Colapse all |
Post message
FreeBSD Security Advisory FreeBSD-SA-16:19.sendmsg 2016-05-17 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-16:18.atkbd 2016-05-17 FreeBSD Security Advisories (security-advisories freebsd org) [security bulletin] HPSBGN03587 rev.1 - HPE Helion OpenStack using OpenSSL and Open vSwitch, Remote Arbitrary Command Execution, Denial of Service (DoS), Disclosure of Information 2016-05-17 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05141441 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05141441 Version: 1 HPSBGN03587 r [ more ] [ reply ] WSO2 SOA Enablement Server - Reflected Cross-Site Scripting 2016-05-17 Etnies (kuba25101990 gmail com) Title: WSO2 SOA Enablement Server - Reflected Cross-Site Scripting Authors: Jakub Palaczynski, Lukasz Juszczyk Date: 08. April 2016 CVE: CVE-2016-4327 Affected Software: ================== WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 Probably other versions are also vulnerable [ more ] [ reply ] [security bulletin] HPSBHF03594 rev.1 - HPE ConvergedSystem and AppSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-17 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05135617 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05135617 Version: 1 HPSBHF03594 r [ more ] [ reply ] APPLE-SA-2016-05-16-6 iTunes 12.4 2016-05-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-6 iTunes 12.4 iTunes 12.4 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: Running the iTunes installer in an untrusted directory may have resulted in arbitrary code execution Desc [ more ] [ reply ] APPLE-SA-2016-05-16-5 Safari 9.1.1 2016-05-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-5 Safari 9.1.1 Safari 9.1.1 is now available and addresses the following: Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: A user may be unable to fully delete browsing [ more ] [ reply ] APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 2016-05-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An applicatio [ more ] [ reply ] APPLE-SA-2016-05-16-3 watchOS 2.2.1 2016-05-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-3 watchOS 2.2.1 watchOS 2.2.1 is now available and addresses the following: CommonCrypto Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to [ more ] [ reply ] APPLE-SA-2016-05-16-2 iOS 9.3.2 2016-05-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-2 iOS 9.3.2 iOS 9.3.2 is now available and addresses the following: Accessibility Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to determine kerne [ more ] [ reply ] APPLE-SA-2016-05-16-1 tvOS 9.2.1 2016-05-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-1 tvOS 9.2.1 tvOS 9.2.1 is now available and addresses the following: CFNetwork Proxies Available for: Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to leak sensitive user informatio [ more ] [ reply ] Security advisory for Bugzilla 5.0.3 and 4.4.12 2016-05-16 LpSolit gmail com Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: * A specially crafted bug summary could trigger XSS in dependency graphs. All affected installations are encouraged to upgrade as [ more ] [ reply ] [ERPSCAN-16-008] SAP NetWeaver AS JAVA - XSS vulnerability in ProxyServer servlet 2016-05-16 ERPScan inc (erpscan online gmail com) Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: http://SAP.com Bugs: Cross Site Scripting (XSS) Sent: 10.08.2015 Reported: 10.08.2015 Vendor response: 11.08.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2220571 Author: Vah [ more ] [ reply ] [ERPSCAN-16-009] SAP xMII - directory traversal vulnerability 2016-05-16 ERPScan inc (erpscan online gmail com) Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 29.07.2015 Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2230978 Author: Dmitry Chastuhin (ERPScan) Descr [ more ] [ reply ] [SECURITY] [DSA 3579-1] xerces-c security update 2016-05-16 Salvatore Bonaccorso (carnil debian org) dns_dhcp Web Interface SQL Injection 2016-05-14 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/DNS_DHCP-WEB-INTERFACE-SQL-IN JECTION.txt [+] ISR: apparitionsec Vendor: ==================== tmcdos / sourceforge Product: ====================== dns_dhcp Web Interface Down [ more ] [ reply ] eXtplorer v2.1.9 Archive Path Traversal 2016-05-14 hyp3rlinx lycos com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/EXTPLORER-ARCHIVE-PATH-TRAVER SAL.txt [+] ISR: apparitionsec Vendor: ============== extplorer.net Product: ================== eXtplorer v2.1.9 eXtplorer is a PH [ more ] [ reply ] [security bulletin] HPSBMU03590 rev.1 - HPE Systems Insight Manager (SIM) on Windows and Linux, Multiple Vulnerabilities 2016-05-13 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05131085 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05131085 Version: 1 HPSBMU03590 [ more ] [ reply ] May 2016 - HipChat Server - Critical Security Advisory 2016-05-13 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/96hMMQ . CVE IDs: * CVE-2016-3714 - ImageMagick - Insufficient shell characters filtering leads to (potentially * remote) code execution * CVE-2016-3715 - [ more ] [ reply ] [security bulletin] HPSBMU03589 rev.1 - HPE Version Control Repository Manager (VCRM), Remote Denial of Service (DoS) 2016-05-12 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05131044 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05131044 Version: 1 HPSBMU03589 [ more ] [ reply ] [security bulletin] HPSBMU03591 rev.1 - HPE Server Migration Pack, Remote Denial of Service (DoS) 2016-05-12 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05130958 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05130958 Version: 1 HPSBMU03591 [ more ] [ reply ] [SECURITY] [DSA 3575-1] libxstream-java security update 2016-05-12 Moritz Muehlenhoff (jmm debian org) [security bulletin] HPSBGN03597 rev.1 - HPE Cloud Optimizer (Virtualization Performance Viewer) using glibc Remote Denial of Service (DoS) 2016-05-12 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05125672 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05125672 Version: 1 HPSBGN03597 r [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2016-132-01) 2016-05-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2016-132-01) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ p [ more ] [ reply ] [security bulletin] HPSBST03599 rev.1 - HPE 3PAR OS running OpenSSH, Remote Denial of Service (DoS), Access Restriction Bypass 2016-05-11 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05128992 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05128992 Version: 1 HPSBST03599 r [ more ] [ reply ] [security bulletin] HPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-05-11 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05128937 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05128937 Version: 1 HPSBST03598 r [ more ] [ reply ] [security bulletin] HPSBST03586 rev.1 - HPE 3PAR OS, Remote Unauthorized Modification 2016-05-11 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05128722 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05128722 Version: 1 HPSBST03586 r [ more ] [ reply ] [security bulletin] HPSBNS03581 rev.2 - HPE NonStop Servers running Samba (NS-Samba), Multiple Remote Vulnerabilities 2016-05-11 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05082964 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05082964 Version: 2 HPSBNS03581 r [ more ] [ reply ] [security bulletin] HPSBHF03592 rev.1 - HPE VAN SDN Controller OVA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-11 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05126404 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05126404 Version: 1 HPSBHF03592 [ more ] [ reply ] [SECURITY] [DSA 3565-2] monotone ovito pdns qtcreator softhsm regression update 2016-05-11 Sebastien Delafond (seb debian org) BulletProof Security 53.3 - Security Advisory - Multiple XSS Vulnerabilities 2016-05-10 Onur Yilmaz (onur netsparker com) Information -------------------- Advisory by Netsparker Name: Multiple XSS Vulnerabilities in BulletProof Security Affected Software : BulletProof Security Affected Versions: v53.3 and possibly below Vendor Homepage : https://wordpress.org/plugins/bulletproof-security/ Vulnerability Type : Cross-sit [ more ] [ reply ] [slackware-security] imagemagick (SSA:2016-132-01) 2016-05-11 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] imagemagick (SSA:2016-132-01) New imagemagick packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/pa [ more ] [ reply ] [security bulletin] HPSBUX03574 rev.1 - HPE HP-UX CIFS-Server (Samba), Remote Access Restriction Bypass, Authentication bypass, Denial of Service (DoS), Unauthorized Access to Files, Access Restriction Bypass, Unauthorized Information Disclosure 2016-05-10 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05115993 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05115993 Version: 1 HPSBUX03574 r [ more ] [ reply ] [security bulletin] HPSBUX03596 rev.1 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access 2016-05-10 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05121842 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05121842 Version: 1 HPSBUX03596 r [ more ] [ reply ] [SECURITY] [DSA 3574-1] libarchive security update 2016-05-10 Salvatore Bonaccorso (carnil debian org) Intuit QuickBooks 2007 - 2016 Arbitrary Code Execution 2016-05-10 support thegrideon com + Credits: Maxim Tomashevich from Thegrideon Software + Website: https://www.thegrideon.com/ + Details: https://www.thegrideon.com/qb-internals-sql.html Vendor: --------------------- www.intuit.com www.intuit.ca www.intuit.co.uk Product: --------------------- QuickBooks Desktop versions: 2007 - 2 [ more ] [ reply ] Trend Micro Direct Pass - Filter Bypass & Cross Site Scripting Vulnerability 2016-05-10 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Trend Micro Direct Pass - Filter Bypass & Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1716 Trend Micro Security ID: 1-1-1039900197 Release Date: ============= 2016-05-01 Vulner [ more ] [ reply ] Stanford University - Multiple SQL Injection Vulnerabilities 2016-05-10 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Stanford University - Multiple SQL Injection Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1829 Release Date: ============= 2016-05-09 Vulnerability Laboratory ID (VL-ID): ========================== [ more ] [ reply ] Notes v4.5 iOS - Arbitrary File Upload Vulnerability 2016-05-10 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Notes v4.5 iOS - Arbitrary File Upload Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1832 Release Date: ============= 2016-04-25 Vulnerability Laboratory ID (VL-ID): ================================== [ more ] [ reply ] Skype Manager - (Email Change) Filter Bypass Vulnerability 2016-05-10 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Skype Manager - (Email Change) Filter Bypass Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1672 MSRC Case 32353 TRK:0001002845 Release Date: ============= 2016-05-09 Vulnerability Laboratory ID (VL-I [ more ] [ reply ] Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability 2016-05-10 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1839 Release Date: ============= 2016-04-29 Vulnerability Laboratory ID (VL-ID): ========== [ more ] [ reply ] [security bulletin] HPSBUX03577 SSRT102172 rev.1 - HP-UX VxFS, Local Unauthorized Access to Files 2016-05-09 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05121749 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05121749 Version: 1 HPSBUX03577 S [ more ] [ reply ] WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS 2016-05-09 mail michaelhelwig de * Exploit Title: WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS * Discovery Date: 2016/03/13 * Public Disclosure Date: 2016/05/09 * Exploit Author: Michael Helwig * Contact: https://twitter.com/c0dmtr1x | https://codemetrix.net * Vendor Homepage: http://wpeventregister [ more ] [ reply ] ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection. 2016-05-06 Saif El-Sherei (saif sensepost com) (1 replies) Heya, Wanted to request CVE for the following issues, that have been fixed by the vendor, fix details are at: https://www.manageengine.com/products/applications_manager/release-notes .html [SPSA-2016-02/ManageEngine ApplicationsManager]------------------------------ SECURITY ADVISORY: SPSA-2016 [ more ] [ reply ] Re: ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection. 2016-05-06 Saif El-Sherei (saif elsherei com) Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities 2016-05-05 bhadresh patel helpag com [security bulletin] HPSBMU03584 rev.1 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities 2016-05-05 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05103564 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05103564 Version: 1 HPSBMU03584 r [ more ] [ reply ] [SECURITY] [DSA 3570-1] mercurial security update 2016-05-05 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 3568-1] libtasn1-6 security update 2016-05-05 Salvatore Bonaccorso (carnil debian org) FreeBSD Security Advisory FreeBSD-SA-16:17.openssl 2016-05-04 FreeBSD Security Advisories (security-advisories freebsd org) Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 2016-05-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 Advisory ID: cisco-sa-20160504-openssl Revision 1.0 For Public Release 2016 May 04 19:30 GMT (UTC) +------------------------------------------------- [ more ] [ reply ] ESA-2016-051: Patch 14 for RSA® Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities 2016-05-04 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-051: Patch 14 for RSA® Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities EMC Identifier: ESA-2016-051 CVE Identifier: CVE-2016-0900, CVE-2016-0901, CVE-2016-0902 Severity Rating: CVSSv3 Base Score: See below for in [ more ] [ reply ] [SECURITY] [DSA 3567-1] libpam-sshauth security update 2016-05-04 Salvatore Bonaccorso (carnil debian org) APPLE-SA-2016-05-03-1 Xcode 7.3.1 2016-05-04 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-03-1 Xcode 7.3.1 Xcode 7.3.1 is now available and addresses the following: Git Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A heap-based buffer overf [ more ] [ reply ] Cisco Security Advisory: Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability 2016-05-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability Advisory ID: cisco-sa-20160504-fpkern Revision 1.0 For Public Release 2016 May 4 16:00 UTC (GMT) +---------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability 2016-05-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability Advisory ID: cisco-sa-20160504-tpxml Revision 1.0 For Public Release 2016 May 4 16:00 UTC (GMT) +----------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability 2016-05-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability Advisory ID: cisco-sa-20160504-firepower Revision 1.0 For Public Release 2016 May 04 16:00 GMT (UTC) +------------------------------------- [ more ] [ reply ] CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning 2016-05-04 Lab I-Tracing (lab i-tracing com) ============================================= Web Server Cache Poisoning in CMS Made Simple ============================================= CVE-2016-2784 Product Description =================== CMS Made Simple is a great tool with many plugins to publish content on the Web. It aims to be simple to [ more ] [ reply ] [slackware-security] openssl (SSA:2016-124-01) 2016-05-03 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2016-124-01) New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/o [ more ] [ reply ] Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting 2016-05-03 Julien Ahrens (info rcesecurity com) LSE Leading Security Experts GmbH - LSE-2016-02-03 - OXID eShop Path Traversal Vulnerability 2016-05-03 LSE-Advisories (advisories lsexperts de) === LSE Leading Security Experts GmbH - Security Advisory 2016-02-03 === OXID eShop Path Traversal Vulnerability ------------------------------------------------------------------------ Affected Versions ================= Community Edition 4.9.7 Issue Overview ============== Vulnerability Type: p [ more ] [ reply ] NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities 2016-05-03 bhadresh patel helpag com Title: ==== NetCommWireless HSPA 3G10WVE Wireless Router ? Multiple vulnerabilities Credit: ====== Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com CVE: ===== CVE-2015-6023, CVE-2016-6024 Date: ==== 03-05-2016 (dd/mm/yyyy) Vendor: ====== NetComm Wireless is a leading [ more ] [ reply ] CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection 2016-05-03 Timo Juhani Lindfors (timo lindfors iki fi) CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions were not [ more ] [ reply ] [slackware-security] mercurial (SSA:2016-123-01) 2016-05-02 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mercurial (SSA:2016-123-01) New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +---------------------- [ more ] [ reply ] ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities 2016-05-02 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities EMC Identifier: ESA-2016-041 CVE Identifier: CVE-2016-0892, CVE-2016-0893, CVE-2016-0894, CVE-2016-0895 Severity Rating: CVSSv3 Base Score : Please view details below for individ [ more ] [ reply ] [SECURITY] [DSA 3564-1] chromium-browser security update 2016-05-02 Michael Gilbert (mgilbert debian org) Exploit-DB Captcha Bypass 2016-05-01 Rahul Pratap Singh (techno rps gmail com) ## FULL DISCLOSURE #Exploit Author : Rahul Pratap Singh #Home page Link : https://www.exploit-db.com/ #Website : https://0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 1/5/2016 ---------------------------------------- Description: ----------------------- [ more ] [ reply ] [slackware-security] subversion (SSA:2016-121-01) 2016-04-30 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] subversion (SSA:2016-121-01) New subversion packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/pack [ more ] [ reply ] [slackware-security] php (SSA:2016-120-02) 2016-04-29 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2016-120-02) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.6.2 [ more ] [ reply ] [slackware-security] ntp (SSA:2016-120-01) 2016-04-29 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2016-120-01) New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches [ more ] [ reply ] [security bulletin] HPSBGN03547 rev.3 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution 2016-04-29 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04989404 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04989404 Version: 3 HPSBGN03547 r [ more ] [ reply ] [SECURITY] [DSA 3561-1] subversion security update 2016-04-29 Salvatore Bonaccorso (carnil debian org) SQL Injection in GLPI 2016-04-29 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23301 Product: GLPI Vendor: INDEPNET Vulnerable Version(s): 0.90.2 and probably prior Tested Version: 0.90.2 Advisory Publication: April 8, 2016 [without technical details] Vendor Notification: April 8, 2016 Vendor Patch: April 11, 2016 Public Disclosure: April 29, 2016 Vulnera [ more ] [ reply ] Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability 2016-04-29 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1839 Release Date: ============= 2016-04-29 Vulnerability Laboratory ID (VL-ID): ========== [ more ] [ reply ] Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream 2016-04-28 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll despite better knowledge and MULTIPLE bug/vulnerability reports (see <https://bugzilla.mozilla.org/show_bug.cgi?id=811557>, <https://bugzilla.mozilla.org/show_bug.cgi?id=809373>, <https://bugzilla.mozilla.org/show_bug.cgi?id=579593>, ...) Mozilla continues to ship Firefox and Thunderbird fo [ more ] [ reply ] [security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS) 2016-04-28 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05087821 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05087821 Version: 1 HPSBUX03583 S [ more ] [ reply ] CVE-2016-3078: php: integer overflow in ZipArchive::getFrom* 2016-04-28 Hans Jerry Illikainen (hji dyntopia com) Details ======= An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow. php-7.0.5/ext/zip/php_zip.c ,---- | 2679 static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int ty [ more ] [ reply ] CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS 2016-04-27 Tony Homer (tony-- apache org) CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Severity: High Vendor: The Apache Software Foundation Versions Affected: cordova-ios 3.9.1 and below Description: Apache Cordova iOS contains 2 methods to bypass the URL access restrictions provided by the whitelist. An attacker [ more ] [ reply ] CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS 2016-04-27 Tony Homer (ajh158 gmail com) CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Severity: High Vendor: The Apache Software Foundation Versions Affected: cordova-ios 3.9.1 and below Description: Apache Cordova iOS contains 2 methods to bypass the URL access restrictions provided by the whitelist. An attacker [ more ] [ reply ] CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS 2016-04-27 Tony Homer (tony-- apache org) CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS Severity: High Vendor: The Apache Software Foundation Versions Affected: cordova-ios 3.9.1 and below Description: An arbitrary plugin can be executed when a user clicks on a link. Upgrade path: Developers who are concerned a [ more ] [ reply ] EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection 2016-04-27 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection ------------------------------------------------------------------------ Han Sahin, November 2014 ---------------------------------------------------------------- [ more ] [ reply ] Oracle Discoverer Viewer BI - Open Redirect Vulnerability 2016-04-27 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Oracle Discoverer Viewer BI - Open Redirect Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1667 Oracle ID: S0666670 Release Date: ============= 2016-04-26 Vulnerability Laboratory ID (VL-ID): ======== [ more ] [ reply ] |
Privacy Statement |
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3582-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 18, 2016
[ more ] [ reply ]