|
|
Colapse all |
Post message
Datto Windows Agent 1.0.5.0 Remote Command Execution [CVE-2017-16673][CVE-2017-16674] 2017-11-09 brainn gmail com AST-2017-009: Buffer overflow in pjproject header parsing can cause crash in Asterisk 2017-11-08 Asterisk Security Team (security asterisk org) AST-2017-010: Buffer overflow in CDR's set user 2017-11-08 Asterisk Security Team (security asterisk org) AST-2017-011: Memory leak in pjsip session resource 2017-11-08 Asterisk Security Team (security asterisk org) [SECURITY] [DSA 4020-1] chromium-browser security update 2017-11-07 Michael Gilbert (mgilbert debian org) CVE-2017-9096 iText XML External Entity Vulnerability 2017-11-06 Advisories (advisories compass-security com) ################################################################## # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/en/research/advisories/ # ################################################################## # # Product: iText PDF Library # Vendor: iText Group # CVE ID: CVE-2017-909 [ more ] [ reply ] Call for papers - WorldCIST'18 - Naples, Italy - Extended deadline: November 22 2017-11-05 ML (marialemos72 gmail com) * Proceedings by Springer ** Extended versions of best selected papers will be published in JCR/SCI/SSCI journals ------------------------------------------------------------------------ --------------------------- WorldCist'18 - 6th World Conference on Information Systems and Technologies [ more ] [ reply ] Webmin v1.850 Remote Code Execution (hyp3rlinx / apparitionsec) 2017-11-05 apparitionsec gmail com [+] SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3430 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WEBMIN-v1.850-REMOTE-COMMAND- EXECUTION.txt [+] ISR: ApparitionSec Vulner [ more ] [ reply ] KL-001-2017-022 : Splunk Local Privilege Escalation 2017-11-03 KoreLogic Disclosures (disclosures korelogic com) KL-001-2017-022 : Splunk Local Privilege Escalation Title: Splunk Local Privilege Escalation Advisory ID: KL-001-2017-022 Publication Date: 2017.11.03 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-022.txt 1. Vulnerability Details Affected Vendor: Splunk Af [ more ] [ reply ] APPLE-SA-2017-10-31-6 iTunes 12.7.1 for Windows 2017-10-31 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-6 iTunes 12.7.1 for Windows iTunes 12.7.1 for Windows is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution [ more ] [ reply ] APPLE-SA-2017-10-31-11 Additional information for APPLE-SA-2017-09-20-3 tvOS 11 2017-10-31 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-11 Additional information for APPLE-SA-2017-09-20-3 tvOS 11 tvOS 11 addresses the following: 802.1X Available for: Apple TV (4th generation) Impact: An attacker may be able to exploit weaknesses in TLS 1.0 Description: A protocol [ more ] [ reply ] APPLE-SA-2017-10-31-2 macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan 2017-10-31 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-2 macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan are now available and address the fo [ more ] [ reply ] APPLE-SA-2017-10-31-12 Additional information for APPLE-SA-2017-09-25-9 macOS Server 5.4 2017-10-31 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-12 Additional information for APPLE-SA-2017-09-25-9 macOS Server 5.4 macOS Server 5.4 addresses the following: FreeRadius Available for: macOS High Sierra 10.13 Impact: Multiple issues in FreeRADIUS Description: Multiple issues [ more ] [ reply ] APPLE-SA-2017-10-31-3 tvOS 11.1 2017-10-31 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-3 tvOS 11.1 tvOS 11.1 is now available and addresses the following: CoreText Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted text file may lead to an unexpected application termin [ more ] [ reply ] APPLE-SA-2017-10-31-10 Additional information for APPLE-SA-2017-09-20-2 watchOS 4 2017-10-31 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-10 Additional information for APPLE-SA-2017-09-20-2 watchOS 4 watchOS 4 addresses the following: 802.1X Available for: All Apple Watch models Impact: An attacker may be able to exploit weaknesses in TLS 1.0 Description: A protoco [ more ] [ reply ] APPLE-SA-2017-10-31-7 iCloud for Windows 7.1 2017-10-31 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-7 iCloud for Windows 7.1 iCloud for Windows 7.1 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Descr [ more ] [ reply ] APPLE-SA-2017-10-31-9 Additional information for APPLE-SA-2017-09-19-1 iOS 11 2017-10-31 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-9 Additional information for APPLE-SA-2017-09-19-1 iOS 11 iOS 11 addresses the following: 802.1X Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit wea [ more ] [ reply ] APPLE-SA-2017-10-31-4 watchOS 4.1 2017-10-31 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-4 watchOS 4.1 watchOS 4.1 is now available and addresses the following: CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted text file may lead to an unexpected application termination Descripti [ more ] [ reply ] [security bulletin] HPESBHF03785 rev.1 - HPE B-Series SAN Network Advisor Software, Multiple Remote Vulnerabilities 2017-10-30 HPE Product Security Response Team (security-alert hpe com) -----Original Message----- From: security-alert (at) hpe (dot) com [email concealed] [mailto:security-alert (at) hpe (dot) com [email concealed]] Sent: Tuesday, October 17, 2017 3:27 PM Subject: [security bulletin] HPESBHF03785 rev.1 - HPE B-Series SAN Network Advisor Software, Multiple Remote Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash [ more ] [ reply ] [SECURITY] [DSA 4009-1] shadowsocks-libev security update 2017-10-29 Moritz Muehlenhoff (jmm debian org) [slackware-security] wget (SSA:2017-300-02) 2017-10-27 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] wget (SSA:2017-300-02) New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ [ more ] [ reply ] [security bulletin] HPESBHF03787 rev.1 - Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution 2017-10-27 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03787en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03787en_us Version: 1 HP [ more ] [ reply ] [VulnWatch] Advisory 02/2002: PHP remote vulnerability 2017-10-27 e-matters Security (security e-matters de) Bomgar Remote Support - Local Privilege Escalation (CVE-2017-5996) 2017-10-26 VSR Advisories (advisories vsecurity com) Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Virtual Security Research, LLC. Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â https://www.vsecurity.com/ Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Security Advisory =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-= Advisory [ more ] [ reply ] |
|
Privacy Statement |
=======
Brian Vincent, Michael Brumlow
Software
========
Datto Windows Agent
Vulnerability Details
=====================
Discovered: Aug 25, 2017
Type: Remote code execution as LocalSystem
Severity: Critical
Description
===========
CVE-2017-16673
Software: Datto Backup Agent for Windows,
[ more ] [ reply ]