BugTraq Mode:
(Page 2 of 524)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox 1.8.0 to 1.8.14
Apache PDFBox 2.0.0 to 2.0.10
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
A carefu

[ more ]  [ reply ]
[SECURITY] [DSA 4237-1] chromium-browser security update 2018-07-01
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4237-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
June 30, 2018

[ more ]  [ reply ]
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox 1.8.0 to 1.8.14
Apache PDFBox 2.0.0 to 2.0.10
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
A carefu

[ more ]  [ reply ]
TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27
Tim Coen (tc coen gmail com)
* Vulnerability: Broken Authentication
* Affected Software: TP-Link TL-WR841N v13
* Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n
* Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
* Risk: High
* Vendor Contacted: 05/20/2018
* Vendor Fix: Issue was independent

[ more ]  [ reply ]
TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577) 2018-06-27
Tim Coen (tc coen gmail com)
* Vulnerability: Authenticated Blind Command Injection
* Affected Software: TP-Link TL-WR841N v13
* Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
* Patched Version: None
* Risk: High
* Vendor Contacted: 05/20/2018
* Vendor Fix: None
* Public Disclosure: 06/27/2018

###

[ more ]  [ reply ]
APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 2018-06-27
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0

SwiftNIO 1.8.0 is now available and addresses the following:

SwiftNIO
Available for: macOS Sierra 10.12 and later, Ubuntu 14.04 and later
Impact: A remote attacker may be able to overwrite arbitrary memory
Descri

[ more ]  [ reply ]
[SECURITY] [DSA 4236-1] xen security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4236-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 27, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4235-1] firefox-esr security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4235-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 27, 2018

[ more ]  [ reply ]
TP-Link TL-WR841N v13: CSRF (CVE-2018-12574) 2018-06-27
Tim Coen (tc coen gmail com)
* Vulnerability: Cross-Site Request Forgery
* Affected Software: TP-Link TL-WR841N v13
* Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
* Patched Version: None
* Risk: High
* Vendor Contacted: 05/20/2018
* Vendor Fix: None
* Public Disclosure: 06/27/2018

##### Overview

[ more ]  [ reply ]
PRTG < 18.2.39 Command Injection 2018-06-26
Josh Berry (josh berry codewatch org)
Bugtraq,

I (Josh Berry) discovered an authenticated command injection vulnerability
in the ?Demo? PowerShell notification script provided by versions of PRTG
Network Monitor prior to 18.2.39.  The PowerShell notifications demo script
on versions of the application prior to 18.2.39 do not properly s

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2018-176-01) 2018-06-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-176-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability 2018-06-25
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability

Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability
Advisory ID: KL-001-2018-008
Publication Date: 2018.06.25
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt

1. Vulnerability Details

[ more ]  [ reply ]
[SECURITY] [DSA 4234-1] lava-server security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4234-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 22, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4233-1] bouncycastle security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4233-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 22, 2018

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-18:07.lazyfpu Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 4232-1] xen security update 2018-06-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4232-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 20, 2018

[ more ]  [ reply ]
[slackware-security] gnupg (SSA:2018-170-01) 2018-06-19
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnupg (SSA:2018-170-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+------------------------

[ more ]  [ reply ]
XSS in Canopy login page 2018-06-19
RYT (me ryantzj com)
[Title]

XSS in Canopy login page

------------------------------------------

[Description]

CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer,

allowing attacks by low-privileged users against higher-privileged users.This

instance of stored cross-site scripting (XSS) v

[ more ]  [ reply ]
[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4231-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 17, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031800
69

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03180069

Version: 1

MFSBGN03810 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 4229-1] strongswan security update 2018-06-16
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4229-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
June 14, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4230-1] redis security update 2018-06-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4230-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 17, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031800
66

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03180066

Version: 1

MFSBGN03809 rev.1

[ more ]  [ reply ]
CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20180614-01: Security Notice for CA Privileged Access Manager

Issued: June 14th, 2018
Last Updated: June 14th, 2018

CA Technologies Support is alerting customers to multiple potential
risks with CA Privileged Access Manager. Multiple vulnerabili

[ more ]  [ reply ]
CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-06-15
Branco, Rodrigo (rodrigo branco intel com)
0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?$??¬Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0AD2_01D40404.7886AFA0"

X-MS-TNEF-Correlator: 0000000061FF3D5B41EB9E4A831DBFB26BCC1B7407001A0BDC17ADE6FC4F8E4C8C6EA98D
1323000000054673000043EA03D60070E54ABCAD1E76C5F7039E004D7A42497700

[ more ]  [ reply ]
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 2018-06-14
Michael Catanzaro (mcatanzaro igalia com)
------------------------------------------------------------------------

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005
------------------------------------------------------------------------

Date reported : June 13, 2018
Advisory ID : WSA-2018-0005

[ more ]  [ reply ]
[SECURITY] [DSA 4228-1] spip security update 2018-06-14
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4228-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 14, 2018

[ more ]  [ reply ]
APPLE-SA-2018-06-13-01 Xcode 9.4.1 2018-06-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-06-13-01 Xcode 9.4.1

Xcode 9.4.1 is now available and addresses the following:

Git
Available for: macOS High Sierra 10.13.2 or later
Impact: Multiple issues in git, the most significant of which may
lead to arbitrary code execution
Des

[ more ]  [ reply ]
Multiple Security Issues in Ecos Secure Boot Stick (SBS) 2018-06-13
Michael Rossberg (michael rossberg tu-ilmenau de)

MULTIPLE SECURITY ISSUES IN ECOS SECURE BOOT STICK (SBS)

- Software: Ecos Secure Boot Stick
- Version: Stick Version 5.6.5, System Management Version 5.2.68
- Vendor Status: Vendor informed
- Release Date: 13/06/2018

The latest version of this document may be downloaded from
https://telem

[ more ]  [ reply ]
Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 2018-06-13
yavuz atlas (yavatlas gmail com)
I. VULNERABILITY
-------------------------
Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-11689

III. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689

IV. CREDIT
-----------

[ more ]  [ reply ]
CSNC-2018-021 - Vert.x - HTTP Header Injection 2018-06-13
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Vert.x [1]
# CSNC ID: CSNC-2018-021
# Subject: HTTP Header Injection

[ more ]  [ reply ]
[SECURITY] [DSA 4227-1] plexus-archiver security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4227-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 12, 2018

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities 2018-06-12
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin
Multiple SQL injection Security Vulnerabilities

Advisory ID: DC-2018-05-002
Advisory Title: WordPress WP Google Map Plugin Multiple SQL injection
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Sof

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) 2018-06-12
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder
Lite Plugin Multiple Vulnerabilities (XSS and SQLi)

Advisory ID: DC-2018-05-009
Advisory Title: WordPress Ultimate Form Builder Lite Plugin Multiple
Vulnerabilities (XSS and SQLi)
Advisory URL: http://www.defensecode.com

[ more ]  [ reply ]
[SECURITY] [DSA 4226-1] perl security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4226-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 12, 2018

[ more ]  [ reply ]
AST-2018-008: PJSIP endpoint presence disclosure when using ACL 2018-06-11
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2018-008

Product Asterisk
Summary PJSIP endpoint presence disclosure when using ACL
Nature of Advisory Unauthorized data disclosure

[ more ]  [ reply ]
AST-2018-007: Infinite loop when reading iostreams 2018-06-11
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2018-007

Product Asterisk
Summary Infinite loop when reading iostreams
Nature of Advisory Denial of Service

[ more ]  [ reply ]
[SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release) 2018-06-08
Security Explorations (contact security-explorations com)

Hello All,

We have decided to release to the public domain our SRP-2018-01 security
research project related to the security of STMicroelectronics chipsets.

The research material (70+ pages long technical paper accompanied by two
reverse engineering tools) can be downloaded from the SRP section o

[ more ]  [ reply ]
[SECURITY] [DSA 4225-1] openjdk-7 security update 2018-06-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4225-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 10, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4224-1] gnupg security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4224-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4220-1] firefox-esr security update 2018-06-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4220-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 08, 2018

[ more ]  [ reply ]
SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect) 2018-06-08
ch sangsakul gmail com
SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect)

# Exploit Title: SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect)
# Date: 08-06-2018
# Software Link: https://symfony.com/
# Exploit Author: HaMM0nz (Chakrit S.), a member of KPMG Cyber Security team in Thailand
# CV

[ more ]  [ reply ]
[SECURITY] [DSA 4223-1] gnupg1 security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4223-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4222-1] gnupg2 security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4222-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2018

[ more ]  [ reply ]
[slackware-security] gnupg2 (SSA:2018-159-01) 2018-06-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnupg2 (SSA:2018-159-01)

New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and
- -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
[SECURITY] [DSA 4221-1] libvncserver security update 2018-06-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4221-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 08, 2018

[ more ]  [ reply ]
Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS) 2018-06-08
yavuz atlas (yavatlas gmail com)
I. VULNERABILITY
-------------------------
Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-11690

III. VENDOR
-------------------------
https://extensions.joomla.org/extension/gridbox/

IV. REFERENCES
-----------------

[ more ]  [ reply ]
[SECURITY] [DSA 4219-1] jruby security update 2018-06-08
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4219-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 08, 2018

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin
Multiple Security Vulnerabilities

Advisory ID: DC-2018-05-001
Advisory Title: WordPress Form Maker Plugin Multiple Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress Form Maker pl

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker
Plugin Multiple Security Vulnerabilities

Advisory ID: DC-2018-05-004
Advisory Title: WordPress Contact Form Maker Plugin Multiple
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: Word

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2018-157-01) 2018-06-07
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-157-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 4218-1] memcached security update 2018-06-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4218-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 06, 2018

[ more ]  [ reply ]
Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) 2018-06-05
yavuz atlas (yavatlas gmail com)
I. VULNERABILITY
-------------------------
Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting

II. CVE REFERENCE
-------------------------
CVE-2018-11688

III. VENDOR HOMEPAGE
-------------------------
https://www.igniterealtime.org/projects/openfire/

IV. DESCRIPTION
---------

[ more ]  [ reply ]
[SECURITY] [DSA 4214-1] zookeeper security update 2018-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4214-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 01, 2018

[ more ]  [ reply ]
APPLE-SA-2018-06-01-4 iOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-4 iOS 11.4

iOS 11.4 addresses the following:

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer

[ more ]  [ reply ]
[CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Quest DR Series Disk Backup Multiple Vulnerabilities

1. *Advisory Information*

Title: Quest DR Series Disk Backup Multiple Vulnerabilities
Advisory ID: CORE-2018-0002
Advisory URL:
http://www.coresecurity.com/advisories/quest-dr-

[ more ]  [ reply ]
[SECURITY] [DSA 4216-1] prosody security update 2018-06-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4216-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 02, 2018

[ more ]  [ reply ]
APPLE-SA-2018-06-01-3 iCloud for Windows 7.5 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-3 iCloud for Windows 7.5

iCloud for Windows 7.5 is now available and addresses the following:

Security
Available for: Windows 7 and later
Impact: A local user may be able to read a persistent device
identifier
Description: An aut

[ more ]  [ reply ]
APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5,
Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan

macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and
Security Update 2018-003 El Capitan are now available and address
th

[ more ]  [ reply ]
[CORE-2018-0004] - Quest KACE System Management Appliance Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Quest KACE System Management Appliance Multiple Vulnerabilities

1. *Advisory Information*

Title: Quest KACE System Management Appliance Multiple Vulnerabilities
Advisory ID: CORE-2018-0004
Advisory URL:
http://www.coresecurity.co

[ more ]  [ reply ]
[SECURITY] [DSA 4191-2] redmine regression update 2018-06-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4191-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 03, 2018

[ more ]  [ reply ]
APPLE-SA-2018-06-01-2 Safari 11.1.1 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-2 Safari 11.1.1

Safari 11.1.1 is now available and addresses the following:

Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to cause a den

[ more ]  [ reply ]
[SECURITY] [DSA 4217-1] wireshark security update 2018-06-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4217-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 03, 2018

[ more ]  [ reply ]
APPLE-SA-2018-06-01-6 tvOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-6 tvOS 11.4

tvOS 11.4 addresses the following:

Crash Reporter
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addr

[ more ]  [ reply ]
APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows

iTunes 12.7.5 for Windows addresses the following:

Security
Available for: Windows 7 and later
Impact: A local user may be able to read a persistent device
identifier
Description: An authorization issu

[ more ]  [ reply ]
[SECURITY] [DSA 4215-1] batik security update 2018-06-02
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4215-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 02, 2018

[ more ]  [ reply ]
[slackware-security] git (SSA:2018-152-01) 2018-06-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] git (SSA:2018-152-01)

New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 2018-05-30
Amine Taouirsa (taouirsa gmail com)
Vendor: Appnitro
Product webpage: https://www.machform.com/
Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/
Fix: https://www.machform.com/blog-machform-423-security-release/

Author: Amine Taouirsa
Twitter: @metalamin

Google dork examples:
----------------------
"machform" inurl:"

[ more ]  [ reply ]
APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-5 watchOS 4.3.1

watchOS 4.3.1 addresses the following:

Crash Reporter
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with

[ more ]  [ reply ]
CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Vulnerability 2018-05-30
mehta himanshu21 gmail com
Aloha,

*1. Introduction*

Vendor: NCH Software
Affected Product: AXON PBX - 2.02
Vendor Website: http://www.nch.com.au/pbx/index.html
Vulnerability Type: Reflected XSS
Remote Exploitable: Yes
CVE: CVE-2018-11552

*2. Overview*

There is a reflected

[ more ]  [ reply ]
[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4209-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 25, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4210-1] xen security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4210-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 25, 2018

[ more ]  [ reply ]
Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting 2018-05-24
Yavuz Atlas (yavuz atlas biznet com tr)
I. VULNERABILITY
-------------------------
Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting

II. CVE REFERENCE
-------------------------
CVE-2018-11027

III. VENDOR HOMEPAGE
-------------------------
https://www.ruckuswireless.com

IV. DESCRIPTION
-------------------------
Ruckus (Broca

[ more ]  [ reply ]
Android OS Didnt use FLAG_SECURE for Sensitive Settings [CVE-2017-13243] 2018-05-24
research nightwatchcybersecurity com
[Blog post here:
https://wwws.nightwatchcybersecurity.com/2018/05/24/android-os-didnt-use
-flag_secure-for-sensitive-settings-cve-2017-13243/]

SUMMARY

Android OS did not use the FLAG_SECURE flag for sensitive settings,
potentially exposing sensitive data to other applications on the same
device wit

[ more ]  [ reply ]
PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) 2018-05-23
reggie dodd30 gmail com
[Title]
PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392)

[Product]
PHP Login & User Management
https://codecanyon.net/item/php-login-user-management/49008

[CVE]
CVE-2018-11392

[Credit]
Reginald Dodd

[Description]
An arbitrary file upload vulnerability in /classes/pro

[ more ]  [ reply ]
[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting 2018-05-23
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031647
78

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03164778

Version: 1

MFSBGN03808 rev.1

[ more ]  [ reply ]
[CVE-2018-8013] Apache Batik information disclosure vulnerability 2018-05-23
Simon Steiner (simonsteiner1984 gmail com)
CVE-2018-8013:
Apache Batik information disclosure vulnerability

Severity:
Medium

Vendor:
The Apache Software Foundation

Versions Affected:
Batik 1.0 - 1.9.1

Description:
When deserializing subclass of `AbstractDocument`, the class takes a
string from the

[ more ]  [ reply ]
K2 smartforms runtime application - 4.6.11 SSRF 2018-05-22
fuming22 gmail com
# Vulnerability type: Server Side Request Forgery
# Vendor: https://www.k2.com/
# Product: K2 Smartforms
# Affected version: 4.6.11
# Credit: Foo Jong Meng
# CVE ID: CVE-2018-9920

# DESCRIPTION:

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified ho

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2018-142-02) 2018-05-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2018-142-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 4208-1] procps security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4208-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 22, 2018

[ more ]  [ reply ]
[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) 2018-05-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01)

New kernel packages are available for Slackware 14.2 to fix a regression in the
getsockopt() function and to fix two denial-of-service security issues.

Here are the details from the Slack

[ more ]  [ reply ]
[slackware-security] procps-ng (SSA:2018-142-03) 2018-05-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] procps-ng (SSA:2018-142-03)

New procps-ng packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/proc

[ more ]  [ reply ]
[SECURITY] [DSA 4207-1] packagekit security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4207-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 22, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4206-1] gitlab security update 2018-05-21
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4206-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 21, 2018

[ more ]  [ reply ]
Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

Qualys Security Advisory

Procps-ng Audit Report

========================================================================

Contents
========================================================================

Summary
1. FUSE-backed /proc/PID/cmdline
2. Unprivileged process hiding
3. Local Privilege E

[ more ]  [ reply ]
[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for 2018-05-18
Moritz Muehlenhoff (jmm debian org)
Debian oldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4205-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 18, 2

[ more ]  [ reply ]
[SECURITY] [DSA 4204-1] imagemagick security update 2018-05-18
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4204-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 18, 2018

[ more ]  [ reply ]
[SYSS-2018-007] ILIAS e-Learning - Reflected Cross-Site-Scripting 2018-05-18
Moritz Bechler (moritz bechler syss de)
Advisory ID: SYSS-2018-007
Product: ILIAS
Affected Version(s): 5.3.2, 5.2.14, 5.1.25
Tested Version(s): 5.3.2, 5.2.12
Vulnerability Type: Reflected Cross-Site-Scripting
Risk Level: MEDIUM
Solution Status: Fixed
Manufacturer Notification: 2018-03-29
Solution Date: 2018-04-25
Public Disclosure: 2018-0

[ more ]  [ reply ]
MagniComp SysInfo Information Exposure [CVE-2018-7268] 2018-05-18
Harry Sintonen (bugtraq kyber fi)
MagniComp SysInfo Information Exposure [CVE-2018-7268]
======================================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.tx
t

Overview
--------

MagniComp SysInfo contains a information e

[ more ]  [ reply ]
[SECURITY] [DSA 4203-1] vlc security update 2018-05-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4203-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 17, 2018

[ more ]  [ reply ]
[slackware-security] curl (SSA:2018-136-01) 2018-05-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2018-136-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/c

[ more ]  [ reply ]
[slackware-security] php (SSA:2018-136-02) 2018-05-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2018-136-02)

New php packages are available for Slackware 14.0, 14.1, and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php-5.6.36-i5

[ more ]  [ reply ]
[SECURITY] [DSA 4202-1] curl security update 2018-05-16
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4202-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
May 16, 2018

[ more ]  [ reply ]
CVE-2018-11101: Signal-desktop HTML tag injection variant 2 2018-05-16
Alfredo Ortega (ortegaalfredo gmail com)

Title: Signal-desktop HTML tag injection variant 2

Date Published: 2018-05-16

Last Update: 2018-05-16

CVE Name: CVE-2018-11101

Class: Code injection

Remotely Exploitable: Yes

Locally Exploitable: No

Vendors contacted: Signal.org

Vulnerability Description:

Signal-desktop is the standalone d

[ more ]  [ reply ]
SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager 2018-05-16
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180516-0 >
=======================================================================
title: XXE & XSS vulnerabilities
product: RSA Authentication Manager
vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P1
fixed vers

[ more ]  [ reply ]
[SECURITY] [DSA 4201-1] xen security update 2018-05-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4201-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 15, 2018

[ more ]  [ reply ]
CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking 2018-05-15
Advisories (advisories compass-security com)
########################################################################
########
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
########################################################################
########
#
# Product: totemomail Encryption Gateway
# Vend

[ more ]  [ reply ]
CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery 2018-05-15
Advisories (advisories compass-security com)
########################################################################
########
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
########################################################################
########
#
# Product: totemomail Encryption Gateway
# Vend

[ more ]  [ reply ]
CVE-2018-10994: HTML tag injection in Signal-desktop 2018-05-14
Alfredo Ortega (ortegaalfredo gmail com)
Title: HTML tag injection in Signal-desktop

Date Published: 14-05-2018

CVE Name: CVE-2018-10994

Class: Code injection

Remotely Exploitable: Yes

Locally Exploitable: No

Vendors contacted: Signal.org

Vulnerability Description:

Signal-desktop is the standalone desktop version of the secure Sign

[ more ]  [ reply ]
(Page 2 of 524)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus