|
|
Colapse all |
Post message
APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 2018-07-05 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 Wi-Fi Update for Boot Camp 6.4.0 is now available and addresses the following: Wi-Fi Available for the following machines while running Boot Camp: MacBook (Late 2009 and later), MacBook Pro (Mid [ more ] [ reply ] SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers 2018-07-04 SEC Consult Vulnerability Lab (research sec-consult com) Also see our other two advisories regarding critical ADB vulnerabilities as they have been split up for better readability: Local root: https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via- network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/ Privilege escalation: htt [ more ] [ reply ] SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers 2018-07-04 SEC Consult Vulnerability Lab (research sec-consult com) Also see our other two advisories regarding critical ADB vulnerabilities as they have been split up for better readability: Local root: https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via- network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/ Authorization bypass: htt [ more ] [ reply ] SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers 2018-07-04 SEC Consult Vulnerability Lab (research sec-consult com) Also see our other two advisories regarding critical ADB vulnerabilities as they have been split up for better readability: Authorization bypass: https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-a ll-adb-broadband-gateways-routers/ Privilege escalation: https://www.sec-consult [ more ] [ reply ] [CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool 2018-07-04 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installers of Intel's Processor Diagnostic Tool (IPDT) before v4.1.0.27 have three vulnerabilities^Wbeginner's errors which all allow arbitrary code execution with escalation of privilege, plus a fourth which allows denial of service. Intel published advisory SA-00140 <https [ more ] [ reply ] [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29 Andreas Lehmkuehler (lehmi apache org) [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.14 Apache PDFBox 2.0.0 to 2.0.10 Earlier, unsupported Apache PDFBox versions may be affected as well Description: A carefu [ more ] [ reply ] [SECURITY] [DSA 4237-1] chromium-browser security update 2018-07-01 Michael Gilbert (mgilbert debian org) [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29 Andreas Lehmkuehler (lehmi apache org) [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.14 Apache PDFBox 2.0.0 to 2.0.10 Earlier, unsupported Apache PDFBox versions may be affected as well Description: A carefu [ more ] [ reply ] TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27 Tim Coen (tc coen gmail com) * Vulnerability: Broken Authentication * Affected Software: TP-Link TL-WR841N v13 * Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n * Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n * Risk: High * Vendor Contacted: 05/20/2018 * Vendor Fix: Issue was independent [ more ] [ reply ] TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577) 2018-06-27 Tim Coen (tc coen gmail com) * Vulnerability: Authenticated Blind Command Injection * Affected Software: TP-Link TL-WR841N v13 * Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n * Patched Version: None * Risk: High * Vendor Contacted: 05/20/2018 * Vendor Fix: None * Public Disclosure: 06/27/2018 ### [ more ] [ reply ] APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 2018-06-27 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 SwiftNIO 1.8.0 is now available and addresses the following: SwiftNIO Available for: macOS Sierra 10.12 and later, Ubuntu 14.04 and later Impact: A remote attacker may be able to overwrite arbitrary memory Descri [ more ] [ reply ] TP-Link TL-WR841N v13: CSRF (CVE-2018-12574) 2018-06-27 Tim Coen (tc coen gmail com) * Vulnerability: Cross-Site Request Forgery * Affected Software: TP-Link TL-WR841N v13 * Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n * Patched Version: None * Risk: High * Vendor Contacted: 05/20/2018 * Vendor Fix: None * Public Disclosure: 06/27/2018 ##### Overview [ more ] [ reply ] PRTG < 18.2.39 Command Injection 2018-06-26 Josh Berry (josh berry codewatch org) Bugtraq, I (Josh Berry) discovered an authenticated command injection vulnerability in the ?Demo? PowerShell notification script provided by versions of PRTG Network Monitor prior to 18.2.39. The PowerShell notifications demo script on versions of the application prior to 18.2.39 do not properly s [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2018-176-01) 2018-06-25 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-176-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability 2018-06-25 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.25 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt 1. Vulnerability Details [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21 FreeBSD Security Advisories (security-advisories freebsd org) [slackware-security] gnupg (SSA:2018-170-01) 2018-06-19 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnupg (SSA:2018-170-01) New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +------------------------ [ more ] [ reply ] XSS in Canopy login page 2018-06-19 RYT (me ryantzj com) [Title] XSS in Canopy login page ------------------------------------------ [Description] CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users.This instance of stored cross-site scripting (XSS) v [ more ] [ reply ] [SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17 Salvatore Bonaccorso (carnil debian org) [security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031800 69 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03180069 Version: 1 MFSBGN03810 rev.1 [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4241-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2018
[ more ] [ reply ]