BugTraq Mode:
(Page 12 of 1729)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
CVE-2017-5640 Apache Impala (incubating) Information Disclosure 2017-07-10
Sailesh Mukil (sailesh apache org)
CVE-2017-5640 Apache Impala (incubating) Information Disclosure

Severity: High

Versions Affected:
Apache Impala (incubating) 2.7.0 to 2.8.0

Description:
It was noticed that a malicious process impersonating an Impala daemon
could cause Impala daemons to skip authentication checks when Kerberos
is

[ more ]  [ reply ]
[SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure 2017-07-10
Sailesh Mukil (sailesh apache org)
CVE-2017-5652 Apache Impala (incubating) Information Disclosure

Severity: High

Versions Affected:
Apache Impala (incubating) 2.7.0 to 2.8.0

Description:
During a routine security analysis, it was found that one of the ports
sent data in plaintext even when the cluster was configured to use
TLS. T

[ more ]  [ reply ]
ToorCon 19 Call For Papers Closing This Week! 2017-07-10
h1kari toorcon org
TOORCON 19 CALL FOR PAPERS CLOSING THIS WEEK!

It's that time of year again! ToorCon 19 is coming so get your code finished and submit a talk this time around. This year's event has been pushed earlier in the year to the end of August, so make sure to save the new dates on your calendar. We're letti

[ more ]  [ reply ]
[slackware-security] irssi (SSA:2017-190-01) 2017-07-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] irssi (SSA:2017-190-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[SECURITY] [DSA 3905-1] xorg-server security update 2017-07-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3905-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 09, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3904-1] bind9 security update 2017-07-08
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3904-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
July 08, 2017

[ more ]  [ reply ]
[slackware-security] php (SSA:2017-188-01) 2017-07-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2017-188-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
CVE-2017-10974 Yaws Web Server v1.91 Unauthenticated Remote File Disclosure 2017-07-08
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHE
NTICATED-REMOTE-FILE-DISCLOSURE.txt
[+] ISR: ApparitionSec

Vendor:
==========
yaws.hyber.org

Product:
===========
Yaws v

[ more ]  [ reply ]
[ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr 2017-07-07
Shalin Shekhar Mangar (shalin apache org)
CVE-2017-7660: Security Vulnerability in secure inter-node
communication in Apache Solr

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Solr 5.3 to 5.5.4
Solr 6.0 to 6.5.1

Description:

Solr uses a PKI based mechanism to secure inter-node communication
when security

[ more ]  [ reply ]
[SYSS-2017-011] Office 365: Insufficient Session Expiration (CWE-613) 2017-07-07
Micha Borrmann (micha borrmann syss de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Advisory ID: SYSS-2017-011
Product: Office 365 (Sharepoint)
Manufacturer: Microsoft
Affected Version(s): ?
Tested Version(s): Office 365 Enterprise E3 (version from February 2017)
Vulnerability Type: Insufficient Session Expiration (CWE-613)
Risk Leve

[ more ]  [ reply ]
Firefox v54.0.1 Denial Of Service 2017-07-07
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/FIREFOX-v54.0.1-DENIAL-OF-SER
VICE.txt
[+] ISR: ApparitionSec

Vendor:
===============
www.mozilla.org

Product:
===============
Firefox v54.0.1

Vuln

[ more ]  [ reply ]
KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials 2017-07-06
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials

Title: Solarwinds LEM Hardcoded Credentials
Advisory ID: KL-001-2017-015
Publication Date: 2017.07.06
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-015.txt

1. Vulnerability Details

Affected Vendor: Solarwin

[ more ]  [ reply ]
KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack 2017-07-06
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack

Title: Barracuda WAF Support Tunnel Hijack
Advisory ID: KL-001-2017-014
Publication Date: 2017.07.06
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-014.txt

1. Vulnerability Details

Affected Vendor: Barracuda

[ more ]  [ reply ]
KL-001-2017-012 : Barracuda WAF Grub Password Complexity 2017-07-06
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-012 : Barracuda WAF Grub Password Complexity

Title: Barracuda WAF Grub Password Complexity
Advisory ID: KL-001-2017-012
Publication Date: 2017.07.06
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-012.txt

1. Vulnerability Details

Affected Vendor: Barr

[ more ]  [ reply ]
KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure 2017-07-06
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure

Title: Barracuda WAF Internal Development Credential Disclosure
Advisory ID: KL-001-2017-011
Publication Date: 2017.07.06
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-011.txt

1. Vulnerability

[ more ]  [ reply ]
[SECURITY] [DSA 3903-1] tiff security update 2017-07-05
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3903-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3902-1] jabberd2 security update 2017-07-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3902-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 05, 2017

[ more ]  [ reply ]
[security bulletin] HPSBMU02933 rev.3 - HPE SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS) 2017-07-05
HPE Product Security Response Team (security-alert hpe com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c039694
35

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03969435

Version: 3

HPSBMU02933 rev

[ more ]  [ reply ]
[slackware-security] Slackware 14.0 kernel (SSA:2017-184-01) 2017-07-03
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 14.0 kernel (SSA:2017-184-01)

New kernel packages are available for Slackware 14.0 to fix security issues.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/linux-3.

[ more ]  [ reply ]
[SECURITY] [DSA 3901-1] libgcrypt20 security update 2017-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3901-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2017

[ more ]  [ reply ]
[CVE-2017-9313] Webmin 1.840 Multiple XSS Vulnerabilities 2017-07-02
andys3c gmail com
Vulnerability type: Reflected Cross Site Scripting
------------------------
Product: Webmin
------------------------
Affected version: Webmin 1.840 and possibly
earlier
------------------------
Patched version: Webmin 1.850
------------------------
Credit: Andy Tan
------------------------
CVE ID:

[ more ]  [ reply ]
InsomniaX loader allows loading of arbitrary Kernel Extensions 2017-07-02
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

InsomniaX loader allows loading of arbitrary Kernel Extensions
------------------------------------------------------------------------

Yorick Koster, April 2017

----------------------------------------------------------------

[ more ]  [ reply ]
[slackware-security] glibc (SSA:2017-181-01) 2017-06-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] glibc (SSA:2017-181-01)

New glibc packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/glibc-2.23-i

[ more ]  [ reply ]
[slackware-security] kernel (SSA:2017-181-02) 2017-06-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kernel (SSA:2017-181-02)

New kernel packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.

[ more ]  [ reply ]
Microsoft Dynamic CRM 2016 - Cross-Site Scripting vulnerability 2017-06-30
gregory draperi (gregory draperi gmail com)
Hello Everyone,

Product: MS Dynamic CRM 2016
Vendor: Microsoft

Vulnerability type: Cross Site Scripting
Vulnerable version: MS Dynamic CRM 2016 SP1 and previous
Vulnerable component: SyncFilterPage.aspx
Report confidence: Confirmed
Solution status: Not fixed by Vendor, will not patch the vuln.
Fix

[ more ]  [ reply ]
SEC Consult SA-20170630-0 :: Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government 2017-06-30
SEC Consult Vulnerability Lab (research sec-consult com)
We have published an accompanying blog post to this technical advisory with
further information:
German version with less technical details as an overview:
http://blog.sec-consult.com/2017/06/e-government-in-deutschland-schwachs
tellen.html

English version containing more detailed attack scenario de

[ more ]  [ reply ]
ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability 2017-06-28
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability

EMC Identifier: ESA-2017-062

CVE Identifier: CVE-2017-4997

Severity Rating: CVSS v3 Base Score: 8.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)

Affected products:

[ more ]  [ reply ]
[SECURITY] [DSA 3900-1] openvpn security update 2017-06-27
Sebastien Delafond (seb untangle com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3900-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 27, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3886-2] linux regression update 2017-06-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3886-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 27, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3899-1] vlc security update 2017-06-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3899-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 27, 2017

[ more ]  [ reply ]
(Page 12 of 1729)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus