BugTraq Mode:
(Page 7 of 525)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
[SECURITY] [DSA 4079-1] poppler security update 2018-01-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4079-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 07, 2018

[ more ]  [ reply ]
CVE-2017-16884 Mist Server v2.12 Unauthenticated Persistent XSS (hyp3rlinx / ApparitionSec) 2018-01-06
apparitionsec gmail com
[+] Credits: John Page (aka Hyp3rlinX)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTIC
ATED-PERSISTENT-XSS-CVE-2017-16884.txt
[+] ISR: ApparitionSec

Vendor:
=============
mistserver.org

Product:
=========

[ more ]  [ reply ]
CVE-2017-17055 Artica Web Proxy v3.06 Remote Code Execution (hyp3rlinx / ApparitionSec) 2018-01-06
apparitionsec gmail com
[+] Credits: John Page (aka Hyp3rlinX)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE
-CODE-EXECUTION-CVE-2017-17055.txt
[+] ISR: ApparitionSec

Vendor:
=======
www.articatech.com

Product:
=========
Artic

[ more ]  [ reply ]
Social Media Widget by Acurax [CSRF] 2018-01-07
Panagiotis Vagenas (pan vagenas gmail com)
* Exploit Title: Social Media Widget by Acurax [CSRF]
* Discovery Date: 2017-12-12
* Exploit Author: Panagiotis Vagenas
* Author Link: https://twitter.com/panVagenas
* Vendor Homepage: http://www.acurax.com/
* Software Link: https://wordpress.org/plugins/acurax-social-media-widget
* Version: 3.2.5
*

[ more ]  [ reply ]
Abyss Web Server < v2.11.6 Memory Heap Corruption (hyp3rlinx / apparitionsec) 2018-01-06
apparitionsec gmail com
[+] Credits: John Page (aka HyP3rlinX)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/ABYSS-WEB-SERVER-MEMORY-HEAP-
CORRUPTION.txt
[+] ISR: ApparitionSec

Vendor:
==========
aprelium.com

Product:
===========
Abyss Web Server < v2.11.6

[ more ]  [ reply ]
iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities 2018-01-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1927

Release Date:
=============
2018-01-04

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability 2018-01-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
SonicWall SonicOS NSA - Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1729

Release Date:
=============
2018-01-04

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities 2018-01-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2006

Release Date:
=============
2018-01-03

Vulnerability Laboratory ID (VL-ID):
========================

[ more ]  [ reply ]
[SECURITY] [DSA 4078-1] linux security update 2018-01-04
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4078-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
January 04, 2018

[ more ]  [ reply ]
Re "Intel responds to security research findings" 2018-01-03
Ed Maste (emaste freebsd org)
With respect to
https://newsroom.intel.com/news/intel-responds-to-security-research-find
ings/

The FreeBSD Security Team recently learned of the details of these
issues that affect certain CPUs. Details could not be discussed
publicly, but mitigation work is in progress.

Work is ongoing to develop

[ more ]  [ reply ]
Intel CPU bug forcing page table switch during syscalls? 2018-01-03
Pavel Machek (pavel ucw cz)
Hi!

It looks like there's Intel CPU bug, allowing prefetch from kernel
memory. It seems to be reason KASLR patches are pushed so fast to Linux.

https://mobile.twitter.com/brainsmoke/status/948561799875502080/photo/1
https://forums.freebsd.org/threads/63955/page-2#post-371276

Hmm.

Does that mean

[ more ]  [ reply ]
[security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code 2018-01-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03803en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03803en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] MFSBGN03793 rev.2 - Project and Portfolio Management Center, Multiple vulnerabilities 2018-01-03
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030144
26

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03014426

Version: 2

MFSBGN03793 rev.2

[ more ]  [ reply ]
CVE-2017-6094 - Genexis GAPS Access Control Vulnerability 2018-01-03
Antoine Neuenschwander (antoine schoggi org)
########################################################################
########
# #
# CVE-2017-6094 - Genexis GAPS Access Control Vulnerability #
#

[ more ]  [ reply ]
b2evolution CMS 6.6.0 - 6.8.10 PHP code execution 2018-01-02
Anti Räis (antirais gmail com)
b2evolution CMS 6.6.0 - 6.8.10 PHP code execution
#################################################

Information
===========

Name: b2evolution CMS 6.8.10
Software: b2evolution CMS
Homepage: http://b2evolution.net/
Vulnerability: PHP code execution
Prerequisites: publicly accessib

[ more ]  [ reply ]
Advisory - Bamboo - CVE-2017-14589 CVE-2017-14590 2018-01-03
Atlassian (security atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/6FcGO .

CVE ID:

* CVE-2017-14589.
* CVE-2017-14590.

Product: Bamboo.

Affected Bamboo product versions:

version < 6.1.6
6.2.0 <= version < 6.2.5

Fixed Bamboo product

[ more ]  [ reply ]
APPLE-SA-2017-12-13-1 iOS 11.2.1 2017-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-12-13-1 iOS 11.2.1

iOS 11.2.1 is now available and addresses the following:

HomeKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to unexpectedly alter
appli

[ more ]  [ reply ]
APPLE-SA-2017-12-13-2 tvOS 11.2.1 2017-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-12-13-2 tvOS 11.2.1

tvOS 11.2.1 is now available and addresses the following:

HomeKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: A

[ more ]  [ reply ]
AST-2017-012: Remote Crash Vulnerability in RTCP Stack 2017-12-13
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2017-012

Product Asterisk
Summary Remote Crash Vulnerability in RTCP Stack
Nature of Advisory Denial of Service

[ more ]  [ reply ]
APPLE-SA-2017-12-13-7 Additional information for APPLE-SA-2017-12-6-4 tvOS 11.2 2017-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-12-13-7 Additional information for
APPLE-SA-2017-12-6-4 tvOS 11.2

tvOS 11.2 addresses the following:

IOSurface
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
k

[ more ]  [ reply ]
ADVISORY - Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP POST data - CVE-2017-15524 2017-12-14
tim kretschmann pallas com
1. ADVISORY SUMMARY

Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP POST data

Risk: high

Application: Kemp Load Balancers - Module Application Firewall Pack (AFP)
Versions Affected: 7.1.30 (Nov 2015) to 7.2.40 (Oct 2017) // Older

[ more ]  [ reply ]
APPLE-SA-2017-12-13-5 Safari 11.0.2 2017-12-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-12-13-5 Safari 11.0.2

Safari 11.0.2 addresses the following:

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.2
Impact: Processing maliciously crafted web content may lead to
arbitrary co

[ more ]  [ reply ]
[SECURITY] [DSA 4064-1] chromium-browser security update 2017-12-12
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4064-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
December 12, 2017

[ more ]  [ reply ]
Advisory - Fisheye and Crucible - CVE-2017-14591 2017-12-10
Atlassian (security atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/qVcGO and
https://confluence.atlassian.com/x/plcGO .

CVE ID:

* CVE-2017-14591.

Product: Fisheye and Crucible.

Affected Fisheye and Crucible product versions:

version

[ more ]  [ reply ]
[SECURITY] [DSA 4062-1] firefox-esr security update 2017-12-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4062-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4060-1] wireshark security update 2017-12-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4060-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 09, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4061-1] thunderbird security update 2017-12-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4061-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2017

[ more ]  [ reply ]
[slackware-security] openssl (SSA:2017-342-01) 2017-12-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2017-342-01)

New openssl packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:12.openssl 2017-12-09
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:12.openssl Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 4059-1] libxcursor security update 2017-12-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4059-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 08, 2017

[ more ]  [ reply ]
CISTI'2018 -- Doctoral Symposium -- Call for contributions 2017-12-08
ML (marialemos72 gmail com)
------------------------------------------------------------------
Doctoral Symposium of CISTI'2018
13th Iberian Conference on Information Systems and Technologies
13 - 16 June 2018, Caceres, Spain
http://www.cisti.eu/
------------------------------------------------------------------------
---

The

[ more ]  [ reply ]
Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2017-12-08
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2017/12/08

LibRaw Multiple Denial of Service Vulnerabilities

=====================================================================

[ more ]  [ reply ]
[SECURITY] [DSA 4058-1] optipng security update 2017-12-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4058-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 08, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4057-1] erlang security update 2017-12-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4057-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 08, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4056-1] nova security update 2017-12-07
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4056-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
December 07, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4052-1] bzr security update 2017-11-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4052-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 29, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4051-1] curl security update 2017-11-29
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4051-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
November 29, 2017

[ more ]  [ reply ]
Advisory - Hipchat Data Center, Hipchat Server - CVE-2017-14585 2017-11-29
Matthew Hart (mhart atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This email refers to the advisory found at
https://confluence.atlassian.com/x/MXEGO .

CVE ID: CVE-2017-14585.

Products: Hipchat Data Center, Hipchat Server

Affected Hipchat Data Center product versions: 3.0.0 <= version < 3.1.0
Affected Hipchat S

[ more ]  [ reply ]
Advisory - Remote code execution in HipChat for Mac desktop client - CVE-2017-14586 2017-11-29
Matthew Hart (mhart atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This email refers to the advisory found at
https://confluence.atlassian.com/x/NXEGO .

CVE ID:

* CVE-2017-14586.

Product: Hipchat for Mac desktop client.

Affected Hipchat for Mac desktop client product versions:

4.0 <= version < 4.30

Fixed Hip

[ more ]  [ reply ]
[SECURITY] [DSA 4050-1] xen security update 2017-11-28
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4050-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 28, 2017

[ more ]  [ reply ]
Edward Snowden free speech at JBFone - Data Security & Privacy 2017-11-23
Vulnerability Lab (research vulnerability-lab com)
Title: Edward Snowden free speech at JBFone - Data Security & Privacy

Article:
https://www.vulnerability-db.com/?q=articles%2F2017%2F11%2F23%2Fedward-s
nowden-free-speech-jbfone-data-security-privacy

Video: https://www.youtube.com/watch?v=JF45xq0W15c

Press:
https://www.heise.de/newsticker/meldung/

[ more ]  [ reply ]
[SECURITY] [DSA 4046-1] libspring-ldap-java security update 2017-11-22
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4046-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
November 22, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4045-1] vlc security update 2017-11-21
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4045-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 21, 2017

[ more ]  [ reply ]
CSNC-2017-029 MyTy Blind SQL Injection 2017-11-21
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: MyTy
# Vendor: Finlane GmbH
# CSNC ID: CSNC-2017-029
# CVE ID: -
# Su

[ more ]  [ reply ]
[security bulletin] HPESBHF03798 rev.1 - HPE Proliant Gen10 Servers, DL20 Gen9, ML30 Gen9 and Certain Apollo Servers Using Intel Server Platform Service (SPS) v4.0, Local Denial of Service and Execution of Arbitrary Code 2017-11-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03798en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03798en_us

Version: 1

HP

[ more ]  [ reply ]
Secunia Research: Oracle Outside In Denial of Service Vulnerability 2017-11-21
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2017/10/21

Oracle Outside In Denial of Service Vulnerability

======================================================================

Table of Contents

Affected Software.

[ more ]  [ reply ]
[SECURITY] [DSA 4044-1] swauth security update 2017-11-21
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4044-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
November 21, 2017

[ more ]  [ reply ]
CSNC-2017-030 MyTy Reflected Cross-Site Scripting (XSS) 2017-11-21
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: MyTy
# Vendor: Finlane GmbH
# CSNC ID: CSNC-2017-030
# CVE ID: -
# Su

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat [REVISED] 2017-11-21
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:10.kldstat Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[CVE-2017-15044] DocuWare FullText Search - Incorrect Access Control vulnerability 2017-11-20
Graham Leggett (minfrin sharp fm)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2017-15044: DocuWare FullText Search - Incorrect Access Control vulnerability

Severity: High

- ------------------------------------------

Vendor:

DocuWare Europe GmbH
Therese-Giehse-Platz 2 82110 Germering Germany

- ------------------------

[ more ]  [ reply ]
[security bulletin] HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities 2017-11-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu
03794en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbmu03794en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities 2017-11-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu
03795en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbmu03795en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 4037-1] jackson-databind security update 2017-11-16
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4037-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
November 16, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4039-1] opensaml2 security update 2017-11-16
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4039-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 16, 2017

[ more ]  [ reply ]
[security bulletin] HPESBHF03705 rev.4 - HPE Integrated Lights-Out 4, 3, 2 and Moonshot Remote Console Administrator (iLO 4 and MRCA) Remote Disclosure of Information 2017-11-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-HPESBHF
03705en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: HPESBHF03705en_us

Version: 4

HP

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat 2017-11-15
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:10.kldstat Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:09.shm 2017-11-15
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:09.shm Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:08.ptrace 2017-11-15
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:08.ptrace Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 4036-1] mediawiki security update 2017-11-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4036-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 15, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4035-1] firefox-esr security update 2017-11-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4035-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 15, 2017

[ more ]  [ reply ]
Call for papers - WorldCIST'18 - Naples, Italy - Extended deadline: November 26 2017-11-15
Maria Lemos (marialemos72 gmail com)

* Proceedings by Springer

** Extended versions of best selected papers will be published in JCR/SCI/SSCI journals

------------------------------------------------------------------------
---------------------------
WorldCist'18 - 6th World Conference on Information Systems and Technologies

[ more ]  [ reply ]
CA20171114-01: Security Notice for CA Identity Governance 2017-11-14
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20171114-01: Security Notice for CA Identity Governance

Issued: November 14, 2017
Last Updated: November 14, 2017

CA Technologies support is alerting customers to a potential risk
with CA Identity Governance. A vulnerability exists that can
potent

[ more ]  [ reply ]
[SECURITY] [DSA 4033-1] konversation security update 2017-11-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4033-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 13, 2017

[ more ]  [ reply ]
[CVE-2017-15288] A privilege escalation vulnerability in the Scala compilation daemon 2017-11-13
jason zaugg lightbend com
A privilege escalation vulnerability has been identified in the Scala compilation daemon.

The compile daemon is started explicitly by the `fsc` command, or implicitly by executing
a Scala source file as a script (e.g `scala MyScript.scala`). Note: Using the `scala`
command to start a REPL or to run

[ more ]  [ reply ]
Symantec Endpoint Protection (SEP) v12.1 Tamper-protection Bypass CVE-2017-6331 (hyp3rlinx) 2017-11-13
apparitionsec gmail com
[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-6331-SYMANTEC-ENDPOI
NT-PROTECTION-TAMPER-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec

Vendor:
=======
www.symantec.com

Product:
==========

[ more ]  [ reply ]
[SECURITY] [DSA 4032-1] imagemagick security update 2017-11-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4032-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 12, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4031-1] ruby2.3 security update 2017-11-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4031-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 11, 2017

[ more ]  [ reply ]
Bypassable authentication in SingTel / Aztech DSL8900GR(AC) router 2017-11-11
cort accelerateworkshop com
Credit: Cort
Date: 5 Aug 2017
CVE: Not assigned
Vendor: Aztech (https://www.aztech.com) / SingTel (https://www.singtel.com/)
Product: Aztech DSL8900GR(AC) router
Versions Affected: firmware 340.6.1-007 (latest available as of 9 Nov 2017)
CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

[ more ]  [ reply ]
[SECURITY] [DSA 4006-2] mupdf security update 2017-11-10
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4006-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
November 10, 2017

[ more ]  [ reply ]
Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server 2017-11-10
X41 D-Sec GmbH Advisories (advisories x41-dsec de)

X41 D-Sec GmbH Security Advisory: X41-2017-006

Multiple Vulnerabilities in PSFTPd Windows FTP Server
=====================================================

Overview
--------
Confirmed Affected Versions: 10.0.4 Build 729
Confirmed Patched Versions: None
Vendor: Sergei Pleis Softwareentwicklung
Vend

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2017-0009 2017-11-10
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2017-0009
------------------------------------------------------------------------

Date reported : November 10, 2017
Advisory ID : WSA-2017-0009
Adviso

[ more ]  [ reply ]
[RT-SA-2016-008] XML External Entity Expansion in Ladon Webservice 2017-11-09
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: XML External Entity Expansion in Ladon Webservice

Attackers who can send SOAP messages to a Ladon webservice via the HTTP
interface of the Ladon webservice can exploit an XML external entity expansion
vulnerability and read local files, forge server side requests or overload the
service w

[ more ]  [ reply ]
[SECURITY] [DSA 4029-1] postgresql-common security update 2017-11-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4029-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 09, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4028-1] postgresql-9.6 security update 2017-11-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4028-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 09, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4027-1] postgresql-9.4 security update 2017-11-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4027-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 09, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4026-1] bchunk security update 2017-11-09
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4026-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
November 09, 2017

[ more ]  [ reply ]
Datto Windows Agent 1.0.5.0 Remote Command Execution [CVE-2017-16673][CVE-2017-16674] 2017-11-09
brainn gmail com
Credits
=======
Brian Vincent, Michael Brumlow

Software
========
Datto Windows Agent

Vulnerability Details
=====================
Discovered: Aug 25, 2017
Type: Remote code execution as LocalSystem
Severity: Critical

Description
===========

CVE-2017-16673
Software: Datto Backup Agent for Windows,

[ more ]  [ reply ]
AST-2017-009: Buffer overflow in pjproject header parsing can cause crash in Asterisk 2017-11-08
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2017-009

Product Asterisk
Summary Buffer overflow in pjproject header parsing can
cause crash in Asterisk

[ more ]  [ reply ]
AST-2017-010: Buffer overflow in CDR's set user 2017-11-08
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2017-010

Product Asterisk
Summary Buffer overflow in CDR's set user
Nature of Advisory Buffer Overflow

[ more ]  [ reply ]
AST-2017-011: Memory leak in pjsip session resource 2017-11-08
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2017-011

Product Asterisk
Summary Memory leak in pjsip session resource
Nature of Advisory Memory leak

[ more ]  [ reply ]
[SECURITY] [DSA 4025-1] libpam4j security update 2017-11-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4025-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 08, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4021-1] otrs2 security update 2017-11-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4021-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 07, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4020-1] chromium-browser security update 2017-11-07
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4020-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
November 05, 2017

[ more ]  [ reply ]
CVE-2017-9096 iText XML External Entity Vulnerability 2017-11-06
Advisories (advisories compass-security com)
##################################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#
##################################################################
#
# Product: iText PDF Library
# Vendor: iText Group
# CVE ID: CVE-2017-909

[ more ]  [ reply ]
Call for papers - WorldCIST'18 - Naples, Italy - Extended deadline: November 22 2017-11-05
ML (marialemos72 gmail com)

* Proceedings by Springer

** Extended versions of best selected papers will be published in JCR/SCI/SSCI journals

------------------------------------------------------------------------
---------------------------
WorldCist'18 - 6th World Conference on Information Systems and Technologies

[ more ]  [ reply ]
Webmin v1.850 Remote Code Execution (hyp3rlinx / apparitionsec) 2017-11-05
apparitionsec gmail com
[+] SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3430
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/WEBMIN-v1.850-REMOTE-COMMAND-
EXECUTION.txt
[+] ISR: ApparitionSec

Vulner

[ more ]  [ reply ]
[SECURITY] [DSA 4019-1] imagemagick security update 2017-11-05
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4019-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 05, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 4016-1] irssi security update 2017-11-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4016-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 03, 2017

[ more ]  [ reply ]
KL-001-2017-022 : Splunk Local Privilege Escalation 2017-11-03
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-022 : Splunk Local Privilege Escalation

Title: Splunk Local Privilege Escalation
Advisory ID: KL-001-2017-022
Publication Date: 2017.11.03
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-022.txt

1. Vulnerability Details

Affected Vendor: Splunk
Af

[ more ]  [ reply ]
[SECURITY] [DSA 4015-1] openjdk-8 security update 2017-11-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4015-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 02, 2017

[ more ]  [ reply ]
APPLE-SA-2017-10-31-6 iTunes 12.7.1 for Windows 2017-10-31
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-6 iTunes 12.7.1 for Windows

iTunes 12.7.1 for Windows is now available and addresses the
following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution

[ more ]  [ reply ]
APPLE-SA-2017-10-31-11 Additional information for APPLE-SA-2017-09-20-3 tvOS 11 2017-10-31
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-11
Additional information for APPLE-SA-2017-09-20-3 tvOS 11

tvOS 11 addresses the following:

802.1X
Available for: Apple TV (4th generation)
Impact: An attacker may be able to exploit weaknesses in TLS 1.0
Description: A protocol

[ more ]  [ reply ]
APPLE-SA-2017-10-31-2 macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan 2017-10-31
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-2 macOS High Sierra 10.13.1,
Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan

macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security
Update 2017-004 El Capitan are now available and address the
fo

[ more ]  [ reply ]
APPLE-SA-2017-10-31-12 Additional information for APPLE-SA-2017-09-25-9 macOS Server 5.4 2017-10-31
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-12
Additional information for APPLE-SA-2017-09-25-9 macOS Server 5.4

macOS Server 5.4 addresses the following:

FreeRadius
Available for: macOS High Sierra 10.13
Impact: Multiple issues in FreeRADIUS
Description: Multiple issues

[ more ]  [ reply ]
APPLE-SA-2017-10-31-3 tvOS 11.1 2017-10-31
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-3 tvOS 11.1

tvOS 11.1 is now available and addresses the following:

CoreText
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted text file may lead to an
unexpected application termin

[ more ]  [ reply ]
APPLE-SA-2017-10-31-10 Additional information for APPLE-SA-2017-09-20-2 watchOS 4 2017-10-31
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-10
Additional information for APPLE-SA-2017-09-20-2 watchOS 4

watchOS 4 addresses the following:

802.1X
Available for: All Apple Watch models
Impact: An attacker may be able to exploit weaknesses in TLS 1.0
Description: A protoco

[ more ]  [ reply ]
APPLE-SA-2017-10-31-7 iCloud for Windows 7.1 2017-10-31
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-7 iCloud for Windows 7.1

iCloud for Windows 7.1 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Descr

[ more ]  [ reply ]
APPLE-SA-2017-10-31-9 Additional information for APPLE-SA-2017-09-19-1 iOS 11 2017-10-31
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-9
Additional information for APPLE-SA-2017-09-19-1 iOS 11

iOS 11 addresses the following:

802.1X
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit wea

[ more ]  [ reply ]
APPLE-SA-2017-10-31-4 watchOS 4.1 2017-10-31
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-4 watchOS 4.1

watchOS 4.1 is now available and addresses the following:

CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted text file may lead to an
unexpected application termination
Descripti

[ more ]  [ reply ]
[security bulletin] HPESBHF03785 rev.1 - HPE B-Series SAN Network Advisor Software, Multiple Remote Vulnerabilities 2017-10-30
HPE Product Security Response Team (security-alert hpe com)
-----Original Message-----

From: security-alert (at) hpe (dot) com [email concealed] [mailto:security-alert (at) hpe (dot) com [email concealed]]

Sent: Tuesday, October 17, 2017 3:27 PM

Subject: [security bulletin] HPESBHF03785 rev.1 - HPE B-Series SAN Network Advisor Software, Multiple Remote Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----

Hash

[ more ]  [ reply ]
(Page 7 of 525)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus