BugTraq Mode:
(Page 8 of 524)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
[slackware-security] xorg-server (SSA:2017-279-03) 2017-10-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] xorg-server (SSA:2017-279-03)

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1 2017-10-05
DefenseCode (defensecode defensecode com)

            DefenseCode Security Advisory
   Magento Commerce CSRF, Stored Cross Site Scripting

Advisory ID: DC-2017-09-001
Advisory Title: Magento CSRF, Stored Cross Site Scripting
Advisory URL:
http://www.defensecode.com/advisories/DC-2017-09-001_Magento_CSRF_Stored
_Cross_Site_Scri

[ more ]  [ reply ]
[security bulletin] HPESBHF03776 rev.1 - HPE Intelligent Management Center (iMC) Service Operation Management (SOM), Remote Arbitrary File Download 2017-10-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03776en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03776en_us

Version: 1

HP

[ more ]  [ reply ]
HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities 2017-10-02
HPE Product Security Response Team (security-alert hpe com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu
03753en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbmu03753en_us

Version: 1

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFF
ICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERV
ER-SIDE-REQUEST-FORGERY.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Product:
===========

[ more ]  [ reply ]
[SECURITY] [DSA 3988-1] libidn2-0 security update 2017-09-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3988-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 30, 2017

[ more ]  [ reply ]
Mac OS X Local Javascript Quarantine Bypass 2017-09-30
filippo cavallarin wearesegment com
Advisory ID: SGMA17-002
Title: Mac OS X Local Javascript Quarantine Bypass
Product: Mac OS X
Version: 10.12, 10.11, 10.10 and probably prior
Vendor: apple.com
Type: DOM Based XSS
Risk level: 3 / 5
Credit

[ more ]  [ reply ]
[SECURITY] [DSA 3987-1] firefox-esr security update 2017-09-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3987-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 29, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3986-1] ghostscript security update 2017-09-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3986-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 29, 2017

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084 (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFF
ICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Pr

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086 (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFF
ICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt
[+] ISR: ApparitionSec

Vendor:
==================

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFF
ICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Change Prevention Image File Execution Bypass (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-IMAG
E-FILE-EXECUTION-BYPASS.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Product:
========
Off

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Memory Corruption CVE-2017-14089 (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14089-TRENDMICRO-OFF
ICESCAN-XG-PRE-AUTH-REMOTE-MEMORY-CORRUPTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

P

[ more ]  [ reply ]
Mac OS X Local Javascript Quarantine Bypass 2017-09-29
Filippo Cavallarin (filippo cavallarin wearesegment com)
Advisory ID: SGMA17-002
Title: Mac OS X Local Javascript Quarantine Bypass
Product: Mac OS X
Version: 10.12, 10.11, 10.10 and probably prior
Vendor: apple.com
Type: DOM Based XSS
Risk level: 3 / 5
Credit

[ more ]  [ reply ]
CVE-2017-14087 Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection (apparitionsec / hyp3rlinx) 2017-09-28
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFF
ICESCAN-XG-HOST-HEADER-INJECTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Product:
===

[ more ]  [ reply ]
[security bulletin] HPESBGN03773 rev.2 - HPE Application Performance Management (BSM), Remote Code Execution 2017-09-28
swpmb cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/km/KM02960811

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM02960811

Version: 2

HPESBGN03773 rev.2 - HPE Application Performan

[ more ]  [ reply ]
CVE-2017-14084 Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution (apparitionsec / hyp3rlinx) 2017-09-28
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFF
ICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Pr

[ more ]  [ reply ]
[CVE-2017-9538] Persistent Application Denial of Service 2017-09-29
andys3c gmail com
-------------------------------------------------------------
Vulnerability type: Persistent Application Denial of Service
-------------------------------------------------------------
Credit: Andy Tan
CVE ID: CVE-2017-9538
-----------------------------------------------
Product: SolarWinds Network

[ more ]  [ reply ]
[CVE-2017-9537] Persistent Cross-Site Scripting Vulnerabilities 2017-09-29
andys3c gmail com
-------------------------------------------------------------
Vulnerability type: Persistent Cross-Site Scripting
-------------------------------------------------------------
Credit: Andy Tan
CVE ID: CVE-2017-9537
-----------------------------------------------
Product: SolarWinds Network Performan

[ more ]  [ reply ]
Faleemi FSC-880 Multiple Security Vulnerabilities 2017-09-27
oleg iotsploit co
https://medium.com/iotsploit/faleemi-fsc-880-multiple-security-vulnerabi
lities-ed1d132c2cce

This camera has multiple security vulnerabilities, which can be exploited both locally and remotely. In particular, hardwired manufacturer DDNS and port-mapping to camera via upnp compatible router. Allowing

[ more ]  [ reply ]
Bitdefender Total Security 2017 Unquoted Service Path Vulnerability 2017-09-27
wsachin092 gmail com
Vulnerability Title: Bitdefender Total Security 2017 Unquoted Service Path Vulnerability
Affected Product: Bitdefender Total Security 2017
Homepage: https://www.bitdefender.com/
Status: Fixed
Severity: Medium
Description:
Bitdefender Total Security suffers from an unquoted service path vulnerability

[ more ]  [ reply ]
[SECURITY] [DSA 3984-1] git security update 2017-09-26
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3984-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
September 26, 2017

[ more ]  [ reply ]
Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) 2017-09-26
Qualys Security Advisory (qsa qualys com)

Qualys Security Advisory

Linux PIE/stack corruption (CVE-2017-1000253)

========================================================================

Contents
========================================================================

Summary
Analysis
Exploitation
Acknowledgments

=====================

[ more ]  [ reply ]
[security bulletin] HPESBGN03773 rev.1 - HPE Application Performance Management (BSM), Remote Code Execution 2017-09-25
swpmb cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/km/KM02960811

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM02960811

Version: 1

HPESBGN03773 rev.1 - HPE Application Performan

[ more ]  [ reply ]
Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities (apparitionsec / hyp3rlinx) 2017-09-25
apparitionsec gmail com
[+] SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391
[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MAKO-WEB-SERVER-MULTIPLE-UNAU
THENTICATED-VULNERABILIITIES-SECURITEAM.txt
[+] ISR: Appari

[ more ]  [ reply ]
Kaltura - Remote Code Execution and Cross-Site Scripting 2017-09-24
robin verton telekom de
Telekom Security
security.telekom.com

Advisory: Kaltura - Remote Code Execution and Cross-Site Scripting
Release Date: 2017/09/12
Author: Robin Verton (robin.verton (at) telekom (dot) de [email concealed])
CVE: CVE-2017-14141, CVE-2017-14142, CVE-2017-141

[ more ]  [ reply ]
[slackware-security] libxml2 (SSA:2017-266-01) 2017-09-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libxml2 (SSA:2017-266-01)

New libxml2 packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/pack

[ more ]  [ reply ]
[SECURITY] [DSA 3983-1] samba security update 2017-09-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3983-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 22, 2017

[ more ]  [ reply ]
APPLE-SA-2017-09-19-1 iOS 11 2017-09-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-09-19-1 iOS 11

iOS 11 is now available and addresses the following:

Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be

[ more ]  [ reply ]
[slackware-security] httpd (SSA:2017-261-01) 2017-09-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] httpd (SSA:2017-261-01)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+------------------------

[ more ]  [ reply ]
[slackware-security] libgcrypt (SSA:2017-261-02) 2017-09-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libgcrypt (SSA:2017-261-02)

New libgcrypt packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/lib

[ more ]  [ reply ]
[slackware-security] ruby (SSA:2017-261-03) 2017-09-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ruby (SSA:2017-261-03)

New ruby packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ruby-2.2.8-i58

[ more ]  [ reply ]
Watchguard Fireware OS DOS & Stored XSS 2017-09-18
David Fernandez (david fdmv gmail com)
Watchguardâ??s Firebox and XTM are a series of enterprise grade network
security appliances providing advanced security services like next
generation firewall, intrusion prevention, malware detection and
blockage and others. Two vulnerabilities were discovered affecting the
XML-RPC interface of the

[ more ]  [ reply ]
[SECURITY] [DSA 3978-1] gdk-pixbuf security update 2017-09-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3978-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 18, 2017

[ more ]  [ reply ]
ZK Time_Web Software 2.0 - Broken Authentication 2017-09-18
Arvind Vishwakarma (arvind12786 gmail com)
Vulnerability Type: Broken Authentication
Vendor of Product: ZKTeco
Affected Product Code Base: ZKTime Web - 2.0.1.12280
Affected Component: ZK Time Web Interface Management.
Attack Type: Local - Unauthenticated
Impact: Information Disclosure
------------------------------------------
Product descri

[ more ]  [ reply ]
ZKTime_Web Software 2.0 - Cross Site Request Forgery 2017-09-18
Arvind Vishwakarma (arvind12786 gmail com)
Vulnerability Type: Cross Site Request Forgery (CSRF)
Vendor of Product: ZKTeco
Affected Product Code Base: ZKTime Web - 2.0.1.12280
Affected Component: ZK Time Web Interface Management.
Attack Type: Local - Authenticated
Impact: Escalation of Privileges
------------------------------------------
Pr

[ more ]  [ reply ]
[SECURITY] [DSA 3976-1] freexl security update 2017-09-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3976-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 17, 2017

[ more ]  [ reply ]
[slackware-security] kernel (SSA:2017-258-02) 2017-09-15
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kernel (SSA:2017-258-02)

New kernel packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/li

[ more ]  [ reply ]
[SECURITY] [DSA 3975-1] emacs25 security update 2017-09-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3975-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2017

[ more ]  [ reply ]
[slackware-security] emacs (SSA:2017-255-01) 2017-09-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] emacs (SSA:2017-255-01)

New emacs packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+------------------------

[ more ]  [ reply ]
[slackware-security] libzip (SSA:2017-255-02) 2017-09-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libzip (SSA:2017-255-02)

New libzip packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libzip-1.0

[ more ]  [ reply ]
[SECURITY] [DSA 3970-1] emacs24 security update 2017-09-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3970-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 12, 2017

[ more ]  [ reply ]
SEC Consult SA-20170912-0 :: Email verification bypass in SAP E-Recruiting 2017-09-12
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170912-0 >
=======================================================================
title: Email verification bypass
product: SAP E-Recruiting
vulnerable version: 605, 606, 616, 617
fixed version: see SAP security no

[ more ]  [ reply ]
[slackware-security] bash (SSA:2017-251-01) 2017-09-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bash (SSA:2017-251-01)

New bash packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and 14.2
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/package

[ more ]  [ reply ]
[slackware-security] mariadb (SSA:2017-251-02) 2017-09-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mariadb (SSA:2017-251-02)

New mariadb packages are available for Slackware 14.1 and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mariadb-10.0

[ more ]  [ reply ]
[SECURITY] [DSA 3967-1] mbedtls security update 2017-09-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3967-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 08, 2017

[ more ]  [ reply ]
Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol 2017-09-07
Pierre Kim (pierre kim sec gmail com)
Hello,

Please find a text-only version below sent to security mailing lists.

The complete version on analysing the security of "Pwning the Dlink
850L routers and abusing the MyDlink Cloud protocol" is posted here:
https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0da
ys-vulnera

[ more ]  [ reply ]
August 2017 - SourceTree - Critical Security Advisory 2017-09-06
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/c-mdNw .

CVE ID:

* CVE-2017-1000117 - Git.
* CVE-2017-1000115 - Mercurial.
* CVE-2017-1000116 - Mercurial.
* CVE-2017-9800 - Subversion.

Product: SourceTree.

Affected

[ more ]  [ reply ]
[SECURITY] [DSA 3965-1] file security update 2017-09-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3965-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 05, 2017

[ more ]  [ reply ]
[security bulletin] HPESBUX03772 rev.1 - HP-UX BIND Service Running Named, Multiple Vulnerabilities 2017-09-05
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbux
03772en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbux03772en_us

Version: 1

HP

[ more ]  [ reply ]
CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution ( apparitionsec @ gmail / hyp3rlinx ) 2017-09-05
apparitionsec gmail com
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF
-COMMAND-EXECUTION.txt
[+] ISR: apparitionSec

Vendor:
===============
www.cesanta.com

Product:
==================
Mongoo

[ more ]  [ reply ]
Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability 2017-09-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2074

ID: FB49498

Acknowledgements: https://www.flickr.com/photos/vulnerabilitylab/36912680045/

http://web.

[ more ]  [ reply ]
[SECURITY] [DSA 3963-1] mercurial security update 2017-09-04
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3963-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
September 04, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3962-1] strongswan security update 2017-09-03
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3962-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
September 03, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3961-1] libgd2 security update 2017-09-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3961-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 03, 2017

[ more ]  [ reply ]
[security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information 2017-08-31
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03765en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03765en_us

Version: 2

HP

[ more ]  [ reply ]
[security bulletin] HPESBGN03767 rev.1 - HPE Operations Orchestration, Remote Code Execution 2017-08-31
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03767en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03767en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 3957-1] ffmpeg security update 2017-08-28
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3957-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
August 28, 2017

[ more ]  [ reply ]
[security bulletin] HPESBHF03770 rev.1 - HPE Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat, Remote Arbitrary Code Execution 2017-08-28
HPE Product Security Response Team (security-alert hpe com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03770en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03770en_us

Version: 1

[ more ]  [ reply ]
[SECURITY] [DSA 3956-1] connman security update 2017-08-27
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3956-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
August 27, 2017

[ more ]  [ reply ]
Trend Micro Hosted Email Security (HES) - Email Interception and Direct Object Reference 2017-08-24
Patrick Webster (patrick osisecurity com au)
Date:
24-Aug-2017

Product:
Trend Micro Hosted Email Security (HES)

Versions affected:
Hosted Email Security before January 2012.

Vulnerability:

Two vulnerabilities were discovered.

The first allowed any HES user to intercept in-transit emails through
the Trend Micro Hosted Email Security cloud

[ more ]  [ reply ]
[security bulletin] HPESBHF03769 rev.1 - HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities 2017-08-23
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03769en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03769en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 3953-1] aodh security update 2017-08-23
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3953-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
August 23, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3951-1] smb4k security update 2017-08-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3951-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 22, 2017

[ more ]  [ reply ]
[RT-SA-2015-008] WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs 2017-08-22
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs

RedTeam Pentesting discovered that malicious print jobs can be used to
trigger a remote code execution vulnerability in WebClientPrint
Processor (WCPP). These print jobs may be distributed via specially
crafted websites an

[ more ]  [ reply ]
[RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates 2017-08-22
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Updates

RedTeam Pentesting discovered that rogue updates trigger a remote code
execution vulnerability in WebClientPrint Processor (WCPP). These
updates may be distributed through specially crafted websites and are
processed without

[ more ]  [ reply ]
[RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification 2017-08-22
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: WebClientPrint Processor 2.0: Unauthorised Proxy Modification

RedTeam Pentesting discovered that attackers can configure a proxy host
and port to be used when fetching print jobs with WebClientPrint
Processor (WCPP). This proxy setting may be distributed via specially
crafted websites and

[ more ]  [ reply ]
[RT-SA-2015-011] WebClientPrint Processor 2.0: No Validation of TLS Certificates 2017-08-22
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: WebClientPrint Processor 2.0: No Validation of TLS Certificates

RedTeam Pentesting discovered that WebClientPrint Processor (WCPP) does
not validate TLS certificates when initiating HTTPS connections. Thus, a
man-in-the-middle attacker may intercept and/or modify HTTPS traffic in
transit.

[ more ]  [ reply ]
[SECURITY] [DSA 3950-1] libraw security update 2017-08-21
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3950-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
August 21, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3948-1] ioquake3 security update 2017-08-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3948-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 19, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3946-1] libmspack security update 2017-08-18
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3946-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
August 18, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3928-2] firefox-esr security update 2017-08-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3928-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2017

[ more ]  [ reply ]
Microsoft Resnet - DNS Configuration Web Vulnerability 2017-08-16
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Resnet - DNS Configuration Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2087

Acknowledgements: https://technet.microsoft.com/en-us/security/cc308589.aspx

Release Date:
=============
201

[ more ]  [ reply ]
FreeBSD <= 10.3 jail SHM hole 2017-08-16
WhiteWinterWolf (bugtraq lists whitewinterwolf com)
AFFECTED PRODUCTS

This issue affects FreeBSD from 7.0 to 10.3 included.

DESCRIPTION

FreeBSD jail incompletely protects the access to the IPC primitives.

The 'allow.sysvipc' setting only affects IPC queues, leaving other IPC
objects unprotected, making them reachable system-wide independently of

[ more ]  [ reply ]
[SECURITY] [DSA 3943-1] gajim security update 2017-08-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3943-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2017

[ more ]  [ reply ]
CVE-2017-9802: Apache Sling XSS vulnerability 2017-08-14
Robert Munteanu (rombert apache org)
CVE-2017-9802: Apache Sling XSS vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Sling Servlets Post 2.3.20

Description:
The Javascript method Sling.evalString() uses the javascript `eval`
function to parse input strings, which allows for XSS att

[ more ]  [ reply ]
[CVE-2017-9767] Quali CloudShell (v7.1.0.6508 Patch 6) Multiple Stored Cross Site Scripting Vulnerability 2017-08-14
x62x65x6e gmail com
# Vulnerability type: Multiple Stored Cross Site Scripting
# Vendor: Quali
# Product: CloudShell
# Affected version: v7.1.0.6508 (Patch 6)
# Patched version: v8 and up
# Credit: Benjamin Lee
# CVE ID: CVE-2017-9767

==========================================================

# Overview
Quali CloudS

[ more ]  [ reply ]
[SECURITY] [DSA 3940-1] iortcw security update 2017-08-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3940-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 13, 2017

[ more ]  [ reply ]
[slackware-security] mercurial (SSA:2017-223-03) 2017-08-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mercurial (SSA:2017-223-03)

New mercurial packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/

[ more ]  [ reply ]
[SECURITY] [DSA 3937-1] zabbix security update 2017-08-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3937-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 12, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3936-1] postgresql-9.6 security update 2017-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3936-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3935-1] postgresql-9.4 security update 2017-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3935-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2017

[ more ]  [ reply ]
[security bulletin] HPESB3P03762 rev.1 - HPE C Switch Software using Cisco Prime Data Center Network Manager (DCNM), Remote Code Execution 2017-08-10
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesb3p
03762en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesb3p03762en_us

Version: 1

HP

[ more ]  [ reply ]
[ANN] Apache Struts: S2-049 Security Bulletin update 2017-08-10
Lukasz Lenart (lukaszlenart apache org)
This is an update of the recently announced Security Bulletin S2-049 -
http://struts.apache.org/docs/s2-049.html

The bulletin was extended with an additional information when the
potential vulnerability can be present in your application. Please
re-read the mentioned bulletin and apply required act

[ more ]  [ reply ]
[SECURITY] [DSA 3932-1] subversion security update 2017-08-10
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3932-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
August 10, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3933-1] pjproject security update 2017-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3933-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2017

[ more ]  [ reply ]
[SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released 2017-08-10
Daniel Shahaf (danielsh apache org)
I'm happy to announce the release of Apache Subversion 1.9.7.
Please choose the mirror closest to you by visiting:

http://subversion.apache.org/download.cgi?update=201708081800#recommende
d-release

This is a stable security release of the Apache Subversion open source
version control system. I

[ more ]  [ reply ]
[SECURITY] [DSA 3929-1] libsoup2.4 security update 2017-08-10
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3929-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 10, 2017

[ more ]  [ reply ]
[slackware-security] curl (SSA:2017-221-01) 2017-08-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2017-221-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2017-221-02) 2017-08-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2017-221-02)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Easy Modal Plugin Multiple Security Vulnerabilities 2017-08-07
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
WordPress Easy Modal Plugin
Multiple Security Vulnerabilities

Advisory ID: DC-2017-01-007
Advisory Title: WordPress Easy Modal Plugin Multiple Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.

[ more ]  [ reply ]
[SECURITY] [DSA 3927-1] linux security update 2017-08-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3927-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 07, 2017

[ more ]  [ reply ]
Re: [oss-security] [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() 2017-08-05
Brad Spengler (spender grsecurity net)
This bothers me, and since nobody else has bothered to ask, I'll chime in:
Can someone please clear up this timeline for me?

We have:
(nearly a month ago) 7/7/2017 Silent upstream fix for vulnerability, no
stable cc, no backports performed, no distro fixes.

Possibly before this, possibly after (p

[ more ]  [ reply ]
[SECURITY] [DSA 3926-1] chromium-browser security update 2017-08-04
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3926-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
August 04, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3925-1] qemu security update 2017-08-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3925-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 04, 2017

[ more ]  [ reply ]
SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection 2017-08-04
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170804-1 >
=======================================================================
title: Authenticated Command Injection
product: Ubiquiti Networks UniFi Cloud Key
vulnerable version: Firmware v0.6.1
fixed version:

[ more ]  [ reply ]
SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability 2017-08-04
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170804-0 >
=======================================================================
title: Server Side Request Forgery Vulnerability
product: phpBB
vulnerable version: 3.2.0
fixed version: 3.2.1
CVE number:

[ more ]  [ reply ]
[security bulletin] HPESB3P03767 rev.1 - HPE Proliant ML10 Gen9 servers using Intel Xeon E3-1200M v5 and 6th Generation Intel Core Processors, Unauthorized Write to Filesystem 2017-08-04
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesb3p
03767en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesb3p03767en_us

Version: 1

HP

[ more ]  [ reply ]
(Page 8 of 524)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus