|
|
Colapse all |
Post message
[SECURITY] [DSA 4269-1] postgresql-9.6 security update 2018-08-10 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA 4267-1] kamailio security update 2018-08-08 Salvatore Bonaccorso (carnil debian org) [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08 Joachim De Zutter (dezutterjoachim gmail com) CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CA20180802-01: Security Notice for CA API Developer Portal Issued: August 2, 2018 Last Updated: August 2, 2018 CA Technologies Support is alerting customers to a potential risk with CA API Developer Portal. A medium risk vulnerability exists that ca [ more ] [ reply ] [CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08 eL_Bart0 (eL_Bart0 protonmail ch) man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a Parameter (e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd) the Script will read and return the local file. This is happening because of the way the Script calls the "man" comm [ more ] [ reply ] WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08 Michael Catanzaro (mcatanzaro igalia com) New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability 2018-08-07 VMware Security Response Center (security vmware com) RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06 Andrius Duksta (duk danskebank lt) Sorry, but the viable/practical attack vector on this one is practically non-existent. I really can't see anyone actually using this as a real-life attack. The circumstances required to succeed are such that if this attack works, it's waaay too late to blame Rufus as your system was obviously alread [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-18:08.tcp 2018-08-06 FreeBSD Security Advisories (security-advisories freebsd org) [SECURITY] [DSA 4265-1] xml-security-c security update 2018-08-05 Moritz Muehlenhoff (jmm debian org) [slackware-security] lftp (SSA:2018-214-01) 2018-08-02 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] lftp (SSA:2018-214-01) New lftp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ [ more ] [ reply ] [SECURITY] [DSA 4260-1] libmspack security update 2018-08-02 Salvatore Bonaccorso (carnil debian org) Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installer of VMware Player 12.5.9, published in January 2018, available from <https://download3.vmware.com/software/player/file/VMware-player-12.5.9- 7535481.exe>, is vulnerable. JFTR: VMware Player 12.5.9 is the last version which runs on 32-bit Windows, and the last t [ more ] [ reply ] [slackware-security] blueman (SSA:2018-213-01) 2018-08-02 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] blueman (SSA:2018-213-01) New blueman packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/blueman [ more ] [ reply ] CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, on February 13, 2016, I sent a vulnerability report regarding the then current executable installer of VMware-player 7.1.3 to its vendor. On September 14, 2016, VMware published <http://blogs.vmware.com/security/2016/09/vmsa-2016-0014.html> and <http://www.vmware.com/security/advisories/VM [ more ] [ reply ] [slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2018-212-02) New seamonkey packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/seam [ more ] [ reply ] [slackware-security] file (SSA:2018-212-01) 2018-07-31 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] file (SSA:2018-212-01) New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/f [ more ] [ reply ] secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 2018-07-30 Tobias Glemser (tglemser secuvera de) secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 Affected Products: Microsoft Wireless Display Adapter V2: - Microsoft Wireless Display Adapter V2 Softwareversion 2.0.8350 to 2.0.8372 have been tested an [ more ] [ reply ] [slackware-security] Slackware 14.2 kernel (SSA:2018-208-01) 2018-07-27 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-208-01) New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4. [ more ] [ reply ] [SECURITY] [DSA 4256-1] chromium-browser security update 2018-07-27 Michael Gilbert (mgilbert debian org) [CORE-2018-0009] - SoftNAS Cloud OS Command Injection 2018-07-26 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. *Advisory Information* Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: http://www.coresecurity.com/advisories/softnas-cloudnas-OS-command-injec tion Date pu [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25 Defense Code (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities Advisory ID: DC-2018-05-007 Advisory Title: WordPress Strong Testimonials Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25 Defense Code (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability Advisory ID: DC-2018-05-008 Advisory Title: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Gwol [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4268-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2018
[ more ] [ reply ]