|
|
Colapse all |
Post message
[SECURITY] [DSA 3988-1] libidn2-0 security update 2017-09-30 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 3986-1] ghostscript security update 2017-09-29 Salvatore Bonaccorso (carnil debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-3986-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2017 [ more ] [ reply ] Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084 (apparitionsec / hyp3rlinx) 2017-09-29 apparitionsec gmail com Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086 (apparitionsec / hyp3rlinx) 2017-09-29 apparitionsec gmail com [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFF ICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt [+] ISR: ApparitionSec Vendor: ================== [ more ] [ reply ] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 (apparitionsec / hyp3rlinx) 2017-09-29 apparitionsec gmail com [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFF ICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt [+] ISR: ApparitionSec Vendor: ================== www.trendmicro [ more ] [ reply ] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Change Prevention Image File Execution Bypass (apparitionsec / hyp3rlinx) 2017-09-29 apparitionsec gmail com Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Memory Corruption CVE-2017-14089 (apparitionsec / hyp3rlinx) 2017-09-29 apparitionsec gmail com Mac OS X Local Javascript Quarantine Bypass 2017-09-29 Filippo Cavallarin (filippo cavallarin wearesegment com) CVE-2017-14087 Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection (apparitionsec / hyp3rlinx) 2017-09-28 apparitionsec gmail com [security bulletin] HPESBGN03773 rev.2 - HPE Application Performance Management (BSM), Remote Code Execution 2017-09-28 swpmb cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/km/KM02960811 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM02960811 Version: 2 HPESBGN03773 rev.2 - HPE Application Performan [ more ] [ reply ] CVE-2017-14084 Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution (apparitionsec / hyp3rlinx) 2017-09-28 apparitionsec gmail com [CVE-2017-9538] Persistent Application Denial of Service 2017-09-29 andys3c gmail com ------------------------------------------------------------- Vulnerability type: Persistent Application Denial of Service ------------------------------------------------------------- Credit: Andy Tan CVE ID: CVE-2017-9538 ----------------------------------------------- Product: SolarWinds Network [ more ] [ reply ] [CVE-2017-9537] Persistent Cross-Site Scripting Vulnerabilities 2017-09-29 andys3c gmail com ------------------------------------------------------------- Vulnerability type: Persistent Cross-Site Scripting ------------------------------------------------------------- Credit: Andy Tan CVE ID: CVE-2017-9537 ----------------------------------------------- Product: SolarWinds Network Performan [ more ] [ reply ] Faleemi FSC-880 Multiple Security Vulnerabilities 2017-09-27 oleg iotsploit co https://medium.com/iotsploit/faleemi-fsc-880-multiple-security-vulnerabi lities-ed1d132c2cce This camera has multiple security vulnerabilities, which can be exploited both locally and remotely. In particular, hardwired manufacturer DDNS and port-mapping to camera via upnp compatible router. Allowing [ more ] [ reply ] Bitdefender Total Security 2017 Unquoted Service Path Vulnerability 2017-09-27 wsachin092 gmail com Vulnerability Title: Bitdefender Total Security 2017 Unquoted Service Path Vulnerability Affected Product: Bitdefender Total Security 2017 Homepage: https://www.bitdefender.com/ Status: Fixed Severity: Medium Description: Bitdefender Total Security suffers from an unquoted service path vulnerability [ more ] [ reply ] Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) 2017-09-26 Qualys Security Advisory (qsa qualys com) Qualys Security Advisory Linux PIE/stack corruption (CVE-2017-1000253) ======================================================================== Contents ======================================================================== Summary Analysis Exploitation Acknowledgments ===================== [ more ] [ reply ] [security bulletin] HPESBGN03773 rev.1 - HPE Application Performance Management (BSM), Remote Code Execution 2017-09-25 swpmb cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/km/KM02960811 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM02960811 Version: 1 HPESBGN03773 rev.1 - HPE Application Performan [ more ] [ reply ] Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities (apparitionsec / hyp3rlinx) 2017-09-25 apparitionsec gmail com [+] SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391 [+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MAKO-WEB-SERVER-MULTIPLE-UNAU THENTICATED-VULNERABILIITIES-SECURITEAM.txt [+] ISR: Appari [ more ] [ reply ] [slackware-security] libxml2 (SSA:2017-266-01) 2017-09-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libxml2 (SSA:2017-266-01) New libxml2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/pack [ more ] [ reply ] APPLE-SA-2017-09-19-1 iOS 11 2017-09-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-09-19-1 iOS 11 iOS 11 is now available and addresses the following: Exchange ActiveSync Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be [ more ] [ reply ] [slackware-security] httpd (SSA:2017-261-01) 2017-09-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2017-261-01) New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +------------------------ [ more ] [ reply ] [slackware-security] libgcrypt (SSA:2017-261-02) 2017-09-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libgcrypt (SSA:2017-261-02) New libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/lib [ more ] [ reply ] [slackware-security] ruby (SSA:2017-261-03) 2017-09-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ruby (SSA:2017-261-03) New ruby packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ruby-2.2.8-i58 [ more ] [ reply ] Watchguard Fireware OS DOS & Stored XSS 2017-09-18 David Fernandez (david fdmv gmail com) Watchguardâ??s Firebox and XTM are a series of enterprise grade network security appliances providing advanced security services like next generation firewall, intrusion prevention, malware detection and blockage and others. Two vulnerabilities were discovered affecting the XML-RPC interface of the [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3988-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 30, 2017
[ more ] [ reply ]