|
|
Colapse all |
Post message
DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities 2018-03-06 Defense Code (defensecode defensecode com) DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Product Attributes 2018-03-06 Defense Code (defensecode defensecode com) DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Downloadable Products 2018-03-06 Defense Code (defensecode defensecode com) DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery 2018-03-06 Defense Code (defensecode defensecode com) CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01 spinfoo (spinfoo protonmail com) Product: HPE System Management Homepage Versions: 7.6.0.11 and minor versions Vulnerability: JavaScript Injection in file gsearch.php, parameter prod OWASP TOP 10: A1 Injection Type: Javascript Injection Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack, execute arbitrary J [ more ] [ reply ] KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service 2018-03-02 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service Advisory ID: KL-001-2018-007 Publication Date: 2018.03.02 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt 1. Vul [ more ] [ reply ] [SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02 Sebastien Delafond (seb debian org) [security bulletin] MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) 2018-03-01 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031038 96 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03103896 Version: 1 MFSBGN03801 rev.1 [ more ] [ reply ] [Newsletter/Marketing] [slackware-security] dhcp (SSA:2018-060-01) 2018-03-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] dhcp (SSA:2018-060-01) New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ [ more ] [ reply ] [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) 2018-03-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2018-060-02) New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp [ more ] [ reply ] CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01 spinfoo (spinfoo protonmail com) Product: HPE System Management Homepage Versions: 7.6.0.11 and minor versions Vulnerability: JavaScript Injection in file gsearch.php, parameter prod OWASP TOP 10: A1 Injection Type: Javascript Injection Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack, execute arbitrary Ja [ more ] [ reply ] [security bulletin] MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities 2018-02-28 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030605 44 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03060544 Version: 2 MFSBGN03794 rev.2 [ more ] [ reply ] Secunia Research: Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability 2018-02-28 Secunia Research (remove-vuln secunia com) SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management 2018-02-28 SEC Consult Vulnerability Lab (research sec-consult com) [security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service 2018-02-27 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03826en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03826en_us Version: 1 HP [ more ] [ reply ] SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket 2018-02-27 SEC Consult Vulnerability Lab (research sec-consult com) ES2018-03 Asterisk pjsip sdp invalid media format description segfault 2018-02-26 Sandro Gauci (sandro enablesecurity com) # Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` - References: AST-2018-002 - Enable Secu [ more ] [ reply ] ES2018-04 Asterisk pjsip tcp segfault 2018-02-26 Sandro Gauci (sandro enablesecurity com) # Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` installed with `--with-pjproject-b [ more ] [ reply ] ES2018-02 Asterisk pjsip sdp invalid fmtp segfault 2018-02-26 Sandro Gauci (sandro enablesecurity com) # Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` - References: AST-2018-003 - Enable Security Advis [ more ] [ reply ] ES2018-01 Asterisk pjsip subscribe stack corruption 2018-02-26 Sandro Gauci (sandro enablesecurity com) # SUBSCRIBE message with a large Accept value causes stack corruption - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` - Tested vulnerable versions: 15.2.0, 13.19.0, 14.7. [ more ] [ reply ] CMS Made Simple 2.1.6 - Remote Code Execution 2018-02-26 displaymyname gmail con # Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution # Date: 2018-02-26 # Exploit Author: Keerati T. # Vendor Homepage: http://www.cmsmadesimple.org/ # Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip # Version: 2.1.6 # CVE: CVE-2018-7448 # Tested on: Li [ more ] [ reply ] [security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance 2018-02-22 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030860 19 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03086019 Version: 1 MFSBGN03798 rev.1 [ more ] [ reply ] Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 2018-02-22 Justin Bull (me justinbull ca) On Wed, Feb 21, 2018 at 5:17 PM, Justin Bull <me (at) justinbull (dot) ca [email concealed]> wrote: > Solution: > --------- > Upgrade to Doorkeeper v4.2.6 or later > Apologies. This fails to account for a non-trivial scenario. Any software using Doorkeeper that has generated its own custom views[0] requires manual work to ver [ more ] [ reply ] [CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities 2018-02-21 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. *Advisory Information* Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0006 Advisory URL: http://www.coresecurity.com/ad [ more ] [ reply ] DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability 2018-02-21 Defense Code (defensecode defensecode com) SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors 2018-02-21 SEC Consult Vulnerability Lab (research sec-consult com) We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby -monitors-fail-to-be-smart/index.html SEC Consult Vulnerability Lab Security Advisory < 20180221-0 > =========================== [ more ] [ reply ] Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21 nafiez (nafiez skins gmail com) (1 replies) Unshar scans the input files (typically email messages) looking for the start of a shell archive. If no files are given, then standard input is processed instead. Shipped along with Sharutils. Bug was found with AFL. ================================================================= ==11164= [ more ] [ reply ] Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS 2018-02-21 preethiknambiar gmail com Multiple Persistent XSS vulnerabilities in Radiant Content Management System 2018-02-20 suparna kachru gmail com *1. Introduction* Vendor : Radiant Affected Product : Radiant CMS 1.1.4 Fixed in : NA Vendor Website : http://radiantcms.org/ Vulnerability Type : Persistent XSS Remote Exploitable : Yes CVE External Identifier : CVE-2018-7261 *2. Overview* Technical Description: There are multiple P [ more ] [ reply ] APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update macOS High Sierra 10.13.3 Supplemental Update is now available and addresses the following: CoreText Available for: macOS High Sierra 10.13.3 Impact: Processing a maliciously crafte [ more ] [ reply ] APPLE-SA-2018-02-19-3 tvOS 11.2.6 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-3 tvOS 11.2.6 tvOS 11.2.6 is now available and addresses the following: CoreText Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted string may lead to heap corruption Description: A [ more ] [ reply ] APPLE-SA-2018-02-19-1 iOS 11.2.6 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-1 iOS 11.2.6 iOS 11.2.6 is now available and addresses the following: CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to heap [ more ] [ reply ] APPLE-SA-2018-02-19-4 watchOS 4.2.3 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-4 watchOS 4.2.3 watchOS 4.2.3 is now available and addresses the following: CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corrupti [ more ] [ reply ] Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) 2018-02-18 displaymyname gmail com # Exploit Title: Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) # Date: 18-02-2018 # Software Link: https://www.kentico.com # Exploit Author: Keerati T. # CVE: CVE-2018-7205 # Category: webapps 1. Description Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Onli [ more ] [ reply ] [SECURITY] [DSA 4118-1] tomcat-native security update 2018-02-17 Salvatore Bonaccorso (carnil debian org) Kentico CMS version 9 through 11 - Arbitrary Code Execution 2018-02-17 displaymyname gmail com # Exploit Title: Kentico CMS version 9 through 11 - Arbitrary Code Execution # Date: 17-02-2018 # Software Link: https://www.kentico.com # Exploit Author: Keerati T. # CVE: CVE-2018-7046 # Category: webapps 1. Description Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Mar [ more ] [ reply ] [SECURITY] [DSA 4116-1] plasma-workspace security update 2018-02-16 Moritz Muehlenhoff (jmm debian org) Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12 2018-02-16 dkl mozilla com Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: * A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had [ more ] [ reply ] [slackware-security] irssi (SSA:2018-046-01) 2018-02-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] irssi (SSA:2018-046-01) New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload 2018-02-15 Arvind Vishwakarma (arvind12786 gmail com) ------------------------------------------------------------------ Vulnerability Type: Unrestricted File Upload Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Malicous File Upload --------- [ more ] [ reply ] Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF 2018-02-15 Arvind Vishwakarma (arvind12786 gmail com) ----------------------------------------------------- Vulnerability Type: Cross Site Request Forgery (CSRF) Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Unauthorised Access -------------- [ more ] [ reply ] [SECURITY] [DSA 4114-1] jackson-databind security update 2018-02-15 Sebastien Delafond (seb debian org) NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security) 2018-02-14 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTIO N-CVE-2018-6940.txt [+] ISR: Apparition Security [-_-] D1rty0tis Vendor: ============= www.nat32.com Product: ================= NAT32 Build (22284) [ more ] [ reply ] Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS 2018-02-14 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, yesterdays "Security update deployment information: February 13, 2018" <https://support.microsoft.com/en-us/help/20180213> links the following MSKB articles for the security updates of Microsoft's Office products: <https://support.microsoft.com/kb/4011715> <https://support.microsoft.com/kb/ [ more ] [ reply ] [security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification 2018-02-13 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030911 03 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03091103 Version: 1 MFSBGN03800 rev.1 [ more ] [ reply ] CSNC-2017-027 Microsoft Intune - App PIN Bypass 2018-02-13 Advisories (advisories compass-security com) ############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: Microsoft Intune [1] # Vendor: Microsoft # CSNC ID: CSNC-2017-027 # Sub [ more ] [ reply ] [security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass 2018-02-12 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03819en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03819en_us Version: 1 HP [ more ] [ reply ] CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security) 2018-02-12 apparitionsec gmail com [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED- REMOTE-BUFFER-OVERFLOW.txt [+] ISR: Apparition Security [+] SSD Beyond Security Submission: https://blogs.securiteam.com/index [ more ] [ reply ] KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability Title: NetEx HyperIP Local File Inclusion Vulnerability Advisory ID: KL-001-2018-005 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt 1. Vulnerability Details A [ more ] [ reply ] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-09 Stefan Kanthak (stefan kanthak nexgo de) (1 replies) Hi @ll, since about two or three years now, Microsoft offers Skype as optional update on Windows/Microsoft Update. JFTR: for Microsoft's euphemistic use of "update" see <http://seclists.org/fulldisclosure/2018/Feb/17> Once installed, Skype uses its own proprietary update mechanism instead o [ more ] [ reply ] Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-15 Jeffrey Walton (noloader gmail com) (1 replies) Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-15 Stefan Kanthak (stefan kanthak nexgo de) KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability Title: NetEx HyperIP Privilege Escalation Vulnerability Advisory ID: KL-001-2018-004 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-004.txt 1. Vulnerability Details A [ more ] [ reply ] KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution Title: NetEx HyperIP Post-Auth Command Execution Advisory ID: KL-001-2018-003 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-003.txt 1. Vulnerability Details Affected Vendor [ more ] [ reply ] KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass Title: Trend Micro IMSVA Management Portal Authentication Bypass Advisory ID: KL-001-2018-006 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-006.txt 1. Vulnerabili [ more ] [ reply ] KL-001-2018-002 : NetEx HyperIP Authentication Bypass 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-002 : NetEx HyperIP Authentication Bypass Title: NetEx HyperIP Authentication Bypass Advisory ID: KL-001-2018-002 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-002.txt 1. Vulnerability Details Affected Vendor: NetEx [ more ] [ reply ] Advisory - Fisheye and Crucible - CVE-2017-16861 2018-02-09 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/iPQyO and https://confluence.atlassian.com/x/h-QyO . CVE ID: * CVE-2017-16861. Product: Fisheye and Crucible. Affected Fisheye and Crucible product versions: version [ more ] [ reply ] SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro 2018-02-08 SEC Consult Vulnerability Lab (research sec-consult com) [SECURITY] [DSA 4107-1] django-anymail security update 2018-02-07 Salvatore Bonaccorso (carnil debian org) [security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) 2018-02-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c041977 64 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04197764 Version: 2 HPSBHF02981 rev.2 [ more ] [ reply ] [SECURITY] [DSA 4106-1] libtasn1-6 security update 2018-02-07 Salvatore Bonaccorso (carnil debian org) SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip 2018-02-07 SEC Consult Vulnerability Lab (research sec-consult com) [slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) 2018-02-07 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) New kernel packages are available for Slackware 14.2 to mitigate the speculative side channel attack known as Spectre variant 2. Here are the details from the Slackware 14.2 ChangeLog: +- [ more ] [ reply ] [SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform 2018-02-07 Security Explorations (contact security-explorations com) Hello All, A couple of weeks ago, Platform NC+ [1], one of the major digital SAT TV providers in Poland issued an official message [2] to subscribers about the policy of content security. Among other things, the following statements were included in it: "Platform nc+ as a technology leader in the [ more ] [ reply ] [CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities 2018-02-05 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Kaspersky Secure Mail Gateway Multiple Vulnerabilities 1. *Advisory Information* Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0010 Advisory URL: http://www.coresecurity.com/advisories/kaspe [ more ] [ reply ] [slackware-security] php (SSA:2018-034-01) 2018-02-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2018-034-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php [ more ] [ reply ] [security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection 2018-02-01 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030836 53 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03083653 Version: 1 MFSBGN03797 rev.1 [ more ] [ reply ] SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range 2018-02-01 SEC Consult Vulnerability Lab (research sec-consult com) We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-wa y-to-a-vibrant-future-from-iot-to-iod/index.html SEC Consult Vulnerability Lab Security Advisory < 20180201-0 > ================ [ more ] [ reply ] [SECURITY] [DSA 4103-1] chromium-browser security update 2018-02-01 Michael Gilbert (mgilbert debian org) Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 2018-02-01 Atlassian (security atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/lIIyO. CVE ID: * CVE-2017-14592 * CVE-2017-14593 * CVE-2017-17458 * CVE-2017-17831 Product: Sourcetree Affected Sourcetree product versions: Sourcetree for macOS 1.0b2 [ more ] [ reply ] KonaKart Path Traversal Vulnerability 2018-02-01 ajcraggs gmail com Product overview: "KonaKart is a java based eCommerce software platform trusted by top brands throughout the world to give them a stable, high- performance online store". Vulnerability overview: KonaKart eCommerce Platform prior to verion 8.8 is vulnerable to a directory traversal flaw in the adm [ more ] [ reply ] Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key 2018-01-31 cfpmontreal2018 recon cx - RECON MONTREAL 2018 - 0xE - CFP - Training Registration - Conference - Submit! - PGP key â??â??â??â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? [ more ] [ reply ] SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 2018-01-31 SEC Consult Vulnerability Lab (research sec-consult com) |
|
Privacy Statement |
Hash: SHA512
-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4129-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2018
[ more ] [ reply ]