|
|
Colapse all |
Post message
[slackware-security] git (SSA:2018-152-01) 2018-06-01 Slackware Security Team (security slackware com) MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 2018-05-30 Amine Taouirsa (taouirsa gmail com) Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google dork examples: ---------------------- "machform" inurl:" [ more ] [ reply ] APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-06-01 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-01-5 watchOS 4.3.1 watchOS 4.3.1 addresses the following: Crash Reporter Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with [ more ] [ reply ] CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Vulnerability 2018-05-30 mehta himanshu21 gmail com Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting 2018-05-24 Yavuz Atlas (yavuz atlas biznet com tr) I. VULNERABILITY ------------------------- Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting II. CVE REFERENCE ------------------------- CVE-2018-11027 III. VENDOR HOMEPAGE ------------------------- https://www.ruckuswireless.com IV. DESCRIPTION ------------------------- Ruckus (Broca [ more ] [ reply ] Android OS Didnt use FLAG_SECURE for Sensitive Settings [CVE-2017-13243] 2018-05-24 research nightwatchcybersecurity com [Blog post here: https://wwws.nightwatchcybersecurity.com/2018/05/24/android-os-didnt-use -flag_secure-for-sensitive-settings-cve-2017-13243/] SUMMARY Android OS did not use the FLAG_SECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device wit [ more ] [ reply ] PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) 2018-05-23 reggie dodd30 gmail com [Title] PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) [Product] PHP Login & User Management https://codecanyon.net/item/php-login-user-management/49008 [CVE] CVE-2018-11392 [Credit] Reginald Dodd [Description] An arbitrary file upload vulnerability in /classes/pro [ more ] [ reply ] [security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting 2018-05-23 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031647 78 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03164778 Version: 1 MFSBGN03808 rev.1 [ more ] [ reply ] [CVE-2018-8013] Apache Batik information disclosure vulnerability 2018-05-23 Simon Steiner (simonsteiner1984 gmail com) K2 smartforms runtime application - 4.6.11 SSRF 2018-05-22 fuming22 gmail com # Vulnerability type: Server Side Request Forgery # Vendor: https://www.k2.com/ # Product: K2 Smartforms # Affected version: 4.6.11 # Credit: Foo Jong Meng # CVE ID: CVE-2018-9920 # DESCRIPTION: Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified ho [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2018-142-02) 2018-05-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2018-142-02) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ p [ more ] [ reply ] [slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) 2018-05-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) New kernel packages are available for Slackware 14.2 to fix a regression in the getsockopt() function and to fix two denial-of-service security issues. Here are the details from the Slack [ more ] [ reply ] [slackware-security] procps-ng (SSA:2018-142-03) 2018-05-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] procps-ng (SSA:2018-142-03) New procps-ng packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/proc [ more ] [ reply ] [SECURITY] [DSA 4207-1] packagekit security update 2018-05-22 Salvatore Bonaccorso (carnil debian org) Qualys Security Advisory - Procps-ng Audit Report 2018-05-21 Qualys Security Advisory (qsa qualys com) Qualys Security Advisory Procps-ng Audit Report ======================================================================== Contents ======================================================================== Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged process hiding 3. Local Privilege E [ more ] [ reply ] [SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for 2018-05-18 Moritz Muehlenhoff (jmm debian org) Debian oldstable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-4205-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2 [ more ] [ reply ] [SYSS-2018-007] ILIAS e-Learning - Reflected Cross-Site-Scripting 2018-05-18 Moritz Bechler (moritz bechler syss de) Advisory ID: SYSS-2018-007 Product: ILIAS Affected Version(s): 5.3.2, 5.2.14, 5.1.25 Tested Version(s): 5.3.2, 5.2.12 Vulnerability Type: Reflected Cross-Site-Scripting Risk Level: MEDIUM Solution Status: Fixed Manufacturer Notification: 2018-03-29 Solution Date: 2018-04-25 Public Disclosure: 2018-0 [ more ] [ reply ] MagniComp SysInfo Information Exposure [CVE-2018-7268] 2018-05-18 Harry Sintonen (bugtraq kyber fi) MagniComp SysInfo Information Exposure [CVE-2018-7268] ====================================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.tx t Overview -------- MagniComp SysInfo contains a information e [ more ] [ reply ] [slackware-security] curl (SSA:2018-136-01) 2018-05-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2018-136-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/c [ more ] [ reply ] [slackware-security] php (SSA:2018-136-02) 2018-05-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2018-136-02) New php packages are available for Slackware 14.0, 14.1, and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.36-i5 [ more ] [ reply ] CVE-2018-11101: Signal-desktop HTML tag injection variant 2 2018-05-16 Alfredo Ortega (ortegaalfredo gmail com) Title: Signal-desktop HTML tag injection variant 2 Date Published: 2018-05-16 Last Update: 2018-05-16 CVE Name: CVE-2018-11101 Class: Code injection Remotely Exploitable: Yes Locally Exploitable: No Vendors contacted: Signal.org Vulnerability Description: Signal-desktop is the standalone d [ more ] [ reply ] SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager 2018-05-16 SEC Consult Vulnerability Lab (research sec-consult com) |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] git (SSA:2018-152-01)
New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p
[ more ] [ reply ]