|
|
Colapse all |
Post message
ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability 2017-01-18 EMC Product Security Response Center (Security_Alert emc com) [SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue 2017-01-16 Joe Witt (joewitt apache org) CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache NiFi 1.0.0 Apache NiFi 1.1.0 Description: There is a cross-site scripting vulnerability in connection details dialog when accessed by an [ more ] [ reply ] [SECURITY] [DSA 3765-1] icoutils security update 2017-01-14 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 3743-2] python-bottle regression update 2017-01-15 Sebastien Delafond (seb debian org) [security bulletin] HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click Jacking 2017-01-13 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053701 00 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05370100 Version: 1 HPSBGN03689 rev.1 [ more ] [ reply ] [security bulletin] HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities 2017-01-13 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053332 97 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05333297 Version: 2 HPSBST03671 rev.2 [ more ] [ reply ] [security bulletin] HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information 2017-01-12 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053694 03 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05369403 Version: 1 HPSBGN03694 rev.1 [ more ] [ reply ] ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers) 2017-01-12 Fernando Gont (fgont si6networks com) Folks, I'm curious about whether folks are filtering ICMPv6 PTB<1280 and/or IPv6 fragments targeted to BGP routers (off-list datapoints are welcome). In any case, you mind find it worth reading to check if you're affected (from Section 2 of recently-published RFC8021): ---- cut here ---- The s [ more ] [ reply ] CVE-2017-5350: Unexpected SystemUI FC driven by arbitrary application 2017-01-12 unlimitsec gmail com Description of the potential vulnerability:Lack of appropriate exception handling in some applications allows attackers to make a systemUI crash easily resulting in a possible DoS attack Affected versions: L(5.0/5.1), M(6.0), and N(7.0) Disclosure status: Privately disclosed. The patch prevents sys [ more ] [ reply ] [slackware-security] bind (SSA:2017-011-01) 2017-01-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2017-011-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +-------------------------- [ more ] [ reply ] [slackware-security] gnutls (SSA:2017-011-02) 2017-01-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnutls (SSA:2017-011-02) New gnutls packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packag [ more ] [ reply ] CA20170109-01: Security Notice for CA Service Desk Manager 2017-01-12 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CA20170109-01: Security Notice for CA Service Desk Manager Issued: January 10, 2017 Last Updated: January 10, 2017 CA Technologies support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists in RESTful web [ more ] [ reply ] Multiple Vulnerabilities in cPanel 2017-01-11 Open Security (open opensecurity ca) ===[ Introduction ]=== cPanel offers web hosting software that automates the intricate workings of web hosting servers. cPanel equips server administrators with the necessary tools to provide top-notch hosting to customers on tens of thousands of servers worldwide. ===[ Description ]=== I) Cross [ more ] [ reply ] IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced 2017-01-11 Andrea Barisani (andrea inversepath com) The following issue has been reported to Siemens ProductCERT in relation to Siemens Security Advisory SSA-603476, published on 2016-11-21. The issue has been treated with lower priority and treated outside the scope of SSA-603476 due to its lower security impact. As the finding is now addressed [ [ more ] [ reply ] Re: [oss-security] Docker 1.12.6 - Security Advisory 2017-01-11 Andreas Stieger (astieger suse com) On 01/11/2017 03:29 AM, Kurt Seifried wrote: > On Tue, Jan 10, 2017 at 6:58 PM, Nathan McCauley <nathan.mccauley (at) docker (dot) com [email concealed] >> [CVE-2016-9962] Insecure opening of file-descriptor allows privilege >> escalation >> >> [...] >> Credit for this discovery goes to Aleksa Sarai from SUSE and Tõnis Tiigi [ more ] [ reply ] Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability 2017-01-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2028 Release Date: ============= 2017-01-10 Vulnerability Laboratory ID (VL-ID): ================================= [ more ] [ reply ] Bit Defender #39 - Auth Token Bypass Vulnerability 2017-01-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Bit Defender #39 - Auth Token Bypass Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1683 Release Date: ============= 2017-01-09 Vulnerability Laboratory ID (VL-ID): ==================================== [ more ] [ reply ] BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability 2017-01-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1901 Release Date: ============= 2017-01-10 Vulnerability Laboratory ID (VL-ID): =========================== [ more ] [ reply ] Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability 2017-01-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1900 Release Date: ============= 2017-01-09 Vulnerability Laboratory ID (VL-ID): ========================= [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-17:01.openssh 2017-01-11 FreeBSD Security Advisories (security-advisories freebsd org) ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2017-01-10 EMC Product Security Response Center (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability EMC Identifier: ESA-2016-096 CVE Identifier: CVE-2016-0917 Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affec [ more ] [ reply ] ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2017-01-10 EMC Product Security Response Center (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability EMC Identifier: ESA-2016-096 CVE Identifier: CVE-2016-0917 Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affec [ more ] [ reply ] ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2017-01-10 EMC Product Security Response Center (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability EMC Identifier: ESA-2016-096 CVE Identifier: CVE-2016-0917 Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affec [ more ] [ reply ] QuickBooks 2017 Admin Credentials Disclosure 2017-01-06 info thegrideon com + Credits: Maxim Tomashevich + Website: https://www.thegrideon.com/quickbooks-forensics.html + Details: https://www.thegrideon.com/qb-internals-2017.html Vendor: --------------------- www.intuit.com www.intuit.ca Product: --------------------- QuickBooks Desktop versions: 2017 Vulnerability Ty [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability
EMC Identifier: ESA-2016-143
CVE Identifier: CVE-2016-8213
Severity Rating: CVSS v3 Base Score: 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)
Affected p
[ more ] [ reply ]