restriction Bypass 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03809en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03809en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4097-1] poppler security update 2018-01-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4097-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 25, 2018

[ more ]  [ reply ]
[slackware-security] curl (SSA:2018-024-01) 2018-01-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2018-024-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/c

[ more ]  [ reply ]
[SECURITY] [DSA 4096-1] firefox-esr security update 2018-01-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4096-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 25, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4095-1] gcab security update 2018-01-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4095-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 24, 2018

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2018-0002 2018-01-24
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2018-0002
------------------------------------------------------------------------

Date reported : January 24, 2018
Advisory ID : WSA-2018-0002
Advisor

[ more ]  [ reply ]
CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability 2018-01-24
Akira Ajisaka (aajisaka apache org)
CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Hadoop 2.7.3, 2.7.4

Description:
In Apache Hadoop 2.7.3 and 2.7.4, the security fix for CVE-2016-3086 is incomplete.
The YARN NodeManager can leak the passwo

[ more ]  [ reply ]
APPLE-SA-2018-1-23-1 iOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-1 iOS 11.2.5

iOS 11.2.5 is now available and addresses the following:

Audio
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted audio file may lead to
arbi

[ more ]  [ reply ]
APPLE-SA-2018-1-23-4 tvOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-4 tvOS 11.2.5

tvOS 11.2.5 is now available and addresses the following:

Audio
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Descri

[ more ]  [ reply ]
APPLE-SA-2018-1-23-3 watchOS 4.2.2 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-3 watchOS 4.2.2

watchOS 4.2.2 is now available and addresses the following:

Audio
Available for: All Apple Watch models
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory

[ more ]  [ reply ]
APPLE-SA-2018-1-23-5 Safari 11.0.3 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-5 Safari 11.0.3

Safari 11.0.3 is now available and addresses the following:

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.3
Impact: Processing maliciously crafted web content may

[ more ]  [ reply ]
APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 2018-01-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-7 iCloud for Windows 7.3

iCloud for Windows 7.3 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Descri

[ more ]  [ reply ]
APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3,
Security Update 2018-001 Sierra,
and Security Update 2018-001 El Capitan

macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and
Security Update 2018-001 El Capitan are now available and address

[ more ]  [ reply ]
APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows 2018-01-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows

iTunes 12.7.3 for Windows is now available and addresses the
following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities 2018-01-23
DefenseCode (defensecode defensecode com)

           DefenseCode ThunderScan SAST Advisory
SugarCRM Community Edition Multiple SQL Injection Vulnerabilities

Advisory ID:    DC-2018-01-011
Advisory Title: SugarCRM Community Edition Multiple SQL Injection
Vulnerabilities
Advisory URL:   http://www.defensecode.com/advisories.php
Software:  

[ more ]  [ reply ]
SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications 2018-01-23
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180123-0 >
=======================================================================
title: XXE & Reflected XSS
product: Oracle Financial Services Analytical Applications
vulnerable version: 7.3.5.x, 8.0.x
fixed versi

[ more ]  [ reply ]
[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-22
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us

Version: 7

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4094-1] smarty3 security update 2018-01-22
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4094-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
January 22, 2018

[ more ]  [ reply ]
CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities 2018-01-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1833

Release Date:
=============
2018-01-22

Vulnerability Laboratory ID (VL-ID):
=====================

[ more ]  [ reply ]
Photo Vault v1.2 iOS - Insecure Authentication Vulnerability 2018-01-19
Vulnerability Lab (admin vulnerability-lab com)
Document Title:
===============
Photo Vault v1.2 iOS - Insecure Authentication Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2110

Release Date:
=============
2018-01-16

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1922

Shopware Security Tracking ID: SW-19834

Security Update:
http://community.shopware.com/Dow

[ more ]  [ reply ]
[SECURITY] [DSA 4093-1] openocd security update 2018-01-22
luciano debian org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4093-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
January 21, 2018

[ more ]  [ reply ]
CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1836

Release Date:
=============
2018-01-19

Vulnerability Laboratory ID (VL-ID):
==================

[ more ]  [ reply ]
Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security) 2018-01-21
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-JDEVELOPER-DIRECTORY-T
RAVERSAL.txt
[+] ISR: apparition security

Vendor:
=============
www.oracle.com

Product:
===========
JDeveloper IDE

Orac

[ more ]  [ reply ]
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability 2018-01-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2056

MSRC ID: 0001010174

Release Date:
=============
2018-01-20

Vulnerability Laboratory ID (V

[ more ]  [ reply ]
CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1835

Release Date:
=============
2018-01-17

Vulnerability Laboratory ID (VL-ID):
======

[ more ]  [ reply ]
CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability 2018-01-19
Jason Lowe (jlowe apache org)
CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability

Severity: Severe

Vendor: The Apache Software Foundation

Versions Affected:
Hadoop 0.23.0 to 0.23.11
Hadoop 2.0.0-alpha to 2.8.2
Hadoop 3.0.0-alpha to 3.0.0-beta1

Users affected: Users running the MapReduce job history

[ more ]  [ reply ]
[SECURITY] [DSA 4092-1] awstats security update 2018-01-19
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4092-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 19, 2018

[ more ]  [ reply ]
[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation 2018-01-17
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu
03806en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbmu03806en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-17
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us

Version: 5

HP

[ more ]  [ reply ]
[slackware-security] bind (SSA:2018-017-01) 2018-01-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2018-017-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities 2018-01-17
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c039186
32

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03918632

Version: 3

HPSBGN02925 rev.3

[ more ]  [ reply ]
[SECURITY] [DSA 4090-1] wordpress security update 2018-01-17
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4090-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 17, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4089-1] bind9 security update 2018-01-16
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4089-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 16, 2018

[ more ]  [ reply ]
ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869 2018-01-16
tim kretschmann pallas com
1. ADVISORY SUMMARY

LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php

Risk: Medium

Application: LiveZilla
Versions Affected: 7.0.6.0
Vendor: LiveZilla GmbH
Vendor URL: https://www.livezilla.net/

Sent to vendor: 04.12.2017
Vendor response: Acknowledge 04.12.2017
Published

[ more ]  [ reply ]
[SECURITY] [DSA 4088-1] gdk-pixbuf security update 2018-01-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4088-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 15, 2018

[ more ]  [ reply ]
MagicSpam 2.0.13 - Insecure File Permission Vulnerability 2018-01-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
MagicSpam 2.0.13 - Insecure File Permission Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2113

Release Date:
=============
2018-01-12

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Zenario v7.6 CMS - SQL Injection Web Vulnerability 2018-01-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Zenario v7.6 CMS - SQL Injection Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2043

Release Date:
=============
2018-01-16

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2 2018-01-15
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Truncation of SAML Attributes in Shibboleth 2

RedTeam Pentesting discovered that the shibd service of Shibboleth 2
does not extract SAML attribute values in a robust manner. By inserting
XML entities into a SAML response, attackers may truncate attribute
values without breaking the docume

[ more ]  [ reply ]
Broken TLS certificate pinning in VTech DigiGo Kid Connect app 2018-01-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Broken TLS certificate pinning in VTech DigiGo Kid Connect app
------------------------------------------------------------------------

Sipke Mellema, September 2017

------------------------------------------------------------

[ more ]  [ reply ]
Authentication bypass in Kaseya VSA 2018-01-13
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Authentication bypass in Kaseya VSA
------------------------------------------------------------------------

Kin Hung Cheng, Robert Hartshorn, May 2017

------------------------------------------------------------------------

A

[ more ]  [ reply ]
Arbitrary file read in Kaseya VSA 2018-01-13
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Arbitrary file read in Kaseya VSA
------------------------------------------------------------------------

Kin Hung Cheng, Robert Hartshorn, May 2017

------------------------------------------------------------------------

Abs

[ more ]  [ reply ]
[SECURITY] [DSA 4087-1] transmission security update 2018-01-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4087-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 14, 2018

[ more ]  [ reply ]
Multiple vulnerabilities in VTech DigiGo allow browser overlay attack 2018-01-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Multiple vulnerabilities in VTech DigiGo allow browser overlay attack
------------------------------------------------------------------------

Sipke Mellema, September 2017

-----------------------------------------------------

[ more ]  [ reply ]
Broken TLS certificate validation in VTech DigiGo browser 2018-01-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Broken TLS certificate validation in VTech DigiGo browser
------------------------------------------------------------------------

Sipke Mellema, September 2017

-----------------------------------------------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 4086-1] libxml2 security update 2018-01-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4086-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2018

[ more ]  [ reply ]
Seagate Media Server allows deleting of arbitrary files and folders 2018-01-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Seagate Media Server allows deleting of arbitrary files and folders
------------------------------------------------------------------------

Yorick Koster, September 2017

-------------------------------------------------------

[ more ]  [ reply ]
Adminer <= v4.3.1 Server Side Request Forgery 2018-01-14
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVE
R-SIDE-REQUEST-FORGERY.txt
[+] ISR: apparition security

Vendor:
==============
www.adminer.org

Product:
===============

[ more ]  [ reply ]
Code execution in Kaseya VSA 2018-01-13
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Code execution in Kaseya VSA
------------------------------------------------------------------------

Kin Hung Cheng, Robert Hartshorn, May 2017

------------------------------------------------------------------------

Abstract

[ more ]  [ reply ]
[security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege 2018-01-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03800en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03800en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4085-1] xmltooling security update 2018-01-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4085-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 12, 2018

[ more ]  [ reply ]
[security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass 2018-01-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns
03804en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbns03804en_us

Version: 1

HP

[ more ]  [ reply ]
Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2111

Release Date:
=============
2018-01-07

Vulnerability Laboratory ID (VL-ID):
===========

[ more ]  [ reply ]
[SECURITY] [DSA 4084-1] gifsicle security update 2018-01-12
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4084-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 12, 2018

[ more ]  [ reply ]
MagicSpam 2.0.13 - Insecure File Permission Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
MagicSpam 2.0.13 - Insecure File Permission Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2113

Release Date:
=============
2018-01-12

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Magento Commerce - SSRF & XSPA Web Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Magento Commerce - SSRF & XSPA Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1631

Release Date:
=============
2018-01-03

Vulnerability Laboratory ID (VL-ID):
====================================
1

[ more ]  [ reply ]
SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1819

Release Notes: http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/kn
own-issues?Parent

[ more ]  [ reply ]
Magento Connect T1 - (Claim) Persistent Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Magento Connect T1 - (Claim) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1469

Release Date:
=============
2018-01-08

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability 2018-01-12
Vulnerability Lab (submit vulnerability-lab com)
Document Title:
===============
Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1943

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5282

CVE-ID:
=======
CVE-2018-5282

Release Date:

[ more ]  [ reply ]
Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2005

Release Date:
=============
2018-01-12

Vulnerability Laboratory ID (VL-ID):
======================

[ more ]  [ reply ]
Flash Operator Panel v2.31.03 - Command Execution Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Flash Operator Panel v2.31.03 - Command Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1907

Release Date:
=============
2018-01-08

Vulnerability Laboratory ID (VL-ID):
=======================

[ more ]  [ reply ]
CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting 2018-01-11
Advisories (advisories compass-security com)
########################################################################
############################
#
# COMPASS SECURITY ADVISORY https://www.compass-security.com
########################################################################
############################
#
# CVE ID : CVE-2017-8802
# Produc

[ more ]  [ reply ]
[SECURITY] [DSA 4083-1] poco security update 2018-01-11
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4083-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 11, 2018

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2018-0001 2018-01-10
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2018-0001
------------------------------------------------------------------------

Date reported : January 10, 2018
Advisory ID : WSA-2018-0001
Advisor

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability 2018-01-10
DefenseCode (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider
         Plugin SQL injection Security Vulnerability

Advisory ID:    DC-2018-01-005
Advisory Title: WordPress Testimonial Slider Plugin SQL injection
 Security Vulnerability
Advisory URL:   http://www.defensecode.com

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability 2018-01-10
DefenseCode (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin
             SQL injection Security Vulnerability

Advisory ID:    DC-2018-01-004
Advisory Title: WordPress Smooth Slider Plugin SQL injection
 Security Vulnerability
Advisory URL:   http://www.defensecode.com/a

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities 2018-01-10
DefenseCode (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite
        Multiple SQL injection Security Vulnerabilities

Advisory ID:    DC-2017-01-003
Advisory Title: WordPress Dbox 3D Slider Lite Plugin Multiple
 SQL injection Security Vulnerabilities
Advisory URL:   http://www.

[ more ]  [ reply ]
Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637) 2018-01-10
chunibalon gmail com
Introduction:
================
The WVR-, WAR- and ER- products are the SOHO/WIFI routers of TP-Link.
These issues allow remote authenticated administrators to execute arbitrary commands via command injection through different variables of different lua files.
If the attacker obtains the account and

[ more ]  [ reply ]
[security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-09
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us

Version: 4

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4082-1] linux security update 2018-01-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4082-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 09, 2018

[ more ]  [ reply ]
CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used 2018-01-09
Imre Rad (radimre83 gmail com)
Jackson-databind is a popular library in Java for JSON
marshalling/unmarshalling.

It has a feature called default-typing: when the target class has some
polymorph fields inside (such as interfaces, abstract classes or the
Object base class), the library can include type info into the JSON
structure

[ more ]  [ reply ]
[SECURITY] [DSA 4080-1] php7.0 security update 2018-01-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4080-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 08, 2018

[ more ]  [ reply ]
[slackware-security] irssi (SSA:2018-008-01) 2018-01-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] irssi (SSA:2018-008-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[SECURITY] [DSA 4081-1] php5 security update 2018-01-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4081-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 08, 2018

[ more ]  [ reply ]
Response to Meltdown and Spectre 2018-01-08
Gordon Tetlow (gordon tetlows org)
By now, we're sure most everyone have heard of the Meltdown and Spectre
attacks. If not, head over to https://meltdownattack.com/ and get an
overview. Additional technical details are available from Google
Project Zero.
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory
-with-si

[ more ]  [ reply ]
APPLE-SA-2018-1-8-3 Safari 11.0.2 2018-01-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-8-3 Safari 11.0.2

Safari 11.0.2 is now available and and addresses the following:

Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6
Description: Safari 11.0.2 includes security improvements to mitigate
the effects of Sp

[ more ]  [ reply ]
APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update 2018-01-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update

macOS High Sierra 10.13.2 Supplemental Update is now available
and addresses the following:

Available for: macOS High Sierra 10.13.2
Description: macOS High Sierra 10.13.2 Supplementa

[ more ]  [ reply ]
APPLE-SA-2018-1-8-1 iOS 11.2.2 2018-01-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-8-1 iOS 11.2.2

iOS 11.2.2 is now available and and addresses the following:

Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Description: iOS 11.2.2 includes security improvements to Safari and
We

[ more ]  [ reply ]
WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities 2018-01-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1940

Release Date:
=============
2018-01-06

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
Wickr Inc - App Clock & Message Deletion Glitch - Bug Bounty 2018-01-06
Vulnerability Lab (research vulnerability-lab com)
Wickr Inc - App Clock & Message Deletion Glitch P2  - Bug Bounty
(Document) [PDF]

URL: https://www.vulnerability-lab.com/get_content.php?id=2107

Vulnerability Magazine:
https://www.vulnerability-db.com/?q=articles/2018/01/04/wickr-inc-app-cl
ock-message-deletion-glitch

--
VULNERABILITY LABORATOR

[ more ]  [ reply ]
SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities 2018-01-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1725

Release Date:
=============
2018-01-06

Vulnerability Laboratory ID (VL-ID):
=====================

[ more ]  [ reply ]
(Page 6 of 525)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus