Colapse all |
Post message
APPLE-SA-2018-7-9-5 Safari 11.1.2 2018-07-09 Apple Product Security (product-security-noreply lists apple com) APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan are now available and address the [ more ] [ reply ] APPLE-SA-2018-7-9-1 iOS 11.4.1 2018-07-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-1 iOS 11.4.1 iOS 11.4.1 is now available and addresses the following: CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in Safari Description: A [ more ] [ reply ] [SECURITY] [DSA 4242-1] ruby-sprockets security update 2018-07-09 Salvatore Bonaccorso (carnil debian org) [slackware-security] mozilla-thunderbird (SSA:2018-186-01) 2018-07-05 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2018-186-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ p [ more ] [ reply ] APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 2018-07-05 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 Wi-Fi Update for Boot Camp 6.4.0 is now available and addresses the following: Wi-Fi Available for the following machines while running Boot Camp: MacBook (Late 2009 and later), MacBook Pro (Mid [ more ] [ reply ] SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers 2018-07-04 SEC Consult Vulnerability Lab (research sec-consult com) Also see our other two advisories regarding critical ADB vulnerabilities as they have been split up for better readability: Local root: https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via- network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/ Privilege escalation: htt [ more ] [ reply ] SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers 2018-07-04 SEC Consult Vulnerability Lab (research sec-consult com) Also see our other two advisories regarding critical ADB vulnerabilities as they have been split up for better readability: Local root: https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via- network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/ Authorization bypass: htt [ more ] [ reply ] SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers 2018-07-04 SEC Consult Vulnerability Lab (research sec-consult com) Also see our other two advisories regarding critical ADB vulnerabilities as they have been split up for better readability: Authorization bypass: https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-a ll-adb-broadband-gateways-routers/ Privilege escalation: https://www.sec-consult [ more ] [ reply ] [CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool 2018-07-04 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installers of Intel's Processor Diagnostic Tool (IPDT) before v4.1.0.27 have three vulnerabilities^Wbeginner's errors which all allow arbitrary code execution with escalation of privilege, plus a fourth which allows denial of service. Intel published advisory SA-00140 <https [ more ] [ reply ] [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29 Andreas Lehmkuehler (lehmi apache org) [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.14 Apache PDFBox 2.0.0 to 2.0.10 Earlier, unsupported Apache PDFBox versions may be affected as well Description: A carefu [ more ] [ reply ] [SECURITY] [DSA 4237-1] chromium-browser security update 2018-07-01 Michael Gilbert (mgilbert debian org) [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29 Andreas Lehmkuehler (lehmi apache org) [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.14 Apache PDFBox 2.0.0 to 2.0.10 Earlier, unsupported Apache PDFBox versions may be affected as well Description: A carefu [ more ] [ reply ] TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27 Tim Coen (tc coen gmail com) * Vulnerability: Broken Authentication * Affected Software: TP-Link TL-WR841N v13 * Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n * Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n * Risk: High * Vendor Contacted: 05/20/2018 * Vendor Fix: Issue was independent [ more ] [ reply ] TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577) 2018-06-27 Tim Coen (tc coen gmail com) * Vulnerability: Authenticated Blind Command Injection * Affected Software: TP-Link TL-WR841N v13 * Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n * Patched Version: None * Risk: High * Vendor Contacted: 05/20/2018 * Vendor Fix: None * Public Disclosure: 06/27/2018 ### [ more ] [ reply ] APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 2018-06-27 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 SwiftNIO 1.8.0 is now available and addresses the following: SwiftNIO Available for: macOS Sierra 10.12 and later, Ubuntu 14.04 and later Impact: A remote attacker may be able to overwrite arbitrary memory Descri [ more ] [ reply ] TP-Link TL-WR841N v13: CSRF (CVE-2018-12574) 2018-06-27 Tim Coen (tc coen gmail com) * Vulnerability: Cross-Site Request Forgery * Affected Software: TP-Link TL-WR841N v13 * Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n * Patched Version: None * Risk: High * Vendor Contacted: 05/20/2018 * Vendor Fix: None * Public Disclosure: 06/27/2018 ##### Overview [ more ] [ reply ] PRTG < 18.2.39 Command Injection 2018-06-26 Josh Berry (josh berry codewatch org) Bugtraq, I (Josh Berry) discovered an authenticated command injection vulnerability in the ?Demo? PowerShell notification script provided by versions of PRTG Network Monitor prior to 18.2.39. The PowerShell notifications demo script on versions of the application prior to 18.2.39 do not properly s [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2018-176-01) 2018-06-25 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-176-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability 2018-06-25 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.25 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt 1. Vulnerability Details [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21 FreeBSD Security Advisories (security-advisories freebsd org) |
Privacy Statement |
Hash: SHA256
APPLE-SA-2018-7-9-5 Safari 11.1.2
Safari 11.1.2 is now available and addresses the following:
Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.6
Impact: Visiting a malicious website may lead to address
[ more ] [ reply ]