BugTraq Mode:
(Page 6 of 525)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 2018-02-01
Atlassian (security atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/lIIyO.

CVE ID:

* CVE-2017-14592
* CVE-2017-14593
* CVE-2017-17458
* CVE-2017-17831

Product: Sourcetree

Affected Sourcetree product versions:

Sourcetree for macOS 1.0b2

[ more ]  [ reply ]
KonaKart Path Traversal Vulnerability 2018-02-01
ajcraggs gmail com
Product overview:

"KonaKart is a java based eCommerce software platform trusted by top brands throughout the world to give them a stable, high-
performance online store".

Vulnerability overview:

KonaKart eCommerce Platform prior to verion 8.8 is vulnerable to a directory traversal flaw in the adm

[ more ]  [ reply ]
Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key 2018-01-31
cfpmontreal2018 recon cx
- RECON MONTREAL 2018 -

0xE - CFP - Training Registration - Conference - Submit! - PGP key
â??â??â??â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? 
â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? 
â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? 

[ more ]  [ reply ]
SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 2018-01-31
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180131-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Sprecher Automation SPRECON-E-C, PU-2433
vulnerable version: <8.49 (most vulnerabilities, see "Vu

[ more ]  [ reply ]
[SECURITY] [DSA 4094-2] smarty3 security update 2018-01-30
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4094-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
January 30, 2018

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 49): fun with application manifests 2018-01-30
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Microsoft built several bugs^W^Wfollowing features into the
processing of (external) application manifests, i.e. XML files
named <program>.exe.manifest which can accompany any portable
executable <program>.exe

JFTR: the file extension ".exe" is only used per convention;
CreateProcess

[ more ]  [ reply ]
[SECURITY] [DSA 4098-1] curl security update 2018-01-26
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4098-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
January 26, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4101-1] wireshark security update 2018-01-28
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4101-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 28, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4099-1] ffmpeg security update 2018-01-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4099-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2018

[ more ]  [ reply ]
[security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification 2018-01-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03814en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03814en_us

Version: 1

HP

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2018-025-01) 2018-01-26
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2018-025-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-01-29
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/01/29

LibRaw Multiple Denial of Service Vulnerabilities

======================================================================
Tab

[ more ]  [ reply ]
[SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2018-01-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-026
Product: Microsoft Surface Hub Keyboard
Manufacturer: Microsoft
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient Protection against Replay At

[ more ]  [ reply ]
[security bulletin] HPESBHF03811 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities 2018-01-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03811en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03811en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4100-1] tiff security update 2018-01-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4100-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2018

[ more ]  [ reply ]
[security bulletin] HPESBHF03812 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities 2018-01-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03812en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03812en_us

Version: 1

HP

[ more ]  [ reply ]
KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability 2018-01-26
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability

Title: Sophos Web Gateway Persistent Cross Site Scripting Vulnerability
Advisory ID: KL-001-2018-001
Publication Date: 2018.01.26
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-001.txt

[ more ]  [ reply ]
[security bulletin] HPESBHF03813 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03813en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03813en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03810 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Disclosure of Information 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03810en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03810en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03815 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03815en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03815en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03808 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03808en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03808en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03809 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Authentication Restriction Bypass 2018-01-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03809en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03809en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4097-1] poppler security update 2018-01-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4097-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 25, 2018

[ more ]  [ reply ]
[slackware-security] curl (SSA:2018-024-01) 2018-01-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2018-024-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/c

[ more ]  [ reply ]
[SECURITY] [DSA 4096-1] firefox-esr security update 2018-01-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4096-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 25, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4095-1] gcab security update 2018-01-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4095-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 24, 2018

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2018-0002 2018-01-24
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2018-0002
------------------------------------------------------------------------

Date reported : January 24, 2018
Advisory ID : WSA-2018-0002
Advisor

[ more ]  [ reply ]
CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability 2018-01-24
Akira Ajisaka (aajisaka apache org)
CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Hadoop 2.7.3, 2.7.4

Description:
In Apache Hadoop 2.7.3 and 2.7.4, the security fix for CVE-2016-3086 is incomplete.
The YARN NodeManager can leak the passwo

[ more ]  [ reply ]
APPLE-SA-2018-1-23-1 iOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-1 iOS 11.2.5

iOS 11.2.5 is now available and addresses the following:

Audio
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted audio file may lead to
arbi

[ more ]  [ reply ]
APPLE-SA-2018-1-23-4 tvOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-4 tvOS 11.2.5

tvOS 11.2.5 is now available and addresses the following:

Audio
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Descri

[ more ]  [ reply ]
APPLE-SA-2018-1-23-3 watchOS 4.2.2 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-3 watchOS 4.2.2

watchOS 4.2.2 is now available and addresses the following:

Audio
Available for: All Apple Watch models
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory

[ more ]  [ reply ]
APPLE-SA-2018-1-23-5 Safari 11.0.3 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-5 Safari 11.0.3

Safari 11.0.3 is now available and addresses the following:

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.3
Impact: Processing maliciously crafted web content may

[ more ]  [ reply ]
APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 2018-01-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-7 iCloud for Windows 7.3

iCloud for Windows 7.3 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Descri

[ more ]  [ reply ]
APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan 2018-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3,
Security Update 2018-001 Sierra,
and Security Update 2018-001 El Capitan

macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and
Security Update 2018-001 El Capitan are now available and address

[ more ]  [ reply ]
APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows 2018-01-24
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows

iTunes 12.7.3 for Windows is now available and addresses the
following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities 2018-01-23
DefenseCode (defensecode defensecode com)

           DefenseCode ThunderScan SAST Advisory
SugarCRM Community Edition Multiple SQL Injection Vulnerabilities

Advisory ID:    DC-2018-01-011
Advisory Title: SugarCRM Community Edition Multiple SQL Injection
Vulnerabilities
Advisory URL:   http://www.defensecode.com/advisories.php
Software:  

[ more ]  [ reply ]
SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications 2018-01-23
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180123-0 >
=======================================================================
title: XXE & Reflected XSS
product: Oracle Financial Services Analytical Applications
vulnerable version: 7.3.5.x, 8.0.x
fixed versi

[ more ]  [ reply ]
[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-22
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us

Version: 7

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4094-1] smarty3 security update 2018-01-22
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4094-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
January 22, 2018

[ more ]  [ reply ]
CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities 2018-01-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1833

Release Date:
=============
2018-01-22

Vulnerability Laboratory ID (VL-ID):
=====================

[ more ]  [ reply ]
Photo Vault v1.2 iOS - Insecure Authentication Vulnerability 2018-01-19
Vulnerability Lab (admin vulnerability-lab com)
Document Title:
===============
Photo Vault v1.2 iOS - Insecure Authentication Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2110

Release Date:
=============
2018-01-16

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1922

Shopware Security Tracking ID: SW-19834

Security Update:
http://community.shopware.com/Dow

[ more ]  [ reply ]
[SECURITY] [DSA 4093-1] openocd security update 2018-01-22
luciano debian org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4093-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
January 21, 2018

[ more ]  [ reply ]
CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1836

Release Date:
=============
2018-01-19

Vulnerability Laboratory ID (VL-ID):
==================

[ more ]  [ reply ]
Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security) 2018-01-21
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-JDEVELOPER-DIRECTORY-T
RAVERSAL.txt
[+] ISR: apparition security

Vendor:
=============
www.oracle.com

Product:
===========
JDeveloper IDE

Orac

[ more ]  [ reply ]
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability 2018-01-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2056

MSRC ID: 0001010174

Release Date:
=============
2018-01-20

Vulnerability Laboratory ID (V

[ more ]  [ reply ]
CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1835

Release Date:
=============
2018-01-17

Vulnerability Laboratory ID (VL-ID):
======

[ more ]  [ reply ]
CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability 2018-01-19
Jason Lowe (jlowe apache org)
CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability

Severity: Severe

Vendor: The Apache Software Foundation

Versions Affected:
Hadoop 0.23.0 to 0.23.11
Hadoop 2.0.0-alpha to 2.8.2
Hadoop 3.0.0-alpha to 3.0.0-beta1

Users affected: Users running the MapReduce job history

[ more ]  [ reply ]
[SECURITY] [DSA 4092-1] awstats security update 2018-01-19
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4092-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 19, 2018

[ more ]  [ reply ]
[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation 2018-01-17
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu
03806en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbmu03806en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-17
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us

Version: 5

HP

[ more ]  [ reply ]
[slackware-security] bind (SSA:2018-017-01) 2018-01-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2018-017-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities 2018-01-17
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c039186
32

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03918632

Version: 3

HPSBGN02925 rev.3

[ more ]  [ reply ]
[SECURITY] [DSA 4090-1] wordpress security update 2018-01-17
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4090-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 17, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4089-1] bind9 security update 2018-01-16
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4089-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 16, 2018

[ more ]  [ reply ]
ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869 2018-01-16
tim kretschmann pallas com
1. ADVISORY SUMMARY

LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php

Risk: Medium

Application: LiveZilla
Versions Affected: 7.0.6.0
Vendor: LiveZilla GmbH
Vendor URL: https://www.livezilla.net/

Sent to vendor: 04.12.2017
Vendor response: Acknowledge 04.12.2017
Published

[ more ]  [ reply ]
[SECURITY] [DSA 4088-1] gdk-pixbuf security update 2018-01-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4088-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 15, 2018

[ more ]  [ reply ]
MagicSpam 2.0.13 - Insecure File Permission Vulnerability 2018-01-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
MagicSpam 2.0.13 - Insecure File Permission Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2113

Release Date:
=============
2018-01-12

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Zenario v7.6 CMS - SQL Injection Web Vulnerability 2018-01-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Zenario v7.6 CMS - SQL Injection Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2043

Release Date:
=============
2018-01-16

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2 2018-01-15
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Truncation of SAML Attributes in Shibboleth 2

RedTeam Pentesting discovered that the shibd service of Shibboleth 2
does not extract SAML attribute values in a robust manner. By inserting
XML entities into a SAML response, attackers may truncate attribute
values without breaking the docume

[ more ]  [ reply ]
Broken TLS certificate pinning in VTech DigiGo Kid Connect app 2018-01-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Broken TLS certificate pinning in VTech DigiGo Kid Connect app
------------------------------------------------------------------------

Sipke Mellema, September 2017

------------------------------------------------------------

[ more ]  [ reply ]
Authentication bypass in Kaseya VSA 2018-01-13
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Authentication bypass in Kaseya VSA
------------------------------------------------------------------------

Kin Hung Cheng, Robert Hartshorn, May 2017

------------------------------------------------------------------------

A

[ more ]  [ reply ]
Arbitrary file read in Kaseya VSA 2018-01-13
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Arbitrary file read in Kaseya VSA
------------------------------------------------------------------------

Kin Hung Cheng, Robert Hartshorn, May 2017

------------------------------------------------------------------------

Abs

[ more ]  [ reply ]
[SECURITY] [DSA 4087-1] transmission security update 2018-01-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4087-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 14, 2018

[ more ]  [ reply ]
Multiple vulnerabilities in VTech DigiGo allow browser overlay attack 2018-01-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Multiple vulnerabilities in VTech DigiGo allow browser overlay attack
------------------------------------------------------------------------

Sipke Mellema, September 2017

-----------------------------------------------------

[ more ]  [ reply ]
Broken TLS certificate validation in VTech DigiGo browser 2018-01-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Broken TLS certificate validation in VTech DigiGo browser
------------------------------------------------------------------------

Sipke Mellema, September 2017

-----------------------------------------------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 4086-1] libxml2 security update 2018-01-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4086-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2018

[ more ]  [ reply ]
Seagate Media Server allows deleting of arbitrary files and folders 2018-01-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Seagate Media Server allows deleting of arbitrary files and folders
------------------------------------------------------------------------

Yorick Koster, September 2017

-------------------------------------------------------

[ more ]  [ reply ]
Adminer <= v4.3.1 Server Side Request Forgery 2018-01-14
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVE
R-SIDE-REQUEST-FORGERY.txt
[+] ISR: apparition security

Vendor:
==============
www.adminer.org

Product:
===============

[ more ]  [ reply ]
Code execution in Kaseya VSA 2018-01-13
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Code execution in Kaseya VSA
------------------------------------------------------------------------

Kin Hung Cheng, Robert Hartshorn, May 2017

------------------------------------------------------------------------

Abstract

[ more ]  [ reply ]
[security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege 2018-01-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03800en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03800en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4085-1] xmltooling security update 2018-01-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4085-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 12, 2018

[ more ]  [ reply ]
[security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass 2018-01-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns
03804en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbns03804en_us

Version: 1

HP

[ more ]  [ reply ]
Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2111

Release Date:
=============
2018-01-07

Vulnerability Laboratory ID (VL-ID):
===========

[ more ]  [ reply ]
[SECURITY] [DSA 4084-1] gifsicle security update 2018-01-12
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4084-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 12, 2018

[ more ]  [ reply ]
MagicSpam 2.0.13 - Insecure File Permission Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
MagicSpam 2.0.13 - Insecure File Permission Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2113

Release Date:
=============
2018-01-12

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Magento Commerce - SSRF & XSPA Web Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Magento Commerce - SSRF & XSPA Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1631

Release Date:
=============
2018-01-03

Vulnerability Laboratory ID (VL-ID):
====================================
1

[ more ]  [ reply ]
SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1819

Release Notes: http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/kn
own-issues?Parent

[ more ]  [ reply ]
Magento Connect T1 - (Claim) Persistent Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Magento Connect T1 - (Claim) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1469

Release Date:
=============
2018-01-08

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability 2018-01-12
Vulnerability Lab (submit vulnerability-lab com)
Document Title:
===============
Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1943

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5282

CVE-ID:
=======
CVE-2018-5282

Release Date:

[ more ]  [ reply ]
Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2005

Release Date:
=============
2018-01-12

Vulnerability Laboratory ID (VL-ID):
======================

[ more ]  [ reply ]
Flash Operator Panel v2.31.03 - Command Execution Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Flash Operator Panel v2.31.03 - Command Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1907

Release Date:
=============
2018-01-08

Vulnerability Laboratory ID (VL-ID):
=======================

[ more ]  [ reply ]
CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting 2018-01-11
Advisories (advisories compass-security com)
########################################################################
############################
#
# COMPASS SECURITY ADVISORY https://www.compass-security.com
########################################################################
############################
#
# CVE ID : CVE-2017-8802
# Produc

[ more ]  [ reply ]
[SECURITY] [DSA 4083-1] poco security update 2018-01-11
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4083-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 11, 2018

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2018-0001 2018-01-10
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2018-0001
------------------------------------------------------------------------

Date reported : January 10, 2018
Advisory ID : WSA-2018-0001
Advisor

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability 2018-01-10
DefenseCode (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider
         Plugin SQL injection Security Vulnerability

Advisory ID:    DC-2018-01-005
Advisory Title: WordPress Testimonial Slider Plugin SQL injection
 Security Vulnerability
Advisory URL:   http://www.defensecode.com

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability 2018-01-10
DefenseCode (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin
             SQL injection Security Vulnerability

Advisory ID:    DC-2018-01-004
Advisory Title: WordPress Smooth Slider Plugin SQL injection
 Security Vulnerability
Advisory URL:   http://www.defensecode.com/a

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities 2018-01-10
DefenseCode (defensecode defensecode com)
DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite
        Multiple SQL injection Security Vulnerabilities

Advisory ID:    DC-2017-01-003
Advisory Title: WordPress Dbox 3D Slider Lite Plugin Multiple
 SQL injection Security Vulnerabilities
Advisory URL:   http://www.

[ more ]  [ reply ]
Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637) 2018-01-10
chunibalon gmail com
Introduction:
================
The WVR-, WAR- and ER- products are the SOHO/WIFI routers of TP-Link.
These issues allow remote authenticated administrators to execute arbitrary commands via command injection through different variables of different lua files.
If the attacker obtains the account and

[ more ]  [ reply ]
[security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-09
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us

Version: 4

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4082-1] linux security update 2018-01-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4082-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 09, 2018

[ more ]  [ reply ]
CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used 2018-01-09
Imre Rad (radimre83 gmail com)
Jackson-databind is a popular library in Java for JSON
marshalling/unmarshalling.

It has a feature called default-typing: when the target class has some
polymorph fields inside (such as interfaces, abstract classes or the
Object base class), the library can include type info into the JSON
structure

[ more ]  [ reply ]
[SECURITY] [DSA 4080-1] php7.0 security update 2018-01-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4080-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 08, 2018

[ more ]  [ reply ]
[slackware-security] irssi (SSA:2018-008-01) 2018-01-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] irssi (SSA:2018-008-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[SECURITY] [DSA 4081-1] php5 security update 2018-01-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4081-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 08, 2018

[ more ]  [ reply ]
Response to Meltdown and Spectre 2018-01-08
Gordon Tetlow (gordon tetlows org)
By now, we're sure most everyone have heard of the Meltdown and Spectre
attacks. If not, head over to https://meltdownattack.com/ and get an
overview. Additional technical details are available from Google
Project Zero.
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory
-with-si

[ more ]  [ reply ]
APPLE-SA-2018-1-8-3 Safari 11.0.2 2018-01-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-8-3 Safari 11.0.2

Safari 11.0.2 is now available and and addresses the following:

Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6
Description: Safari 11.0.2 includes security improvements to mitigate
the effects of Sp

[ more ]  [ reply ]
APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update 2018-01-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update

macOS High Sierra 10.13.2 Supplemental Update is now available
and addresses the following:

Available for: macOS High Sierra 10.13.2
Description: macOS High Sierra 10.13.2 Supplementa

[ more ]  [ reply ]
APPLE-SA-2018-1-8-1 iOS 11.2.2 2018-01-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-8-1 iOS 11.2.2

iOS 11.2.2 is now available and and addresses the following:

Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Description: iOS 11.2.2 includes security improvements to Safari and
We

[ more ]  [ reply ]
WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities 2018-01-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1940

Release Date:
=============
2018-01-06

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
(Page 6 of 525)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus