Colapse all |
Post message
[SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02 Sebastien Delafond (seb debian org) DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery 2018-03-06 Defense Code (defensecode defensecode com) KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service 2018-03-02 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service Advisory ID: KL-001-2018-007 Publication Date: 2018.03.02 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt 1. Vul [ more ] [ reply ] DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities 2018-03-06 Defense Code (defensecode defensecode com) DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Product Attributes 2018-03-06 Defense Code (defensecode defensecode com) DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Downloadable Products 2018-03-06 Defense Code (defensecode defensecode com) DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery 2018-03-06 Defense Code (defensecode defensecode com) CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01 spinfoo (spinfoo protonmail com) Product: HPE System Management Homepage Versions: 7.6.0.11 and minor versions Vulnerability: JavaScript Injection in file gsearch.php, parameter prod OWASP TOP 10: A1 Injection Type: Javascript Injection Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack, execute arbitrary J [ more ] [ reply ] KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service 2018-03-02 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service Advisory ID: KL-001-2018-007 Publication Date: 2018.03.02 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt 1. Vul [ more ] [ reply ] [SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02 Sebastien Delafond (seb debian org) [security bulletin] MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) 2018-03-01 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031038 96 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03103896 Version: 1 MFSBGN03801 rev.1 [ more ] [ reply ] [Newsletter/Marketing] [slackware-security] dhcp (SSA:2018-060-01) 2018-03-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] dhcp (SSA:2018-060-01) New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ [ more ] [ reply ] [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) 2018-03-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2018-060-02) New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp [ more ] [ reply ] CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01 spinfoo (spinfoo protonmail com) Product: HPE System Management Homepage Versions: 7.6.0.11 and minor versions Vulnerability: JavaScript Injection in file gsearch.php, parameter prod OWASP TOP 10: A1 Injection Type: Javascript Injection Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack, execute arbitrary Ja [ more ] [ reply ] [security bulletin] MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities 2018-02-28 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030605 44 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03060544 Version: 2 MFSBGN03794 rev.2 [ more ] [ reply ] Secunia Research: Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability 2018-02-28 Secunia Research (remove-vuln secunia com) SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management 2018-02-28 SEC Consult Vulnerability Lab (research sec-consult com) [security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service 2018-02-27 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03826en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03826en_us Version: 1 HP [ more ] [ reply ] SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket 2018-02-27 SEC Consult Vulnerability Lab (research sec-consult com) ES2018-03 Asterisk pjsip sdp invalid media format description segfault 2018-02-26 Sandro Gauci (sandro enablesecurity com) # Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` - References: AST-2018-002 - Enable Secu [ more ] [ reply ] ES2018-04 Asterisk pjsip tcp segfault 2018-02-26 Sandro Gauci (sandro enablesecurity com) # Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` installed with `--with-pjproject-b [ more ] [ reply ] ES2018-02 Asterisk pjsip sdp invalid fmtp segfault 2018-02-26 Sandro Gauci (sandro enablesecurity com) # Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` - References: AST-2018-003 - Enable Security Advis [ more ] [ reply ] ES2018-01 Asterisk pjsip subscribe stack corruption 2018-02-26 Sandro Gauci (sandro enablesecurity com) # SUBSCRIBE message with a large Accept value causes stack corruption - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` - Tested vulnerable versions: 15.2.0, 13.19.0, 14.7. [ more ] [ reply ] CMS Made Simple 2.1.6 - Remote Code Execution 2018-02-26 displaymyname gmail con # Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution # Date: 2018-02-26 # Exploit Author: Keerati T. # Vendor Homepage: http://www.cmsmadesimple.org/ # Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip # Version: 2.1.6 # CVE: CVE-2018-7448 # Tested on: Li [ more ] [ reply ] [security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance 2018-02-22 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030860 19 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03086019 Version: 1 MFSBGN03798 rev.1 [ more ] [ reply ] Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 2018-02-22 Justin Bull (me justinbull ca) On Wed, Feb 21, 2018 at 5:17 PM, Justin Bull <me (at) justinbull (dot) ca [email concealed]> wrote: > Solution: > --------- > Upgrade to Doorkeeper v4.2.6 or later > Apologies. This fails to account for a non-trivial scenario. Any software using Doorkeeper that has generated its own custom views[0] requires manual work to ver [ more ] [ reply ] [CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities 2018-02-21 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. *Advisory Information* Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0006 Advisory URL: http://www.coresecurity.com/ad [ more ] [ reply ] DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability 2018-02-21 Defense Code (defensecode defensecode com) SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors 2018-02-21 SEC Consult Vulnerability Lab (research sec-consult com) We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby -monitors-fail-to-be-smart/index.html SEC Consult Vulnerability Lab Security Advisory < 20180221-0 > =========================== [ more ] [ reply ] Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21 nafiez (nafiez skins gmail com) (1 replies) Unshar scans the input files (typically email messages) looking for the start of a shell archive. If no files are given, then standard input is processed instead. Shipped along with Sharutils. Bug was found with AFL. ================================================================= ==11164= [ more ] [ reply ] Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS 2018-02-21 preethiknambiar gmail com Multiple Persistent XSS vulnerabilities in Radiant Content Management System 2018-02-20 suparna kachru gmail com *1. Introduction* Vendor : Radiant Affected Product : Radiant CMS 1.1.4 Fixed in : NA Vendor Website : http://radiantcms.org/ Vulnerability Type : Persistent XSS Remote Exploitable : Yes CVE External Identifier : CVE-2018-7261 *2. Overview* Technical Description: There are multiple P [ more ] [ reply ] APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update macOS High Sierra 10.13.3 Supplemental Update is now available and addresses the following: CoreText Available for: macOS High Sierra 10.13.3 Impact: Processing a maliciously crafte [ more ] [ reply ] APPLE-SA-2018-02-19-3 tvOS 11.2.6 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-3 tvOS 11.2.6 tvOS 11.2.6 is now available and addresses the following: CoreText Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted string may lead to heap corruption Description: A [ more ] [ reply ] APPLE-SA-2018-02-19-1 iOS 11.2.6 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-1 iOS 11.2.6 iOS 11.2.6 is now available and addresses the following: CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to heap [ more ] [ reply ] APPLE-SA-2018-02-19-4 watchOS 4.2.3 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-4 watchOS 4.2.3 watchOS 4.2.3 is now available and addresses the following: CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corrupti [ more ] [ reply ] Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) 2018-02-18 displaymyname gmail com # Exploit Title: Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) # Date: 18-02-2018 # Software Link: https://www.kentico.com # Exploit Author: Keerati T. # CVE: CVE-2018-7205 # Category: webapps 1. Description Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Onli [ more ] [ reply ] [SECURITY] [DSA 4118-1] tomcat-native security update 2018-02-17 Salvatore Bonaccorso (carnil debian org) Kentico CMS version 9 through 11 - Arbitrary Code Execution 2018-02-17 displaymyname gmail com # Exploit Title: Kentico CMS version 9 through 11 - Arbitrary Code Execution # Date: 17-02-2018 # Software Link: https://www.kentico.com # Exploit Author: Keerati T. # CVE: CVE-2018-7046 # Category: webapps 1. Description Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Mar [ more ] [ reply ] [SECURITY] [DSA 4116-1] plasma-workspace security update 2018-02-16 Moritz Muehlenhoff (jmm debian org) Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12 2018-02-16 dkl mozilla com Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: * A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had [ more ] [ reply ] [slackware-security] irssi (SSA:2018-046-01) 2018-02-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] irssi (SSA:2018-046-01) New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload 2018-02-15 Arvind Vishwakarma (arvind12786 gmail com) ------------------------------------------------------------------ Vulnerability Type: Unrestricted File Upload Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Malicous File Upload --------- [ more ] [ reply ] Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF 2018-02-15 Arvind Vishwakarma (arvind12786 gmail com) ----------------------------------------------------- Vulnerability Type: Cross Site Request Forgery (CSRF) Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Unauthorised Access -------------- [ more ] [ reply ] [SECURITY] [DSA 4114-1] jackson-databind security update 2018-02-15 Sebastien Delafond (seb debian org) NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security) 2018-02-14 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTIO N-CVE-2018-6940.txt [+] ISR: Apparition Security [-_-] D1rty0tis Vendor: ============= www.nat32.com Product: ================= NAT32 Build (22284) [ more ] [ reply ] Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS 2018-02-14 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, yesterdays "Security update deployment information: February 13, 2018" <https://support.microsoft.com/en-us/help/20180213> links the following MSKB articles for the security updates of Microsoft's Office products: <https://support.microsoft.com/kb/4011715> <https://support.microsoft.com/kb/ [ more ] [ reply ] [security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification 2018-02-13 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030911 03 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03091103 Version: 1 MFSBGN03800 rev.1 [ more ] [ reply ] CSNC-2017-027 Microsoft Intune - App PIN Bypass 2018-02-13 Advisories (advisories compass-security com) ############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: Microsoft Intune [1] # Vendor: Microsoft # CSNC ID: CSNC-2017-027 # Sub [ more ] [ reply ] [security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass 2018-02-12 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03819en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03819en_us Version: 1 HP [ more ] [ reply ] CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security) 2018-02-12 apparitionsec gmail com [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED- REMOTE-BUFFER-OVERFLOW.txt [+] ISR: Apparition Security [+] SSD Beyond Security Submission: https://blogs.securiteam.com/index [ more ] [ reply ] KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability Title: NetEx HyperIP Local File Inclusion Vulnerability Advisory ID: KL-001-2018-005 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt 1. Vulnerability Details A [ more ] [ reply ] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-09 Stefan Kanthak (stefan kanthak nexgo de) (1 replies) Hi @ll, since about two or three years now, Microsoft offers Skype as optional update on Windows/Microsoft Update. JFTR: for Microsoft's euphemistic use of "update" see <http://seclists.org/fulldisclosure/2018/Feb/17> Once installed, Skype uses its own proprietary update mechanism instead o [ more ] [ reply ] Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-15 Jeffrey Walton (noloader gmail com) (1 replies) Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-15 Stefan Kanthak (stefan kanthak nexgo de) KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability Title: NetEx HyperIP Privilege Escalation Vulnerability Advisory ID: KL-001-2018-004 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-004.txt 1. Vulnerability Details A [ more ] [ reply ] KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution Title: NetEx HyperIP Post-Auth Command Execution Advisory ID: KL-001-2018-003 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-003.txt 1. Vulnerability Details Affected Vendor [ more ] [ reply ] KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass Title: Trend Micro IMSVA Management Portal Authentication Bypass Advisory ID: KL-001-2018-006 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-006.txt 1. Vulnerabili [ more ] [ reply ] KL-001-2018-002 : NetEx HyperIP Authentication Bypass 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-002 : NetEx HyperIP Authentication Bypass Title: NetEx HyperIP Authentication Bypass Advisory ID: KL-001-2018-002 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-002.txt 1. Vulnerability Details Affected Vendor: NetEx [ more ] [ reply ] Advisory - Fisheye and Crucible - CVE-2017-16861 2018-02-09 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/iPQyO and https://confluence.atlassian.com/x/h-QyO . CVE ID: * CVE-2017-16861. Product: Fisheye and Crucible. Affected Fisheye and Crucible product versions: version [ more ] [ reply ] SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro 2018-02-08 SEC Consult Vulnerability Lab (research sec-consult com) [SECURITY] [DSA 4107-1] django-anymail security update 2018-02-07 Salvatore Bonaccorso (carnil debian org) [security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) 2018-02-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c041977 64 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04197764 Version: 2 HPSBHF02981 rev.2 [ more ] [ reply ] [SECURITY] [DSA 4106-1] libtasn1-6 security update 2018-02-07 Salvatore Bonaccorso (carnil debian org) SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip 2018-02-07 SEC Consult Vulnerability Lab (research sec-consult com) [slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) 2018-02-07 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) New kernel packages are available for Slackware 14.2 to mitigate the speculative side channel attack known as Spectre variant 2. Here are the details from the Slackware 14.2 ChangeLog: +- [ more ] [ reply ] [SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform 2018-02-07 Security Explorations (contact security-explorations com) Hello All, A couple of weeks ago, Platform NC+ [1], one of the major digital SAT TV providers in Poland issued an official message [2] to subscribers about the policy of content security. Among other things, the following statements were included in it: "Platform nc+ as a technology leader in the [ more ] [ reply ] [CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities 2018-02-05 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Kaspersky Secure Mail Gateway Multiple Vulnerabilities 1. *Advisory Information* Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0010 Advisory URL: http://www.coresecurity.com/advisories/kaspe [ more ] [ reply ] [slackware-security] php (SSA:2018-034-01) 2018-02-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2018-034-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php [ more ] [ reply ] [security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection 2018-02-01 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030836 53 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03083653 Version: 1 MFSBGN03797 rev.1 [ more ] [ reply ] SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range 2018-02-01 SEC Consult Vulnerability Lab (research sec-consult com) We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-wa y-to-a-vibrant-future-from-iot-to-iod/index.html SEC Consult Vulnerability Lab Security Advisory < 20180201-0 > ================ [ more ] [ reply ] [SECURITY] [DSA 4103-1] chromium-browser security update 2018-02-01 Michael Gilbert (mgilbert debian org) |
Privacy Statement |
Hash: SHA512
-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4128-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 02, 2018
[ more ] [ reply ]