|
|
Colapse all |
Post message
CSNC-2017-027 Microsoft Intune - App PIN Bypass 2018-02-13 Advisories (advisories compass-security com) [security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass 2018-02-12 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03819en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03819en_us Version: 1 HP [ more ] [ reply ] CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security) 2018-02-12 apparitionsec gmail com [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED- REMOTE-BUFFER-OVERFLOW.txt [+] ISR: Apparition Security [+] SSD Beyond Security Submission: https://blogs.securiteam.com/index [ more ] [ reply ] KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability Title: NetEx HyperIP Local File Inclusion Vulnerability Advisory ID: KL-001-2018-005 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt 1. Vulnerability Details A [ more ] [ reply ] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-09 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, since about two or three years now, Microsoft offers Skype as optional update on Windows/Microsoft Update. JFTR: for Microsoft's euphemistic use of "update" see <http://seclists.org/fulldisclosure/2018/Feb/17> Once installed, Skype uses its own proprietary update mechanism instead o [ more ] [ reply ] KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability Title: NetEx HyperIP Privilege Escalation Vulnerability Advisory ID: KL-001-2018-004 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-004.txt 1. Vulnerability Details A [ more ] [ reply ] KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution Title: NetEx HyperIP Post-Auth Command Execution Advisory ID: KL-001-2018-003 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-003.txt 1. Vulnerability Details Affected Vendor [ more ] [ reply ] KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass Title: Trend Micro IMSVA Management Portal Authentication Bypass Advisory ID: KL-001-2018-006 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-006.txt 1. Vulnerabili [ more ] [ reply ] KL-001-2018-002 : NetEx HyperIP Authentication Bypass 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-002 : NetEx HyperIP Authentication Bypass Title: NetEx HyperIP Authentication Bypass Advisory ID: KL-001-2018-002 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-002.txt 1. Vulnerability Details Affected Vendor: NetEx [ more ] [ reply ] Advisory - Fisheye and Crucible - CVE-2017-16861 2018-02-09 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/iPQyO and https://confluence.atlassian.com/x/h-QyO . CVE ID: * CVE-2017-16861. Product: Fisheye and Crucible. Affected Fisheye and Crucible product versions: version [ more ] [ reply ] SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro 2018-02-08 SEC Consult Vulnerability Lab (research sec-consult com) [SECURITY] [DSA 4107-1] django-anymail security update 2018-02-07 Salvatore Bonaccorso (carnil debian org) [security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) 2018-02-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c041977 64 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04197764 Version: 2 HPSBHF02981 rev.2 [ more ] [ reply ] [SECURITY] [DSA 4106-1] libtasn1-6 security update 2018-02-07 Salvatore Bonaccorso (carnil debian org) SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip 2018-02-07 SEC Consult Vulnerability Lab (research sec-consult com) [slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) 2018-02-07 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) New kernel packages are available for Slackware 14.2 to mitigate the speculative side channel attack known as Spectre variant 2. Here are the details from the Slackware 14.2 ChangeLog: +- [ more ] [ reply ] [SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform 2018-02-07 Security Explorations (contact security-explorations com) Hello All, A couple of weeks ago, Platform NC+ [1], one of the major digital SAT TV providers in Poland issued an official message [2] to subscribers about the policy of content security. Among other things, the following statements were included in it: "Platform nc+ as a technology leader in the [ more ] [ reply ] [CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities 2018-02-05 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Kaspersky Secure Mail Gateway Multiple Vulnerabilities 1. *Advisory Information* Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0010 Advisory URL: http://www.coresecurity.com/advisories/kaspe [ more ] [ reply ] [slackware-security] php (SSA:2018-034-01) 2018-02-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2018-034-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php [ more ] [ reply ] [security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection 2018-02-01 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030836 53 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03083653 Version: 1 MFSBGN03797 rev.1 [ more ] [ reply ] SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range 2018-02-01 SEC Consult Vulnerability Lab (research sec-consult com) We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-wa y-to-a-vibrant-future-from-iot-to-iod/index.html SEC Consult Vulnerability Lab Security Advisory < 20180201-0 > ================ [ more ] [ reply ] [SECURITY] [DSA 4103-1] chromium-browser security update 2018-02-01 Michael Gilbert (mgilbert debian org) |
|
Privacy Statement |
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Microsoft Intune [1]
# Vendor: Microsoft
# CSNC ID: CSNC-2017-027
# Sub
[ more ] [ reply ]