BugTraq Mode:
(Page 5 of 1745)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[slackware-security] git (SSA:2018-152-01) 2018-06-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] git (SSA:2018-152-01)

New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 2018-05-30
Amine Taouirsa (taouirsa gmail com)
Vendor: Appnitro
Product webpage: https://www.machform.com/
Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/
Fix: https://www.machform.com/blog-machform-423-security-release/

Author: Amine Taouirsa
Twitter: @metalamin

Google dork examples:
----------------------
"machform" inurl:"

[ more ]  [ reply ]
APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-06-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-5 watchOS 4.3.1

watchOS 4.3.1 addresses the following:

Crash Reporter
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with

[ more ]  [ reply ]
CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Vulnerability 2018-05-30
mehta himanshu21 gmail com
Aloha,

*1. Introduction*

Vendor: NCH Software
Affected Product: AXON PBX - 2.02
Vendor Website: http://www.nch.com.au/pbx/index.html
Vulnerability Type: Reflected XSS
Remote Exploitable: Yes
CVE: CVE-2018-11552

*2. Overview*

There is a reflected

[ more ]  [ reply ]
[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4209-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 25, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4210-1] xen security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4210-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 25, 2018

[ more ]  [ reply ]
Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting 2018-05-24
Yavuz Atlas (yavuz atlas biznet com tr)
I. VULNERABILITY
-------------------------
Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting

II. CVE REFERENCE
-------------------------
CVE-2018-11027

III. VENDOR HOMEPAGE
-------------------------
https://www.ruckuswireless.com

IV. DESCRIPTION
-------------------------
Ruckus (Broca

[ more ]  [ reply ]
Android OS Didnt use FLAG_SECURE for Sensitive Settings [CVE-2017-13243] 2018-05-24
research nightwatchcybersecurity com
[Blog post here:
https://wwws.nightwatchcybersecurity.com/2018/05/24/android-os-didnt-use
-flag_secure-for-sensitive-settings-cve-2017-13243/]

SUMMARY

Android OS did not use the FLAG_SECURE flag for sensitive settings,
potentially exposing sensitive data to other applications on the same
device wit

[ more ]  [ reply ]
PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) 2018-05-23
reggie dodd30 gmail com
[Title]
PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392)

[Product]
PHP Login & User Management
https://codecanyon.net/item/php-login-user-management/49008

[CVE]
CVE-2018-11392

[Credit]
Reginald Dodd

[Description]
An arbitrary file upload vulnerability in /classes/pro

[ more ]  [ reply ]
[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting 2018-05-23
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031647
78

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03164778

Version: 1

MFSBGN03808 rev.1

[ more ]  [ reply ]
[CVE-2018-8013] Apache Batik information disclosure vulnerability 2018-05-23
Simon Steiner (simonsteiner1984 gmail com)
CVE-2018-8013:
Apache Batik information disclosure vulnerability

Severity:
Medium

Vendor:
The Apache Software Foundation

Versions Affected:
Batik 1.0 - 1.9.1

Description:
When deserializing subclass of `AbstractDocument`, the class takes a
string from the

[ more ]  [ reply ]
K2 smartforms runtime application - 4.6.11 SSRF 2018-05-22
fuming22 gmail com
# Vulnerability type: Server Side Request Forgery
# Vendor: https://www.k2.com/
# Product: K2 Smartforms
# Affected version: 4.6.11
# Credit: Foo Jong Meng
# CVE ID: CVE-2018-9920

# DESCRIPTION:

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified ho

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2018-142-02) 2018-05-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2018-142-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 4208-1] procps security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4208-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 22, 2018

[ more ]  [ reply ]
[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) 2018-05-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01)

New kernel packages are available for Slackware 14.2 to fix a regression in the
getsockopt() function and to fix two denial-of-service security issues.

Here are the details from the Slack

[ more ]  [ reply ]
[slackware-security] procps-ng (SSA:2018-142-03) 2018-05-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] procps-ng (SSA:2018-142-03)

New procps-ng packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/proc

[ more ]  [ reply ]
[SECURITY] [DSA 4207-1] packagekit security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4207-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 22, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4206-1] gitlab security update 2018-05-21
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4206-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 21, 2018

[ more ]  [ reply ]
Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

Qualys Security Advisory

Procps-ng Audit Report

========================================================================

Contents
========================================================================

Summary
1. FUSE-backed /proc/PID/cmdline
2. Unprivileged process hiding
3. Local Privilege E

[ more ]  [ reply ]
[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for 2018-05-18
Moritz Muehlenhoff (jmm debian org)
Debian oldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4205-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 18, 2

[ more ]  [ reply ]
[SECURITY] [DSA 4204-1] imagemagick security update 2018-05-18
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4204-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 18, 2018

[ more ]  [ reply ]
[SYSS-2018-007] ILIAS e-Learning - Reflected Cross-Site-Scripting 2018-05-18
Moritz Bechler (moritz bechler syss de)
Advisory ID: SYSS-2018-007
Product: ILIAS
Affected Version(s): 5.3.2, 5.2.14, 5.1.25
Tested Version(s): 5.3.2, 5.2.12
Vulnerability Type: Reflected Cross-Site-Scripting
Risk Level: MEDIUM
Solution Status: Fixed
Manufacturer Notification: 2018-03-29
Solution Date: 2018-04-25
Public Disclosure: 2018-0

[ more ]  [ reply ]
MagniComp SysInfo Information Exposure [CVE-2018-7268] 2018-05-18
Harry Sintonen (bugtraq kyber fi)
MagniComp SysInfo Information Exposure [CVE-2018-7268]
======================================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.tx
t

Overview
--------

MagniComp SysInfo contains a information e

[ more ]  [ reply ]
[SECURITY] [DSA 4203-1] vlc security update 2018-05-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4203-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 17, 2018

[ more ]  [ reply ]
[slackware-security] curl (SSA:2018-136-01) 2018-05-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2018-136-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/c

[ more ]  [ reply ]
[slackware-security] php (SSA:2018-136-02) 2018-05-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2018-136-02)

New php packages are available for Slackware 14.0, 14.1, and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php-5.6.36-i5

[ more ]  [ reply ]
[SECURITY] [DSA 4202-1] curl security update 2018-05-16
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4202-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
May 16, 2018

[ more ]  [ reply ]
CVE-2018-11101: Signal-desktop HTML tag injection variant 2 2018-05-16
Alfredo Ortega (ortegaalfredo gmail com)

Title: Signal-desktop HTML tag injection variant 2

Date Published: 2018-05-16

Last Update: 2018-05-16

CVE Name: CVE-2018-11101

Class: Code injection

Remotely Exploitable: Yes

Locally Exploitable: No

Vendors contacted: Signal.org

Vulnerability Description:

Signal-desktop is the standalone d

[ more ]  [ reply ]
SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager 2018-05-16
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180516-0 >
=======================================================================
title: XXE & XSS vulnerabilities
product: RSA Authentication Manager
vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P1
fixed vers

[ more ]  [ reply ]
[SECURITY] [DSA 4201-1] xen security update 2018-05-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4201-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 15, 2018

[ more ]  [ reply ]
(Page 5 of 1745)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus