BugTraq Mode:
(Page 9 of 1738)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
APPLE-SA-2018-1-23-5 Safari 11.0.3 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-5 Safari 11.0.3

Safari 11.0.3 is now available and addresses the following:

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.3
Impact: Processing maliciously crafted web content may

[ more ]  [ reply ]
APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 2018-01-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-7 iCloud for Windows 7.3

iCloud for Windows 7.3 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Descri

[ more ]  [ reply ]
APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3,
Security Update 2018-001 Sierra,
and Security Update 2018-001 El Capitan

macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and
Security Update 2018-001 El Capitan are now available and address

[ more ]  [ reply ]
APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows 2018-01-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows

iTunes 12.7.3 for Windows is now available and addresses the
following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities 2018-01-23
DefenseCode (defensecode defensecode com)

           DefenseCode ThunderScan SAST Advisory
SugarCRM Community Edition Multiple SQL Injection Vulnerabilities

Advisory ID:    DC-2018-01-011
Advisory Title: SugarCRM Community Edition Multiple SQL Injection
Vulnerabilities
Advisory URL:   http://www.defensecode.com/advisories.php
Software:  

[ more ]  [ reply ]
SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications 2018-01-23
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180123-0 >
=======================================================================
title: XXE & Reflected XSS
product: Oracle Financial Services Analytical Applications
vulnerable version: 7.3.5.x, 8.0.x
fixed versi

[ more ]  [ reply ]
[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-22
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us

Version: 7

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4094-1] smarty3 security update 2018-01-22
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4094-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
January 22, 2018

[ more ]  [ reply ]
CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities 2018-01-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1833

Release Date:
=============
2018-01-22

Vulnerability Laboratory ID (VL-ID):
=====================

[ more ]  [ reply ]
Photo Vault v1.2 iOS - Insecure Authentication Vulnerability 2018-01-19
Vulnerability Lab (admin vulnerability-lab com)
Document Title:
===============
Photo Vault v1.2 iOS - Insecure Authentication Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2110

Release Date:
=============
2018-01-16

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1922

Shopware Security Tracking ID: SW-19834

Security Update:
http://community.shopware.com/Dow

[ more ]  [ reply ]
[SECURITY] [DSA 4093-1] openocd security update 2018-01-22
luciano debian org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4093-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
January 21, 2018

[ more ]  [ reply ]
CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1836

Release Date:
=============
2018-01-19

Vulnerability Laboratory ID (VL-ID):
==================

[ more ]  [ reply ]
Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security) 2018-01-21
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-JDEVELOPER-DIRECTORY-T
RAVERSAL.txt
[+] ISR: apparition security

Vendor:
=============
www.oracle.com

Product:
===========
JDeveloper IDE

Orac

[ more ]  [ reply ]
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability 2018-01-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2056

MSRC ID: 0001010174

Release Date:
=============
2018-01-20

Vulnerability Laboratory ID (V

[ more ]  [ reply ]
CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1835

Release Date:
=============
2018-01-17

Vulnerability Laboratory ID (VL-ID):
======

[ more ]  [ reply ]
CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability 2018-01-19
Jason Lowe (jlowe apache org)
CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability

Severity: Severe

Vendor: The Apache Software Foundation

Versions Affected:
Hadoop 0.23.0 to 0.23.11
Hadoop 2.0.0-alpha to 2.8.2
Hadoop 3.0.0-alpha to 3.0.0-beta1

Users affected: Users running the MapReduce job history

[ more ]  [ reply ]
[SECURITY] [DSA 4092-1] awstats security update 2018-01-19
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4092-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 19, 2018

[ more ]  [ reply ]
[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation 2018-01-17
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu
03806en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbmu03806en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-17
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us

Version: 5

HP

[ more ]  [ reply ]
[slackware-security] bind (SSA:2018-017-01) 2018-01-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2018-017-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities 2018-01-17
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c039186
32

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03918632

Version: 3

HPSBGN02925 rev.3

[ more ]  [ reply ]
[SECURITY] [DSA 4090-1] wordpress security update 2018-01-17
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4090-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 17, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4089-1] bind9 security update 2018-01-16
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4089-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 16, 2018

[ more ]  [ reply ]
ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869 2018-01-16
tim kretschmann pallas com
1. ADVISORY SUMMARY

LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php

Risk: Medium

Application: LiveZilla
Versions Affected: 7.0.6.0
Vendor: LiveZilla GmbH
Vendor URL: https://www.livezilla.net/

Sent to vendor: 04.12.2017
Vendor response: Acknowledge 04.12.2017
Published

[ more ]  [ reply ]
[SECURITY] [DSA 4088-1] gdk-pixbuf security update 2018-01-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4088-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 15, 2018

[ more ]  [ reply ]
MagicSpam 2.0.13 - Insecure File Permission Vulnerability 2018-01-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
MagicSpam 2.0.13 - Insecure File Permission Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2113

Release Date:
=============
2018-01-12

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Zenario v7.6 CMS - SQL Injection Web Vulnerability 2018-01-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Zenario v7.6 CMS - SQL Injection Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2043

Release Date:
=============
2018-01-16

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2 2018-01-15
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Truncation of SAML Attributes in Shibboleth 2

RedTeam Pentesting discovered that the shibd service of Shibboleth 2
does not extract SAML attribute values in a robust manner. By inserting
XML entities into a SAML response, attackers may truncate attribute
values without breaking the docume

[ more ]  [ reply ]
Broken TLS certificate pinning in VTech DigiGo Kid Connect app 2018-01-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Broken TLS certificate pinning in VTech DigiGo Kid Connect app
------------------------------------------------------------------------

Sipke Mellema, September 2017

------------------------------------------------------------

[ more ]  [ reply ]
(Page 9 of 1738)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus