|
|
Colapse all |
Post message
AST-2018-007: Infinite loop when reading iostreams 2018-06-11 Asterisk Security Team (security asterisk org) [SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release) 2018-06-08 Security Explorations (contact security-explorations com) Hello All, We have decided to release to the public domain our SRP-2018-01 security research project related to the security of STMicroelectronics chipsets. The research material (70+ pages long technical paper accompanied by two reverse engineering tools) can be downloaded from the SRP section o [ more ] [ reply ] SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect) 2018-06-08 ch sangsakul gmail com SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect) # Exploit Title: SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect) # Date: 08-06-2018 # Software Link: https://symfony.com/ # Exploit Author: HaMM0nz (Chakrit S.), a member of KPMG Cyber Security team in Thailand # CV [ more ] [ reply ] [slackware-security] gnupg2 (SSA:2018-159-01) 2018-06-08 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnupg2 (SSA:2018-159-01) New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and - -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patc [ more ] [ reply ] Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS) 2018-06-08 yavuz atlas (yavatlas gmail com) I. VULNERABILITY ------------------------- Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS) II. CVE REFERENCE ------------------------- CVE-2018-11690 III. VENDOR ------------------------- https://extensions.joomla.org/extension/gridbox/ IV. REFERENCES ----------------- [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07 Defense Code (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities Advisory ID: DC-2018-05-001 Advisory Title: WordPress Form Maker Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Form Maker pl [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07 Defense Code (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities Advisory ID: DC-2018-05-004 Advisory Title: WordPress Contact Form Maker Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: Word [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2018-157-01) 2018-06-07 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-157-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [SECURITY] [DSA 4218-1] memcached security update 2018-06-06 Salvatore Bonaccorso (carnil debian org) Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) 2018-06-05 yavuz atlas (yavatlas gmail com) I. VULNERABILITY ------------------------- Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting II. CVE REFERENCE ------------------------- CVE-2018-11688 III. VENDOR HOMEPAGE ------------------------- https://www.igniterealtime.org/projects/openfire/ IV. DESCRIPTION --------- [ more ] [ reply ] APPLE-SA-2018-06-01-4 iOS 11.4 2018-06-01 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-01-4 iOS 11.4 iOS 11.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer [ more ] [ reply ] [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities 2018-05-31 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Quest DR Series Disk Backup Multiple Vulnerabilities 1. *Advisory Information* Title: Quest DR Series Disk Backup Multiple Vulnerabilities Advisory ID: CORE-2018-0002 Advisory URL: http://www.coresecurity.com/advisories/quest-dr- [ more ] [ reply ] APPLE-SA-2018-06-01-3 iCloud for Windows 7.5 2018-06-01 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-01-3 iCloud for Windows 7.5 iCloud for Windows 7.5 is now available and addresses the following: Security Available for: Windows 7 and later Impact: A local user may be able to read a persistent device identifier Description: An aut [ more ] [ reply ] APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-06-01 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and Security Update 2018-003 El Capitan are now available and address th [ more ] [ reply ] [CORE-2018-0004] - Quest KACE System Management Appliance Multiple Vulnerabilities 2018-05-31 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Quest KACE System Management Appliance Multiple Vulnerabilities 1. *Advisory Information* Title: Quest KACE System Management Appliance Multiple Vulnerabilities Advisory ID: CORE-2018-0004 Advisory URL: http://www.coresecurity.co [ more ] [ reply ] [SECURITY] [DSA 4191-2] redmine regression update 2018-06-03 Salvatore Bonaccorso (carnil debian org) APPLE-SA-2018-06-01-2 Safari 11.1.1 2018-06-01 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-01-2 Safari 11.1.1 Safari 11.1.1 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may be able to cause a den [ more ] [ reply ] APPLE-SA-2018-06-01-6 tvOS 11.4 2018-06-01 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-01-6 tvOS 11.4 tvOS 11.4 addresses the following: Crash Reporter Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addr [ more ] [ reply ] APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows 2018-06-01 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows iTunes 12.7.5 for Windows addresses the following: Security Available for: Windows 7 and later Impact: A local user may be able to read a persistent device identifier Description: An authorization issu [ more ] [ reply ] |
|
Privacy Statement |
Product Asterisk
Summary Infinite loop when reading iostreams
Nature of Advisory Denial of Service
[ more ] [ reply ]