|
|
Colapse all |
Post message
DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities 2018-07-25 Defense Code (defensecode defensecode com) [SECURITY] [DSA 4254-1] slurm-llnl security update 2018-07-24 Salvatore Bonaccorso (carnil debian org) FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-07-24 Branco, Rodrigo (rodrigo branco intel com) CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 [ - Introduction - ] It is a pleasure to invite you to submit abstracts to iSecCon 2018, the annual Security Conference at Intel. This prestigious conference aims to bring together esteemed speakers from the industry, government and acad [ more ] [ reply ] [SECURITY] [DSA 4253-1] network-manager-vpnc security update 2018-07-23 Salvatore Bonaccorso (carnil debian org) APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 iOS 11.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be a [ more ] [ reply ] APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 tvOS 11.4 addresses the following: Bluetooth Available for: Apple TV 4K Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic D [ more ] [ reply ] APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1 watchOS 4.3.1 addresses the following: Bluetooth Not impacted: Apple Watch Series 3 Impact: An attacker in a privileged network position may be able to intercept Blu [ more ] [ reply ] APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and Security Update 2018 [ more ] [ reply ] APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-0 [ more ] [ reply ] Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235 2018-07-23 Anton Black (ablack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This email refers to the advisory found at https://confluence.atlassian.com/sourcetreekb/sourcetree-security-adviso ry-2018-07-18-953674465.html . CVE ID: * CVE-2018-11235. * CVE-2018-13385. * CVE-2018-13386. Product: Sourcetree. Affected Sourcet [ more ] [ reply ] [slackware-security] php (SSA:2018-201-01) 2018-07-20 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2018-201-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php [ more ] [ reply ] Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20 Secunia Research (remove-vuln secunia com) Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20 Secunia Research (remove-vuln secunia com) Secunia Research: LibRaw "parse_minolta()" Infinite Loop Denial of Service Vulnerability 2018-07-19 Secunia Research (remove-vuln secunia com) Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-07-19 Secunia Research (remove-vuln secunia com) Adobe Systems - Arbitrary Code Injection Vulnerability 2018-07-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2018/07/19/ha [ more ] [ reply ] [slackware-security] httpd (SSA:2018-199-01) 2018-07-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2018-199-01) New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] GhostMail - (Status Message) Persistent Web Vulnerability 2018-07-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== GhostMail - (Status Message) Persistent Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1470 Release Date: ============= 2018-06-27 Vulnerability Laboratory ID (VL-ID): ============================= [ more ] [ reply ] Binance v1.5.0 - Insecure File Permission Vulnerability 2018-07-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Binance v1.5.0 - Insecure File Permission Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2135 Release Date: ============= 2018-07-17 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] GhostMail - (filename to link) POST Inject Web Vulnerability 2018-07-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== GhostMail - (filename to link) POST Inject Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1471 Release Date: ============= 2018-06-26 Vulnerability Laboratory ID (VL-ID): ========================== [ more ] [ reply ] Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability 2018-07-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=662 Release Date: ============= 2018-07-18 Vulnerability Laboratory ID (VL-ID): =========================== [ more ] [ reply ] Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability 2018-07-18 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Microsoft released <https://support.microsoft.com/en-us/help/4336919> "Description of the security update for the remote code execution vulnerability in Visual Studio 2010 Service Pack 1: July 10, 2018" some days ago. The executable installer VS10SP1-KB4336919-x86.exe offered for download [ more ] [ reply ] [slackware-security] mutt (SSA:2018-198-01) 2018-07-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mutt (SSA:2018-198-01) New mutt packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/m [ more ] [ reply ] [CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper 2018-07-17 Justin Bull (me justinbull ca) Good morning everyone, A security bulletin for all of you. Software: -------- Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper) Description: ---------- Doorkeeper is an OAuth 2 provider for Rails written in Ruby. Affected Versions: --------------- 4.2.0 - 4.3.2 5.0.0.rc1 Fixed Versions: [ more ] [ reply ] Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities 2018-07-17 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Microsoft released <https://support.microsoft.com/en-us/help/4340040/> "July 2018 servicing release for Microsoft Desktop Optimization Pack" some days ago. <https://www.microsoft.com/en-us/download/details.aspx?id=57157> offers three executable installers to update existing installations: [ more ] [ reply ] |
|
Privacy Statement |
Multiple XSS Security Vulnerabilities
Advisory ID: DC-2018-05-006
Advisory Title: WordPress Snazzy Maps Plugin Multiple XSS
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress S
[ more ] [ reply ]