SecurityFocus

[SECURITY] [DSA 3999-1] wpa security update 2017-10-16
Yves-Alexis Perez (corsac debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3999-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
October 16, 2017

[ more ] [ reply ]

SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++ 2017-10-16
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult Vulnerability Lab Security Advisory < 20171016-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus VisiBroker C++
vulnerable version: 8.5 SP2
fixed version: 8.5 SP4 HF3

[ more ] [ reply ]

[security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege 2017-10-13
swpmb cyber-psrt microfocus com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/km/KM02987868

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM02987868

Version: 1

MFSBGN03786 rev.1 - HPE Connected Backup, Loca

[ more ] [ reply ]

Advisory X41-2017-010: Command Execution in Shadowsocks-libev 2017-10-13
X41 D-Sec GmbH Advisories (advisories x41-dsec de)

X41 D-Sec GmbH Security Advisory: X41-2017-010

Command Execution in Shadowsocks-libev
======================================

Overview
--------
Severity Rating: High
Confirmed Affected Versions: 3.1.0
Confirmed Patched Versions: N/A
Vendor: Shadowsocks
Vendor URL: https://github.com/shadowsocks/sh

[ more ] [ reply ]

Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks 2017-10-13
X41 D-Sec GmbH Advisories (advisories x41-dsec de)

X41 D-Sec GmbH Security Advisory: X41-2017-008

Multiple Vulnerabilities in Shadowsocks
=======================================

Overview
--------
Confirmed Affected Versions: Latest commit 2ab8c6b on Sep 6
Confirmed Patched Versions: N/A
Vendor: Shadowsocks
Vendor URL: https://github.com/shadowsoc

[ more ] [ reply ]

[RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure 2017-10-13
Julien Ahrens (info rcesecurity com)

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AlienVault USM
Vendor URL: https://www.alienvault.com
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2017-09-22
Date published: 2017-10-13
CVSSv3 Score: 6.5

[ more ] [ reply ]

Multiple vulnerabilities in OpenText Documentum Content Server 2017-10-13
Andrey B. Panfilov (andrew panfilov tel)

CVE Identifier: CVE-2017-15012
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
Description:

Opentext Documentum Content Server (formerly known as EMC

[ more ] [ reply ]

[SECURITY] [DSA 3995-1] libxfont security update 2017-10-10
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3995-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
October 10, 2017

[ more ] [ reply ]

[SECURITY] [DSA 3994-1] nautilus security update 2017-10-08
Yves-Alexis Perez (corsac debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3994-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
October 07, 2017

[ more ] [ reply ]

[SECURITY] [DSA 3993-1] tor security update 2017-10-06
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3993-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
October 06, 2017

[ more ] [ reply ]

[slackware-security] xorg-server (SSA:2017-279-03) 2017-10-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] xorg-server (SSA:2017-279-03)

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patc

[ more ] [ reply ]

DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1 2017-10-05
DefenseCode (defensecode defensecode com)

Â Â Â Â Â Â Â Â Â Â Â DefenseCode Security Advisory
Â Â Magento Commerce CSRF, Stored Cross Site Scripting

Advisory ID: DC-2017-09-001
Advisory Title: Magento CSRF, Stored Cross Site Scripting
Advisory URL:
http://www.defensecode.com/advisories/DC-2017-09-001_Magento_CSRF_Stored
_Cross_Site_Scri

[ more ] [ reply ]

[security bulletin] HPESBHF03776 rev.1 - HPE Intelligent Management Center (iMC) Service Operation Management (SOM), Remote Arbitrary File Download 2017-10-03
security-alert hpe com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03776en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03776en_us

Version: 1

HP

[ more ] [ reply ]

HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities 2017-10-02
HPE Product Security Response Team (security-alert hpe com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu
03753en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbmu03753en_us

Version: 1

[ more ] [ reply ]

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFF
ICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

[ more ] [ reply ]

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERV
ER-SIDE-REQUEST-FORGERY.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Product:
===========

[ more ] [ reply ]

[SECURITY] [DSA 3988-1] libidn2-0 security update 2017-09-30
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3988-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 30, 2017

[ more ] [ reply ]

Mac OS X Local Javascript Quarantine Bypass 2017-09-30
filippo cavallarin wearesegment com

Advisory ID: SGMA17-002
Title: Mac OS X Local Javascript Quarantine Bypass
Product: Mac OS X
Version: 10.12, 10.11, 10.10 and probably prior
Vendor: apple.com
Type: DOM Based XSS
Risk level: 3 / 5
Credit

[ more ] [ reply ]

[SECURITY] [DSA 3987-1] firefox-esr security update 2017-09-29
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3987-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 29, 2017

[ more ] [ reply ]

[SECURITY] [DSA 3986-1] ghostscript security update 2017-09-29
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3986-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 29, 2017

[ more ] [ reply ]

Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084 (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFF
ICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Pr

[ more ] [ reply ]

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086 (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFF
ICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt
[+] ISR: ApparitionSec

Vendor:
==================

[ more ] [ reply ]

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFF
ICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro

[ more ] [ reply ]

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Change Prevention Image File Execution Bypass (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-IMAG
E-FILE-EXECUTION-BYPASS.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Product:
========
Off

[ more ] [ reply ]

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Memory Corruption CVE-2017-14089 (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14089-TRENDMICRO-OFF
ICESCAN-XG-PRE-AUTH-REMOTE-MEMORY-CORRUPTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

P

[ more ] [ reply ]

Mac OS X Local Javascript Quarantine Bypass 2017-09-29
Filippo Cavallarin (filippo cavallarin wearesegment com)

CVE-2017-14087 Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection (apparitionsec / hyp3rlinx) 2017-09-28
apparitionsec gmail com

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFF
ICESCAN-XG-HOST-HEADER-INJECTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Product:
===

[ more ] [ reply ]

[security bulletin] HPESBGN03773 rev.2 - HPE Application Performance Management (BSM), Remote Code Execution 2017-09-28
swpmb cyber-psrt microfocus com

CVE-2017-14084 Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution (apparitionsec / hyp3rlinx) 2017-09-28
apparitionsec gmail com

[CVE-2017-9538] Persistent Application Denial of Service 2017-09-29
andys3c gmail com

-------------------------------------------------------------
Vulnerability type: Persistent Application Denial of Service
-------------------------------------------------------------
Credit: Andy Tan
CVE ID: CVE-2017-9538
-----------------------------------------------
Product: SolarWinds Network

[ more ] [ reply ]