BugTraq Mode:
(Page 1 of 1738)  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 4180-1] drupal7 security update 2018-04-25
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4180-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 25, 2018

[ more ]  [ reply ]
Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability 2018-04-25
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/04/25

Oracle Outside In Technology Use-After-Free Vulnerability

======================================================================
Table of Contents

Affected Software............

[ more ]  [ reply ]
APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-04-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-04-24-2 Security Update 2018-001

Security Update 2018-001 is now available and addresses the
following:

Crash Reporter
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to gain elevated privileges
Description:

[ more ]  [ reply ]
APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-04-24-1 iOS 11.3.1

iOS 11.3.1 is now available and addresses the following:

Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and
iPod touch 6th generation
Impact: An application may be able to gain elevated privil

[ more ]  [ reply ]
APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4,
and 13605.1.33.1.4)

Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4)
is now available and addresses the following:

WebKit
Available for: OS X El Capitan 10.11.6

[ more ]  [ reply ]
[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4179-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Ben Hutchings
April 24, 2018

[ more ]  [ reply ]
SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180424-0 >
=======================================================================
title: Reflected Cross-Site Scripting
product: Zyxel ZyWALL: see "Vulnerable / tested version"
vulnerable version: ZLD 4.30 and before

[ more ]  [ reply ]
SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180423-0 >
=======================================================================
title: Multiple Stored XSS Vulnerabilities
product: WSO2 Carbon, WSO2 Dashboard Server
vulnerable version: WSO2 Identity Server 5.3.0

[ more ]  [ reply ]
[SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4176-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 20, 2018

[ more ]  [ reply ]
Seagate Media Server path traversal vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Seagate Media Server path traversal vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2017

------------------------------------------------------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 4175-1] freeplane security update 2018-04-18
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4175-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 18, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4178-1] libreoffice security update 2018-04-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4178-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2018

[ more ]  [ reply ]
[SE-2011-01] The origin and impact of vulnerabilities in ST chipsets 2018-04-21
Security Explorations (contact security-explorations com)

Hello All,

We have published an initial document describing the origin and impact
of the vulnerabilities discovered in ST chipsets along some rationale
indicating why it's worth to dig further into this case:

http://www.security-explorations.com/materials/se-2011-01-st-impact.pdf

This document i

[ more ]  [ reply ]
[SECURITY] [DSA 4177-1] libsdl2-image security update 2018-04-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4177-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2018

[ more ]  [ reply ]
Seagate Media Server stored Cross-Site Scripting vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Seagate Media Server stored Cross-Site Scripting vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2017

------------------------------------------------------------

[ more ]  [ reply ]
[slackware-security] gd (SSA:2018-108-01) 2018-04-19
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gd (SSA:2018-108-01)

New gd packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
This update fixes two security is

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2018-0003 2018-04-17
Michael Catanzaro (mcatanzaro igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------

Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2

[ more ]  [ reply ]
[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4174-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
April 17, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4173-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 16, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031404
87

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03140487

Version: 1

MFSBGN03802 - Vir

[ more ]  [ reply ]
[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031411
80

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03141180

Version: 1

MFSBGN03803 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 4079-2] poppler regression update 2018-04-12
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4079-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 12, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4169-1] pcs security update 2018-04-11
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4169-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
April 11, 2018

[ more ]  [ reply ]
Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10
Yves Younan (wootcfp fort-knox org)
Dear all,

We are pleased to announce the Call for Papers for the 12th USENIX
Workshop on Offensive Technologies! WOOT '18 will be held on August
13â??14, 2018, in conjunction with USENIX Security in Baltimore, MD, USA.

WOOT provides a forum for high-quality, peer-reviewed work discussing
tools and

[ more ]  [ reply ]
[SECURITY] [DSA 4170-1] pjproject security update 2018-04-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4170-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 09, 2018

[ more ]  [ reply ]
secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)
Affected Products

OCS Inventory NG ocsreports 2.4

OCS Inventory NG ocsreports 2.3.1

(older/other releases have not been tested)

References

https://www.secuvera.de/advisories/secuvera-SA-2017-04.txt (used for updates)

https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH 2018-04-09
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

on their "Security Research & Defense" blog, members of Microsoft's
Security Response Center recently posted
<https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-plant
ing-vulnerability/>

This blog post but clearly shows that the MSRC doesn't know how Windows
handles the PATH

[ more ]  [ reply ]
secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)
Affected Products

OCSInventory-ocsreports 2.4

(older releases have not been tested)

References

https://www.secuvera.de/advisories/secuvera-SA-2017-03.txt (used for updates)

https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-r
eleased/ (Release announcement of OCS

[ more ]  [ reply ]
[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4168-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 08, 2018

[ more ]  [ reply ]
[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: CyberArk Password Vault Web Access Remote Code Execution

The CyberArk Password Vault Web Access application uses authentication
tokens which consist of serialized .NET objects. By crafting manipulated
tokens, attackers are able to gain unauthenticated remote code execution
on the web serv

[ more ]  [ reply ]
(Page 1 of 1738)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus