SecurityFocus

[SECURITY] [DSA 4236-1] xen security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4236-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 27, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4235-1] firefox-esr security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4235-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 27, 2018

[ more ] [ reply ]

TP-Link TL-WR841N v13: CSRF (CVE-2018-12574) 2018-06-27
Tim Coen (tc coen gmail com)

* Vulnerability: Cross-Site Request Forgery
* Affected Software: TP-Link TL-WR841N v13
* Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
* Patched Version: None
* Risk: High
* Vendor Contacted: 05/20/2018
* Vendor Fix: None
* Public Disclosure: 06/27/2018

##### Overview

[ more ] [ reply ]

PRTG < 18.2.39 Command Injection 2018-06-26
Josh Berry (josh berry codewatch org)

Bugtraq,

I (Josh Berry) discovered an authenticated command injection vulnerability
in the ?Demo? PowerShell notification script provided by versions of PRTG
Network Monitor prior to 18.2.39. The PowerShell notifications demo script
on versions of the application prior to 18.2.39 do not properly s

[ more ] [ reply ]

[slackware-security] mozilla-firefox (SSA:2018-176-01) 2018-06-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-176-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ] [ reply ]

KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability 2018-06-25
KoreLogic Disclosures (disclosures korelogic com)

KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability

Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability
Advisory ID: KL-001-2018-008
Publication Date: 2018.06.25
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt

1. Vulnerability Details

[ more ] [ reply ]

[SECURITY] [DSA 4234-1] lava-server security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4234-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 22, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4233-1] bouncycastle security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4233-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 22, 2018

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4232-1] xen security update 2018-06-20
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4232-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 20, 2018

[ more ] [ reply ]

[slackware-security] gnupg (SSA:2018-170-01) 2018-06-19
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnupg (SSA:2018-170-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+------------------------

[ more ] [ reply ]

XSS in Canopy login page 2018-06-19
RYT (me ryantzj com)

[Title]

XSS in Canopy login page

------------------------------------------

[Description]

CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer,

allowing attacks by low-privileged users against higher-privileged users.This

instance of stored cross-site scripting (XSS) v

[ more ] [ reply ]

[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4231-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 17, 2018

[ more ] [ reply ]

[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

[SECURITY] [DSA 4229-1] strongswan security update 2018-06-16
Yves-Alexis Perez (corsac debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4229-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
June 14, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4230-1] redis security update 2018-06-17
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4230-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 17, 2018

[ more ] [ reply ]

[security bulletin] MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-06-15
Branco, Rodrigo (rodrigo branco intel com)

0? *?H?÷
?0?10 +0? *?H?÷
?$??¬Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0AD2_01D40404.7886AFA0"

X-MS-TNEF-Correlator: 0000000061FF3D5B41EB9E4A831DBFB26BCC1B7407001A0BDC17ADE6FC4F8E4C8C6EA98D
1323000000054673000043EA03D60070E54ABCAD1E76C5F7039E004D7A42497700

[ more ] [ reply ]

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 2018-06-14
Michael Catanzaro (mcatanzaro igalia com)

------------------------------------------------------------------------

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005
------------------------------------------------------------------------

Date reported : June 13, 2018
Advisory ID : WSA-2018-0005

[ more ] [ reply ]

[SECURITY] [DSA 4228-1] spip security update 2018-06-14
Sebastien Delafond (seb debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4228-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 14, 2018

[ more ] [ reply ]

APPLE-SA-2018-06-13-01 Xcode 9.4.1 2018-06-13
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-06-13-01 Xcode 9.4.1

Xcode 9.4.1 is now available and addresses the following:

Git
Available for: macOS High Sierra 10.13.2 or later
Impact: Multiple issues in git, the most significant of which may
lead to arbitrary code execution
Des

[ more ] [ reply ]

Multiple Security Issues in Ecos Secure Boot Stick (SBS) 2018-06-13
Michael Rossberg (michael rossberg tu-ilmenau de)

MULTIPLE SECURITY ISSUES IN ECOS SECURE BOOT STICK (SBS)

- Software: Ecos Secure Boot Stick
- Version: Stick Version 5.6.5, System Management Version 5.2.68
- Vendor Status: Vendor informed
- Release Date: 13/06/2018

The latest version of this document may be downloaded from
https://telem

[ more ] [ reply ]

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 2018-06-13
yavuz atlas (yavatlas gmail com)

I. VULNERABILITY
-------------------------
Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-11689

III. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689

IV. CREDIT
-----------

[ more ] [ reply ]

CSNC-2018-021 - Vert.x - HTTP Header Injection 2018-06-13
Advisories (advisories compass-security com)

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Vert.x [1]
# CSNC ID: CSNC-2018-021
# Subject: HTTP Header Injection

[ more ] [ reply ]

[SECURITY] [DSA 4227-1] plexus-archiver security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4227-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 12, 2018

[ more ] [ reply ]

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities 2018-06-12
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin
Multiple SQL injection Security Vulnerabilities

Advisory ID: DC-2018-05-002
Advisory Title: WordPress WP Google Map Plugin Multiple SQL injection
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Sof

[ more ] [ reply ]

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) 2018-06-12
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder
Lite Plugin Multiple Vulnerabilities (XSS and SQLi)

Advisory ID: DC-2018-05-009
Advisory Title: WordPress Ultimate Form Builder Lite Plugin Multiple
Vulnerabilities (XSS and SQLi)
Advisory URL: http://www.defensecode.com

[ more ] [ reply ]

[SECURITY] [DSA 4226-1] perl security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4226-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 12, 2018

[ more ] [ reply ]

AST-2018-008: PJSIP endpoint presence disclosure when using ACL 2018-06-11
Asterisk Security Team (security asterisk org)

Asterisk Project Security Advisory - AST-2018-008

Product Asterisk
Summary PJSIP endpoint presence disclosure when using ACL
Nature of Advisory Unauthorized data disclosure

[ more ] [ reply ]