|
|
Colapse all |
Post message
[security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance 2018-02-22 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030860 19 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03086019 Version: 1 MFSBGN03798 rev.1 [ more ] [ reply ] Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 2018-02-22 Justin Bull (me justinbull ca) On Wed, Feb 21, 2018 at 5:17 PM, Justin Bull <me (at) justinbull (dot) ca [email concealed]> wrote: > Solution: > --------- > Upgrade to Doorkeeper v4.2.6 or later > Apologies. This fails to account for a non-trivial scenario. Any software using Doorkeeper that has generated its own custom views[0] requires manual work to ver [ more ] [ reply ] [CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities 2018-02-21 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. *Advisory Information* Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0006 Advisory URL: http://www.coresecurity.com/ad [ more ] [ reply ] DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability 2018-02-21 Defense Code (defensecode defensecode com) SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors 2018-02-21 SEC Consult Vulnerability Lab (research sec-consult com) We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby -monitors-fail-to-be-smart/index.html SEC Consult Vulnerability Lab Security Advisory < 20180221-0 > =========================== [ more ] [ reply ] Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21 nafiez (nafiez skins gmail com) (1 replies) Unshar scans the input files (typically email messages) looking for the start of a shell archive. If no files are given, then standard input is processed instead. Shipped along with Sharutils. Bug was found with AFL. ================================================================= ==11164= [ more ] [ reply ] Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS 2018-02-21 preethiknambiar gmail com Multiple Persistent XSS vulnerabilities in Radiant Content Management System 2018-02-20 suparna kachru gmail com *1. Introduction* Vendor : Radiant Affected Product : Radiant CMS 1.1.4 Fixed in : NA Vendor Website : http://radiantcms.org/ Vulnerability Type : Persistent XSS Remote Exploitable : Yes CVE External Identifier : CVE-2018-7261 *2. Overview* Technical Description: There are multiple P [ more ] [ reply ] APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update macOS High Sierra 10.13.3 Supplemental Update is now available and addresses the following: CoreText Available for: macOS High Sierra 10.13.3 Impact: Processing a maliciously crafte [ more ] [ reply ] APPLE-SA-2018-02-19-3 tvOS 11.2.6 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-3 tvOS 11.2.6 tvOS 11.2.6 is now available and addresses the following: CoreText Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted string may lead to heap corruption Description: A [ more ] [ reply ] APPLE-SA-2018-02-19-1 iOS 11.2.6 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-1 iOS 11.2.6 iOS 11.2.6 is now available and addresses the following: CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to heap [ more ] [ reply ] APPLE-SA-2018-02-19-4 watchOS 4.2.3 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-4 watchOS 4.2.3 watchOS 4.2.3 is now available and addresses the following: CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corrupti [ more ] [ reply ] Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) 2018-02-18 displaymyname gmail com # Exploit Title: Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) # Date: 18-02-2018 # Software Link: https://www.kentico.com # Exploit Author: Keerati T. # CVE: CVE-2018-7205 # Category: webapps 1. Description Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Onli [ more ] [ reply ] [SECURITY] [DSA 4118-1] tomcat-native security update 2018-02-17 Salvatore Bonaccorso (carnil debian org) Kentico CMS version 9 through 11 - Arbitrary Code Execution 2018-02-17 displaymyname gmail com # Exploit Title: Kentico CMS version 9 through 11 - Arbitrary Code Execution # Date: 17-02-2018 # Software Link: https://www.kentico.com # Exploit Author: Keerati T. # CVE: CVE-2018-7046 # Category: webapps 1. Description Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Mar [ more ] [ reply ] [SECURITY] [DSA 4116-1] plasma-workspace security update 2018-02-16 Moritz Muehlenhoff (jmm debian org) Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12 2018-02-16 dkl mozilla com Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: * A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had [ more ] [ reply ] [slackware-security] irssi (SSA:2018-046-01) 2018-02-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] irssi (SSA:2018-046-01) New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload 2018-02-15 Arvind Vishwakarma (arvind12786 gmail com) ------------------------------------------------------------------ Vulnerability Type: Unrestricted File Upload Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Malicous File Upload --------- [ more ] [ reply ] Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF 2018-02-15 Arvind Vishwakarma (arvind12786 gmail com) ----------------------------------------------------- Vulnerability Type: Cross Site Request Forgery (CSRF) Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Unauthorised Access -------------- [ more ] [ reply ] [SECURITY] [DSA 4114-1] jackson-databind security update 2018-02-15 Sebastien Delafond (seb debian org) NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security) 2018-02-14 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTIO N-CVE-2018-6940.txt [+] ISR: Apparition Security [-_-] D1rty0tis Vendor: ============= www.nat32.com Product: ================= NAT32 Build (22284) [ more ] [ reply ] Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS 2018-02-14 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, yesterdays "Security update deployment information: February 13, 2018" <https://support.microsoft.com/en-us/help/20180213> links the following MSKB articles for the security updates of Microsoft's Office products: <https://support.microsoft.com/kb/4011715> <https://support.microsoft.com/kb/ [ more ] [ reply ] [security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification 2018-02-13 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030911 03 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03091103 Version: 1 MFSBGN03800 rev.1 [ more ] [ reply ] CSNC-2017-027 Microsoft Intune - App PIN Bypass 2018-02-13 Advisories (advisories compass-security com) ############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: Microsoft Intune [1] # Vendor: Microsoft # CSNC ID: CSNC-2017-027 # Sub [ more ] [ reply ] [security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass 2018-02-12 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03819en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03819en_us Version: 1 HP [ more ] [ reply ] CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security) 2018-02-12 apparitionsec gmail com [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED- REMOTE-BUFFER-OVERFLOW.txt [+] ISR: Apparition Security [+] SSD Beyond Security Submission: https://blogs.securiteam.com/index [ more ] [ reply ] KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability Title: NetEx HyperIP Local File Inclusion Vulnerability Advisory ID: KL-001-2018-005 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt 1. Vulnerability Details A [ more ] [ reply ] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-09 Stefan Kanthak (stefan kanthak nexgo de) (1 replies) Hi @ll, since about two or three years now, Microsoft offers Skype as optional update on Windows/Microsoft Update. JFTR: for Microsoft's euphemistic use of "update" see <http://seclists.org/fulldisclosure/2018/Feb/17> Once installed, Skype uses its own proprietary update mechanism instead o [ more ] [ reply ] Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-15 Jeffrey Walton (noloader gmail com) (1 replies) Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-15 Stefan Kanthak (stefan kanthak nexgo de) KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability Title: NetEx HyperIP Privilege Escalation Vulnerability Advisory ID: KL-001-2018-004 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-004.txt 1. Vulnerability Details A [ more ] [ reply ] KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution Title: NetEx HyperIP Post-Auth Command Execution Advisory ID: KL-001-2018-003 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-003.txt 1. Vulnerability Details Affected Vendor [ more ] [ reply ] KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass Title: Trend Micro IMSVA Management Portal Authentication Bypass Advisory ID: KL-001-2018-006 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-006.txt 1. Vulnerabili [ more ] [ reply ] KL-001-2018-002 : NetEx HyperIP Authentication Bypass 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-002 : NetEx HyperIP Authentication Bypass Title: NetEx HyperIP Authentication Bypass Advisory ID: KL-001-2018-002 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-002.txt 1. Vulnerability Details Affected Vendor: NetEx [ more ] [ reply ] Advisory - Fisheye and Crucible - CVE-2017-16861 2018-02-09 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/iPQyO and https://confluence.atlassian.com/x/h-QyO . CVE ID: * CVE-2017-16861. Product: Fisheye and Crucible. Affected Fisheye and Crucible product versions: version [ more ] [ reply ] SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro 2018-02-08 SEC Consult Vulnerability Lab (research sec-consult com) [SECURITY] [DSA 4107-1] django-anymail security update 2018-02-07 Salvatore Bonaccorso (carnil debian org) [security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) 2018-02-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c041977 64 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04197764 Version: 2 HPSBHF02981 rev.2 [ more ] [ reply ] [SECURITY] [DSA 4106-1] libtasn1-6 security update 2018-02-07 Salvatore Bonaccorso (carnil debian org) SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip 2018-02-07 SEC Consult Vulnerability Lab (research sec-consult com) [slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) 2018-02-07 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) New kernel packages are available for Slackware 14.2 to mitigate the speculative side channel attack known as Spectre variant 2. Here are the details from the Slackware 14.2 ChangeLog: +- [ more ] [ reply ] [SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform 2018-02-07 Security Explorations (contact security-explorations com) Hello All, A couple of weeks ago, Platform NC+ [1], one of the major digital SAT TV providers in Poland issued an official message [2] to subscribers about the policy of content security. Among other things, the following statements were included in it: "Platform nc+ as a technology leader in the [ more ] [ reply ] [CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities 2018-02-05 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Kaspersky Secure Mail Gateway Multiple Vulnerabilities 1. *Advisory Information* Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0010 Advisory URL: http://www.coresecurity.com/advisories/kaspe [ more ] [ reply ] [slackware-security] php (SSA:2018-034-01) 2018-02-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2018-034-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php [ more ] [ reply ] [security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection 2018-02-01 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030836 53 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03083653 Version: 1 MFSBGN03797 rev.1 [ more ] [ reply ] SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range 2018-02-01 SEC Consult Vulnerability Lab (research sec-consult com) We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-wa y-to-a-vibrant-future-from-iot-to-iod/index.html SEC Consult Vulnerability Lab Security Advisory < 20180201-0 > ================ [ more ] [ reply ] [SECURITY] [DSA 4103-1] chromium-browser security update 2018-02-01 Michael Gilbert (mgilbert debian org) Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 2018-02-01 Atlassian (security atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/lIIyO. CVE ID: * CVE-2017-14592 * CVE-2017-14593 * CVE-2017-17458 * CVE-2017-17831 Product: Sourcetree Affected Sourcetree product versions: Sourcetree for macOS 1.0b2 [ more ] [ reply ] KonaKart Path Traversal Vulnerability 2018-02-01 ajcraggs gmail com Product overview: "KonaKart is a java based eCommerce software platform trusted by top brands throughout the world to give them a stable, high- performance online store". Vulnerability overview: KonaKart eCommerce Platform prior to verion 8.8 is vulnerable to a directory traversal flaw in the adm [ more ] [ reply ] Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key 2018-01-31 cfpmontreal2018 recon cx - RECON MONTREAL 2018 - 0xE - CFP - Training Registration - Conference - Submit! - PGP key â??â??â??â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? [ more ] [ reply ] SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 2018-01-31 SEC Consult Vulnerability Lab (research sec-consult com) Defense in depth -- the Microsoft way (part 49): fun with application manifests 2018-01-30 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Microsoft built several bugs^W^Wfollowing features into the processing of (external) application manifests, i.e. XML files named <program>.exe.manifest which can accompany any portable executable <program>.exe JFTR: the file extension ".exe" is only used per convention; CreateProcess [ more ] [ reply ] [security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification 2018-01-26 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03814en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03814en_us Version: 1 HP [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2018-025-01) 2018-01-26 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2018-025-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ p [ more ] [ reply ] Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-01-29 Secunia Research (remove-vuln secunia com) [SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2018-01-29 matthias deeg syss de [security bulletin] HPESBHF03811 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities 2018-01-26 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03811en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03811en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBHF03812 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities 2018-01-26 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03812en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03812en_us Version: 1 HP [ more ] [ reply ] KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability 2018-01-26 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability Title: Sophos Web Gateway Persistent Cross Site Scripting Vulnerability Advisory ID: KL-001-2018-001 Publication Date: 2018.01.26 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-001.txt [ more ] [ reply ] [security bulletin] HPESBHF03813 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2018-01-25 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03813en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03813en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBHF03810 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Disclosure of Information 2018-01-25 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03810en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03810en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBHF03815 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2018-01-25 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03815en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03815en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBHF03808 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2018-01-25 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03808en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03808en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBHF03809 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Authentication Restriction Bypass 2018-01-25 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03809en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03809en_us Version: 1 HP [ more ] [ reply ] [slackware-security] curl (SSA:2018-024-01) 2018-01-25 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2018-024-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/c [ more ] [ reply ] WebKitGTK+ Security Advisory WSA-2018-0002 2018-01-24 Carlos Alberto Lopez Perez (clopez igalia com) CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability 2018-01-24 Akira Ajisaka (aajisaka apache org) CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Hadoop 2.7.3, 2.7.4 Description: In Apache Hadoop 2.7.3 and 2.7.4, the security fix for CVE-2016-3086 is incomplete. The YARN NodeManager can leak the passwo [ more ] [ reply ] APPLE-SA-2018-1-23-1 iOS 11.2.5 2018-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-23-1 iOS 11.2.5 iOS 11.2.5 is now available and addresses the following: Audio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted audio file may lead to arbi [ more ] [ reply ] APPLE-SA-2018-1-23-4 tvOS 11.2.5 2018-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-23-4 tvOS 11.2.5 tvOS 11.2.5 is now available and addresses the following: Audio Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Descri [ more ] [ reply ] APPLE-SA-2018-1-23-3 watchOS 4.2.2 2018-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-23-3 watchOS 4.2.2 watchOS 4.2.2 is now available and addresses the following: Audio Available for: All Apple Watch models Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory [ more ] [ reply ] APPLE-SA-2018-1-23-5 Safari 11.0.3 2018-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-23-5 Safari 11.0.3 Safari 11.0.3 is now available and addresses the following: WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.3 Impact: Processing maliciously crafted web content may [ more ] [ reply ] APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 2018-01-24 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 iCloud for Windows 7.3 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Descri [ more ] [ reply ] APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan 2018-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan are now available and address [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4123-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 24, 2018
[ more ] [ reply ]