|
|
Colapse all |
Post message
APPLE-SA-2018-1-23-3 watchOS 4.2.2 2018-01-23 Apple Product Security (product-security-noreply lists apple com) APPLE-SA-2018-1-23-5 Safari 11.0.3 2018-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-23-5 Safari 11.0.3 Safari 11.0.3 is now available and addresses the following: WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.3 Impact: Processing maliciously crafted web content may [ more ] [ reply ] APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 2018-01-24 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 iCloud for Windows 7.3 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Descri [ more ] [ reply ] APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan 2018-01-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan are now available and address [ more ] [ reply ] APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows 2018-01-24 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows iTunes 12.7.3 for Windows is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities 2018-01-23 DefenseCode (defensecode defensecode com) SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications 2018-01-23 SEC Consult Vulnerability Lab (research sec-consult com) [security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-22 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03805en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03805en_us Version: 7 HP [ more ] [ reply ] CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities 2018-01-22 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1833 Release Date: ============= 2018-01-22 Vulnerability Laboratory ID (VL-ID): ===================== [ more ] [ reply ] Photo Vault v1.2 iOS - Insecure Authentication Vulnerability 2018-01-19 Vulnerability Lab (admin vulnerability-lab com) Document Title: =============== Photo Vault v1.2 iOS - Insecure Authentication Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2110 Release Date: ============= 2018-01-16 Vulnerability Laboratory ID (VL-ID): ========================= [ more ] [ reply ] Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities 2018-01-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1922 Shopware Security Tracking ID: SW-19834 Security Update: http://community.shopware.com/Dow [ more ] [ reply ] CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities 2018-01-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1836 Release Date: ============= 2018-01-19 Vulnerability Laboratory ID (VL-ID): ================== [ more ] [ reply ] Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security) 2018-01-21 apparitionsec gmail com Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability 2018-01-21 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2056 MSRC ID: 0001010174 Release Date: ============= 2018-01-20 Vulnerability Laboratory ID (V [ more ] [ reply ] CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities 2018-01-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1835 Release Date: ============= 2018-01-17 Vulnerability Laboratory ID (VL-ID): ====== [ more ] [ reply ] CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability 2018-01-19 Jason Lowe (jlowe apache org) CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability Severity: Severe Vendor: The Apache Software Foundation Versions Affected: Hadoop 0.23.0 to 0.23.11 Hadoop 2.0.0-alpha to 2.8.2 Hadoop 3.0.0-alpha to 3.0.0-beta1 Users affected: Users running the MapReduce job history [ more ] [ reply ] [security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation 2018-01-17 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu 03806en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbmu03806en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-17 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03805en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03805en_us Version: 5 HP [ more ] [ reply ] [slackware-security] bind (SSA:2018-017-01) 2018-01-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2018-017-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +-------------------------- [ more ] [ reply ] [security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities 2018-01-17 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c039186 32 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03918632 Version: 3 HPSBGN02925 rev.3 [ more ] [ reply ] ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869 2018-01-16 tim kretschmann pallas com 1. ADVISORY SUMMARY LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php Risk: Medium Application: LiveZilla Versions Affected: 7.0.6.0 Vendor: LiveZilla GmbH Vendor URL: https://www.livezilla.net/ Sent to vendor: 04.12.2017 Vendor response: Acknowledge 04.12.2017 Published [ more ] [ reply ] MagicSpam 2.0.13 - Insecure File Permission Vulnerability 2018-01-15 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== MagicSpam 2.0.13 - Insecure File Permission Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2113 Release Date: ============= 2018-01-12 Vulnerability Laboratory ID (VL-ID): ============================ [ more ] [ reply ] Zenario v7.6 CMS - SQL Injection Web Vulnerability 2018-01-15 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Zenario v7.6 CMS - SQL Injection Web Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2043 Release Date: ============= 2018-01-16 Vulnerability Laboratory ID (VL-ID): =================================== [ more ] [ reply ] [RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2 2018-01-15 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Truncation of SAML Attributes in Shibboleth 2 RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may truncate attribute values without breaking the docume [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
APPLE-SA-2018-1-23-3 watchOS 4.2.2
watchOS 4.2.2 is now available and addresses the following:
Audio
Available for: All Apple Watch models
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory
[ more ] [ reply ]