Colapse all |
Post message
[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16 Moritz Muehlenhoff (jmm debian org) [security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031404 87 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03140487 Version: 1 MFSBGN03802 - Vir [ more ] [ reply ] [security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031411 80 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03141180 Version: 1 MFSBGN03803 rev.1 [ more ] [ reply ] [SECURITY] [DSA 4079-2] poppler regression update 2018-04-12 Salvatore Bonaccorso (carnil debian org) Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10 Yves Younan (wootcfp fort-knox org) Dear all, We are pleased to announce the Call for Papers for the 12th USENIX Workshop on Offensive Technologies! WOOT '18 will be held on August 13â??14, 2018, in conjunction with USENIX Security in Baltimore, MD, USA. WOOT provides a forum for high-quality, peer-reviewed work discussing tools and [ more ] [ reply ] secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09 Simon Bieber (sbieber secuvera de) Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH 2018-04-09 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, on their "Security Research & Defense" blog, members of Microsoft's Security Response Center recently posted <https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-plant ing-vulnerability/> This blog post but clearly shows that the MSRC doesn't know how Windows handles the PATH [ more ] [ reply ] secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application 2018-04-09 Simon Bieber (sbieber secuvera de) Affected Products OCSInventory-ocsreports 2.4 (older releases have not been tested) References https://www.secuvera.de/advisories/secuvera-SA-2017-03.txt (used for updates) https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-r eleased/ (Release announcement of OCS [ more ] [ reply ] [SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08 Salvatore Bonaccorso (carnil debian org) [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: CyberArk Password Vault Web Access Remote Code Execution The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web serv [ more ] [ reply ] [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure 2018-04-09 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: CyberArk Password Vault Memory Disclosure Data in the CyberArk Password Vault may be accessed through a proprietary network protocol. While answering to a client's logon request, the vault discloses around 50 bytes of its memory to the client. Details ======= Product: CyberArk Password [ more ] [ reply ] [slackware-security] patch (SSA:2018-096-01) 2018-04-07 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] patch (SSA:2018-096-01) New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +------------------------ [ more ] [ reply ] Advisory - Fisheye and Crucible - CVE-2018-5223 2018-04-05 Atlassian (security atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/aS5sO and https://confluence.atlassian.com/x/Zi5sO . CVE ID: * CVE-2018-5223. Product: Fisheye and Crucible. Affected Fisheye and Crucible product versions: version < [ more ] [ reply ] Advisory - Bamboo - CVE-2018-5224 2018-04-05 Atlassian (security atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/PS9sO . CVE ID: * CVE-2018-5224. Product: Bamboo. Affected Bamboo product versions: 2.7.0 <= version < 6.3.3 6.4.0 <= version < 6.4.1 Fixed Bamboo product versions: [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec 2018-04-04 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-18:04.vt 2018-04-04 FreeBSD Security Advisories (security-advisories freebsd org) [SECURITY] [DSA 4165-1] ldap-account-manager security update 2018-04-04 Luciano Bello (luciano debian org) [slackware-security] php (SSA:2018-090-01) 2018-04-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2018-090-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php [ more ] [ reply ] |
Privacy Statement |
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------
Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2
[ more ] [ reply ]