|
|
Colapse all |
Post message
SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection 2017-08-04 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability 2017-08-04 SEC Consult Vulnerability Lab (research sec-consult com) [security bulletin] HPESB3P03767 rev.1 - HPE Proliant ML10 Gen9 servers using Intel Xeon E3-1200M v5 and 6th Generation Intel Core Processors, Unauthorized Write to Filesystem 2017-08-04 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesb3p 03767en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesb3p03767en_us Version: 1 HP [ more ] [ reply ] [slackware-security] gnupg (SSA:2017-213-01) 2017-08-02 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnupg (SSA:2017-213-01) New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +------------------------ [ more ] [ reply ] CVE-2017-1500 - Relected XSS in IBM WorkLight OAuth Server Web Api 2017-08-02 gabriele gristina gmail com [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS) 2017-08-01 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03763en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03763en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBGN03766 rev.1 - HPE Project and Portfolio Management (PPM), Remote Cross-Site Scripting 2017-08-01 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn 03766en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03766en_us Version: 1 HP [ more ] [ reply ] [CVE-2017-11494] SOL.Connect ISET-mpp meter 1.2.4.2 Authentication Bypass SQL Injection Vulnerability 2017-08-01 andys3c gmail com Vulnerability type: SQL injection, leading to administrative access through authentication bypass. ----------------------------------- Product: SOL.Connect ISET-mpp meter ----------------------------------- Affected version: SOL.Connect ISET-mpp meter 1.2.4.2 and possibly earlier Vulnerable param [ more ] [ reply ] FortiOS <= 5.6.0 Multiple XSS Vulnerabilities 2017-07-28 msg patrykbogdan com # Title: FortiOS <= 5.6.0 Multiple XSS Vulnerabilities # Vendor: Fortinet (www.fortinet.com) # CVE: CVE-2017-3131, CVE-2017-3132, CVE-2017-3133 # Date: 28.07.2016 # Author: Patryk Bogdan (@patryk_bogdan) Affected FortiNet products: * CVE-2017-3131 : FortiOS versions 5.4.0 to 5.6.0 * CVE-2017-3132 : [ more ] [ reply ] [security bulletin] HPESBHF03765 rev.1 - HPE ConvergedSystem 700 Solution with Comware v7 Switches using OpenSSL, Remote Denial of Service (DoS) and Disclosure of Sensitive Information 2017-07-26 HPE Product Security Response Team (security-alert hpe com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03765en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03765en_us Version: 1 [ more ] [ reply ] [slackware-security] tcpdump (SSA:2017-205-01) 2017-07-24 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] tcpdump (SSA:2017-205-01) New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patc [ more ] [ reply ] SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products 2017-07-24 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products 2017-07-24 SEC Consult Vulnerability Lab (research sec-consult com) [RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance 2017-07-24 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to list directory contents and download arbitrary files [ more ] [ reply ] [RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance 2017-07-24 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance RedTeam Pentesting discovered a vulnerability which allows attackers unauthenticated access to the diagnostic functions of the administrative interface of the REDDOXX appliance. The functions allow, for example, to captur [ more ] [ reply ] [RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance 2017-07-24 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance RedTeam Pentesting discovered an information disclosure vulnerabilty in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Details ======= Product: REDDOXX Appliance Affected [ more ] [ reply ] [RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance 2017-07-24 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Remote Command Execution as root in REDDOXX Appliance RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Details ======= Product: REDDO [ more ] [ reply ] [RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance 2017-07-24 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Cross-Site Scripting in REDDOXX Appliance RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details ======= Product: REDDOXX Appliance Affected Versio [ more ] [ reply ] [RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance 2017-07-24 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Undocumented Administrative Service Account in REDDOXX Appliance RedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance and change its configuration. Details ======= [ more ] [ reply ] [RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance 2017-07-24 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Details ======= Produc [ more ] [ reply ] [slackware-security] seamonkey (SSA:2017-202-01) 2017-07-21 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2017-202-01) New seamonkey packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/seam [ more ] [ reply ] [security bulletin] HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2017-07-21 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03745en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03745en_us Version: 3 HP [ more ] [ reply ] [security bulletin] HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Local Denial of Service (DoS) 2017-07-20 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03766en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03766en_us Version: 1 HP [ more ] [ reply ] File Upload in Integration Gateway (PSIGW) 2017-07-20 ERPScan inc (erpscan online gmail com) 1. ADVISORY INFORMATION Title: File Upload in Integration Gateway (PSIGW) Advisory ID: [ERPSCAN-17-039] Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-integration-ga teway-psigw-peoplesoft/ Risk: High Date published: 18.07.2017 Vendor contacted: Oracle 2. VULNERABILITY INFO [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA256
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3925-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 04, 2017
[ more ] [ reply ]