BugTraq Mode:
(Page 4 of 524)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
APPLE-SA-2018-3-29-4 Xcode 9.3 2018-03-29
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-3-29-4 Xcode 9.3

Xcode 9.3 is now available and addresses the following:

LLVM
Available for: macOS High Sierra 10.13.2 or later
Impact: Multiple issues in llvm were addressed in this update
Description: Multiple issues were addressed b

[ more ]  [ reply ]
APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows 2018-03-29
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows

iTunes 12.7.4 for Windows is now available and addresses the
following:

Security
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffe

[ more ]  [ reply ]
APPLE-SA-2018-3-29-8 iCloud for Windows 7.4 2018-03-29
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-3-29-8 iCloud for Windows 7.4

iCloud for Windows 7.4 is now available and addresses the following:

Security
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer over

[ more ]  [ reply ]
APPLE-SA-2018-3-29-3 tvOS 11.3 2018-03-29
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-3-29-3 tvOS 11.3

tvOS 11.3 is now available and addresses the following:

CoreFoundation
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A race conditi

[ more ]  [ reply ]
APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan 2018-03-29
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update
2018-002 Sierra, and Security Update 2018-002 El Capitan

Admin Framework
Available for: macOS High Sierra 10.13.3
Impact: Passwords supplied to sysadminctl may be exposed to other
local

[ more ]  [ reply ]
[slackware-security] ruby (SSA:2018-088-01) 2018-03-29
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ruby (SSA:2018-088-01)

New ruby packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ruby-2.2.10-i5

[ more ]  [ reply ]
APPLE-SA-2018-3-29-6 Safari 11.1 2018-03-29
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-3-29-6 Safari 11.1

Safari 11.1 is now available and addresses the following:

Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Visiting a malicious website may lead to address ba

[ more ]  [ reply ]
APPLE-SA-2018-3-29-1 iOS 11.3 2018-03-29
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-3-29-1 iOS 11.3

iOS 11.3 is now available and addresses the following:

Clock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
se

[ more ]  [ reply ]
[SECURITY] [DSA 4156-1] drupal7 security update 2018-03-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4156-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 29, 2018

[ more ]  [ reply ]
CA20180328-01: Security Notice for CA API Developer Portal 2018-03-29
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20180328-01: Security Notice for CA API Developer Portal

Issued: March 28, 2018
Last Updated: March 28, 2018

CA Technologies Support is alerting customers to multiple potential
risks with CA API Developer Portal. Multiple vulnerabilities exist
tha

[ more ]  [ reply ]
[SECURITY] [DSA 4155-1] thunderbird security update 2018-03-28
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4155-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 28, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4154-1] net-snmp security update 2018-03-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4154-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 28, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4153-1] firefox-esr security update 2018-03-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4153-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4152-1] mupdf security update 2018-03-27
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4152-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
March 27, 2018

[ more ]  [ reply ]
Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2116

Video: https://www.vulnerability-lab.com/get_content.php?id=2117

MSRC ID: 43520â??
CR

[ more ]  [ reply ]
Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2122

Release Date:
=============
2018-03-02

Vulnerability Laboratory ID (VL-ID):
==========

[ more ]  [ reply ]
Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2121

Release Date:
=============
2018-02-21

Vulnerability Laboratory ID (VL-ID):
=

[ more ]  [ reply ]
AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2123

Release Date:
=============
2018-02-18

Vulnerability Laboratory ID (VL-ID):
=================

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2018-085-01) 2018-03-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-085-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 4151-1] librelp security update 2018-03-26
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4151-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 26, 2018

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links 2018-03-24
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to
the way it handles attachment links
------------------------------------------------------------------------

Stephan Kaag, January 2018

------------------

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2018-082-01) 2018-03-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2018-082-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 4150-1] icu security update 2018-03-23
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4150-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 23, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4149-1] plexus-utils2 security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4149-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 22, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4148-1] kamailio security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4148-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 22, 2018

[ more ]  [ reply ]
ModSecurity WAF 3.0 for Nginx - Denial of Service 2018-03-22
x ksi (s3810 pjwstk edu pl)
Hey,

TL;DR: UAF in a "non-release" version of ModSecurity for Nginx.
!RCE|DoS, no need to panic.
Plus some old and even older exploitation vector(s).

/*
* 1. Use-After-Free (UAF)
*/

During one of the engagements my team tested a WAF running in production
Nginx + ModSecurity + OWAS

[ more ]  [ reply ]
Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal 2018-03-22
x ksi (s3810 pjwstk edu pl)
Hey,

The Path Traversal vulnerability was found in the component of the Bomgar
Remote Support Portal (RSP) [1]. The affected component is a JavaStart.jar
applet that is hosted at https://TARGET/api/content/JavaStart.jar on the
vulnerable RSP deployments. The JavaStart version 52970 and prior were
c

[ more ]  [ reply ]
Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation 2018-03-22
x ksi (s3810 pjwstk edu pl)
Hey,

The Local Privilege Escalation vulnerability was found in the Kaseya
Virtual System Administrator (VSA) [1] agent "AgentMon.exe". The agent is a
Windows service that periodically executes various programs with â??NT
AUTHORITY\SYSTEM� privileges.

In the Kaseya's default configuration, Window

[ more ]  [ reply ]
Secunia Research: Microsoft Windows Embedded OpenType Font Engine hdmx Table Information Disclosure Vulnerability 2018-03-21
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/03/15

Microsoft Windows Embedded OpenType Font Engine hdmx Table
Information Disclosure Vulnerability

==============================================================

[ more ]  [ reply ]
Advisory - Bitbucket Server - CVE-2018-5225 2018-03-22
Matthew Hart (mhart atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This email refers to the advisory found at
https://confluence.atlassian.com/x/3WNsO

CVE ID: CVE-2018-5225

Products: Bitbucket Server

Affected Bitbucket Server Versions:
4.13.0 <= version < 5.4.8
5.5.0 <= version < 5.5.8
5.6.0 <= version < 5.6.5
5

[ more ]  [ reply ]
Secunia Research: Microsoft Windows Embedded OpenType Font Engine "MTX_IS_MTX_Data()" Information Disclosure Vulnerability 2018-03-21
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/03/15

Microsoft Windows Embedded OpenType Font Engine "MTX_IS_MTX_Data()"
Information Disclosure Vulnerability
==========================================================

[ more ]  [ reply ]
Secunia Research: Microsoft Windows Embedded OpenType Font Engine Font Glyphs Handling Information Disclosure Vulnerability 2018-03-21
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/03/14

Microsoft Windows Embedded OpenType Font Engine Font Glyphs Handling
Information Disclosure Vulnerability

=========================================================

[ more ]  [ reply ]
[SECURITY] [DSA 4147-1] polarssl security update 2018-03-21
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4147-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 21, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4146-1] plexus-utils security update 2018-03-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4146-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2018

[ more ]  [ reply ]
CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries 2018-03-20
Advisories (advisories compass-security com) (1 replies)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Microsoft Intune [1]
# Vendor: Microsoft
# CSNC ID: CSNC-2017-026
# Sub

[ more ]  [ reply ]
ES2018-05 Kamailio heap overflow 2018-03-20
Sandro Gauci (sandro enablesecurity com) (1 replies)
# Off-by-one heap overflow in Kamailio

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Fixed versions: Kamailio v5.1.2, v5.0.6 and v4.4.7
- References: no CVE assigned yet
- Enable Security Advisory: <https://github.com/EnableSecurity/ad

[ more ]  [ reply ]
Unsubscribe - Re: ES2018-05 Kamailio heap overflow 2018-03-20
Gary Frank (garoo7 hotmail com)
[SECURITY] [DSA 4145-1] gitlab security update 2018-03-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4145-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4142-1] uwsgi security update 2018-03-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4142-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 17, 2018

[ more ]  [ reply ]
[slackware-security] libvorbis (SSA:2018-076-01) 2018-03-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libvorbis (SSA:2018-076-01)

New libvorbis packages are available for Slackware 13.37, 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 4143-1] firefox-esr security update 2018-03-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4143-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 17, 2018

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2018-075-01) 2018-03-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-075-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/

[ more ]  [ reply ]
[SECURITY] [DSA 4144-1] openjdk-8 security update 2018-03-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4144-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 17, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4141-1] libvorbisidec security update 2018-03-16
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4141-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 16, 2018

[ more ]  [ reply ]
RedCoded ISR: Abine Blur Password Manager Insecure Permissions (CVE-2018-8213) 2018-03-16
\(RS\) Tyler Schroder (redorhcs redcoded com)
Abine Blur Password Manager Insecure Permissions
Module: Blur Web Extension
Announced: 2018-03-10/16
Credits: RS Tyler Schroder
Affects: 7.8.242* BEFORE 7.8.2428
CVE ID: CVE-2018-7213

I. Background
Abine Blur is a password management suite combined with online anonymity
tools designed to help consu

[ more ]  [ reply ]
[SECURITY] [DSA 4140-1] libvorbis security update 2018-03-16
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4140-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 16, 2018

[ more ]  [ reply ]
[CVE-2017-1205] IBM Spectrum LSF Privilege Escalation 2018-03-16
john fitzpatrick mwrinfosecurity com
###[IBM Spectrum LSF Privilege Escalation]###

* Software: IBM Spectrum LSF
* Affected Versions: IBM Spectrum LSF 8.3, 9.1.1, 9.1.2, 9.1.3, 10.1, 10.1.0.1
* CVE Reference: CVE-2017-1205
* Author: John Fitzpatrick (@j0hn__f)
* Severity: CVSS 9.3
* Vendor: IBM
* Vendor Response: Fixes provided
* Date:

[ more ]  [ reply ]
[SECURITY] [DSA 4139-1] firefox-esr security update 2018-03-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4139-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 15, 2018

[ more ]  [ reply ]
[slackware-security] curl (SSA:2018-074-01) 2018-03-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2018-074-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/c

[ more ]  [ reply ]
Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-03-15
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/03/14

LibRaw Multiple Denial of Service Vulnerabilities

======================================================================

[ more ]  [ reply ]
[SECURITY] [DSA 4138-1] mbedtls security update 2018-03-15
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4138-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 15, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4137-1] libvirt security update 2018-03-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4137-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 14, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4136-1] curl security update 2018-03-14
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4136-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
March 14, 2018

[ more ]  [ reply ]
SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net) 2018-03-14
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180314-0 >
=======================================================================
title: Arbitrary Shortcode Execution & Local File Inclusion
product: WOOF - WooCommerce Products Filter (PluginUs.Net)
vulnerable version:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution 2018-03-14
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-18:03.speculative_execution Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2018-072-01) 2018-03-13
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-072-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[slackware-security] samba (SSA:2018-072-02) 2018-03-13
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] samba (SSA:2018-072-02)

New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security a issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/package

[ more ]  [ reply ]
[RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites 2018-03-13
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Shopware Cart Accessible by Third-Party Websites

RedTeam Pentesting discovered that the shopping cart implemented by Shopware
offers an insecure API. Malicious, third-party websites may abuse this API to
list, add or remove products from a user's cart.

Details
=======

Product: Shopware

[ more ]  [ reply ]
[SECURITY] [DSA 4135-1] samba security update 2018-03-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4135-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 13, 2018

[ more ]  [ reply ]
SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail 2018-03-12
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180312-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: SecurEnvoy SecurMail
vulnerable version: 9.1.501
fixed version: 9.2.501 or hotfix

[ more ]  [ reply ]
[SECURITY] [DSA 4134-1] util-linux security update 2018-03-10
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4134-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 10, 2018

[ more ]  [ reply ]
[RT-SA-2018-001] Arbitrary Redirect in Tuleap 2018-03-08
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Arbitrary Redirect in Tuleap

RedTeam Pentesting discovered an arbitrary redirect vulnerability in the
redirect mechanism of the application lifecycle management platform
Tuleap.

Details
=======

Product: Tuleap
Affected Versions: > 9.17.99.93
Fixed Versions: >= 9.17.99.93
Vulnerability

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec [REVISED] 2018-03-08
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-18:01.ipsec [REVISED] Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 4133-1] isc-dhcp security update 2018-03-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4133-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 07, 2018

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec 2018-03-07
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-18:01.ipsec Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4128-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 02, 2018

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Backups Cross-Site Request Forgery

Advisory ID: DC-2018-03-001
Advisory Title: Magento Backups Cross-Site Request Forgery
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: Magento Open Source prior to 1.9.3.8,

[ more ]  [ reply ]
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service 2018-03-02
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service

Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service
Advisory ID: KL-001-2018-007
Publication Date: 2018.03.02
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt

1. Vul

[ more ]  [ reply ]
[SECURITY] [DSA 4131-1] xen security update 2018-03-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4131-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4129-1] freexl security update 2018-03-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4129-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2018

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Multiple Stored Cross-Site Scripting Vulnerabilities

Advisory ID: DC-2018-03-002
Advisory Title: Magento Multiple Stored Cross-Site Scripting Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: M

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Product Attributes 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Stored Cross-Site Scripting â?? Product Attributes

Advisory ID: DC-2018-03-004
Advisory Title: Magento Stored Cross-Site Scripting â?? Product Attributes
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: Magen

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Downloadable Products 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Stored Cross-Site Scripting â?? Downloadable Products

Advisory ID: DC-2018-03-003
Advisory Title: Magento Stored Cross-Site Scripting â?? Downloadable Products
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version:

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Backups Cross-Site Request Forgery

Advisory ID: DC-2018-03-001
Advisory Title: Magento Backups Cross-Site Request Forgery
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: Magento Open Source prior to 1.9.3.8,

[ more ]  [ reply ]
[SECURITY] [DSA 4127-1] simplesamlphp security update 2018-03-02
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4127-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
March 02, 2018

[ more ]  [ reply ]
CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01
spinfoo (spinfoo protonmail com)
Product: HPE System Management Homepage
Versions: 7.6.0.11 and minor versions
Vulnerability: JavaScript Injection in file gsearch.php, parameter prod
OWASP TOP 10: A1 Injection
Type: Javascript Injection
Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack,
execute arbitrary J

[ more ]  [ reply ]
[SECURITY] [DSA 4129-1] freexl security update 2018-03-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4129-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4130-1] dovecot security update 2018-03-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4130-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 02, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4120-2] linux regression update 2018-03-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4120-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 03, 2018

[ more ]  [ reply ]
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service 2018-03-02
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service

Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service
Advisory ID: KL-001-2018-007
Publication Date: 2018.03.02
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt

1. Vul

[ more ]  [ reply ]
[SECURITY] [DSA 4131-1] xen security update 2018-03-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4131-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4132-1] libvpx security update 2018-03-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4132-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4128-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 02, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) 2018-03-01
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031038
96

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03103896

Version: 1

MFSBGN03801 rev.1

[ more ]  [ reply ]
[Newsletter/Marketing] [slackware-security] dhcp (SSA:2018-060-01) 2018-03-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] dhcp (SSA:2018-060-01)

New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
[SECURITY] [DSA 4127-1] simplesamlphp security update 2018-03-02
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4127-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
March 02, 2018

[ more ]  [ reply ]
[Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) 2018-03-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2018-060-02)

New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ntp

[ more ]  [ reply ]
CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01
spinfoo (spinfoo protonmail com)
Product: HPE System Management Homepage
Versions: 7.6.0.11 and minor versions
Vulnerability: JavaScript Injection in file gsearch.php, parameter prod
OWASP TOP 10: A1 Injection
Type: Javascript Injection
Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack, execute arbitrary Ja

[ more ]  [ reply ]
[security bulletin] MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities 2018-02-28
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030605
44

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03060544

Version: 2

MFSBGN03794 rev.2

[ more ]  [ reply ]
Secunia Research: Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability 2018-02-28
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/02/28

Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability

======================================================================
Table of Contents

Affected Software.

[ more ]  [ reply ]
SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management 2018-02-28
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180228-0 >
=======================================================================
title: Insecure Direct Object Reference
product: TestLink Open Source Test Management
vulnerable version: <1.9.17
fixed version: 1.9

[ more ]  [ reply ]
[SECURITY] [DSA 4124-1] lucene-solr security update 2018-02-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4124-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 27, 2018

[ more ]  [ reply ]
[security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service 2018-02-27
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03826en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03826en_us

Version: 1

HP

[ more ]  [ reply ]
SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket 2018-02-27
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180227-0 >
=======================================================================
title: OS command injection, arbitrary file upload & SQL injection
product: ClipBucket
vulnerable version: <4.0.0 - Release 4902
fix

[ more ]  [ reply ]
ES2018-03 Asterisk pjsip sdp invalid media format description segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)
# Segmentation fault occurs in Asterisk with an invalid SDP media format description

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`
- References: AST-2018-002
- Enable Secu

[ more ]  [ reply ]
ES2018-04 Asterisk pjsip tcp segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)
# Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` installed with `--with-pjproject-b

[ more ]  [ reply ]
ES2018-02 Asterisk pjsip sdp invalid fmtp segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)
# Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`
- References: AST-2018-003
- Enable Security Advis

[ more ]  [ reply ]
ES2018-01 Asterisk pjsip subscribe stack corruption 2018-02-26
Sandro Gauci (sandro enablesecurity com)
# SUBSCRIBE message with a large Accept value causes stack corruption

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`
- Tested vulnerable versions: 15.2.0, 13.19.0, 14.7.

[ more ]  [ reply ]
CMS Made Simple 2.1.6 - Remote Code Execution 2018-02-26
displaymyname gmail con
# Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution
# Date: 2018-02-26
# Exploit Author: Keerati T.
# Vendor Homepage: http://www.cmsmadesimple.org/
# Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip
# Version: 2.1.6
# CVE: CVE-2018-7448
# Tested on: Li

[ more ]  [ reply ]
(Page 4 of 524)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus