|
|
Colapse all |
Post message
[slackware-security] php (SSA:2017-188-01) 2017-07-08 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2017-188-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php [ more ] [ reply ] CVE-2017-10974 Yaws Web Server v1.91 Unauthenticated Remote File Disclosure 2017-07-08 apparitionsec gmail com (hyp3rlinx) [ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr 2017-07-07 Shalin Shekhar Mangar (shalin apache org) CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr Severity: Important Vendor: The Apache Software Foundation Versions Affected: Solr 5.3 to 5.5.4 Solr 6.0 to 6.5.1 Description: Solr uses a PKI based mechanism to secure inter-node communication when security [ more ] [ reply ] [SYSS-2017-011] Office 365: Insufficient Session Expiration (CWE-613) 2017-07-07 Micha Borrmann (micha borrmann syss de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2017-011 Product: Office 365 (Sharepoint) Manufacturer: Microsoft Affected Version(s): ? Tested Version(s): Office 365 Enterprise E3 (version from February 2017) Vulnerability Type: Insufficient Session Expiration (CWE-613) Risk Leve [ more ] [ reply ] KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials 2017-07-06 KoreLogic Disclosures (disclosures korelogic com) KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials Title: Solarwinds LEM Hardcoded Credentials Advisory ID: KL-001-2017-015 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-015.txt 1. Vulnerability Details Affected Vendor: Solarwin [ more ] [ reply ] KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack 2017-07-06 KoreLogic Disclosures (disclosures korelogic com) KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack Title: Barracuda WAF Support Tunnel Hijack Advisory ID: KL-001-2017-014 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-014.txt 1. Vulnerability Details Affected Vendor: Barracuda [ more ] [ reply ] KL-001-2017-012 : Barracuda WAF Grub Password Complexity 2017-07-06 KoreLogic Disclosures (disclosures korelogic com) KL-001-2017-012 : Barracuda WAF Grub Password Complexity Title: Barracuda WAF Grub Password Complexity Advisory ID: KL-001-2017-012 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-012.txt 1. Vulnerability Details Affected Vendor: Barr [ more ] [ reply ] KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure 2017-07-06 KoreLogic Disclosures (disclosures korelogic com) KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure Title: Barracuda WAF Internal Development Credential Disclosure Advisory ID: KL-001-2017-011 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-011.txt 1. Vulnerability [ more ] [ reply ] [SECURITY] [DSA 3902-1] jabberd2 security update 2017-07-05 Salvatore Bonaccorso (carnil debian org) [security bulletin] HPSBMU02933 rev.3 - HPE SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS) 2017-07-05 HPE Product Security Response Team (security-alert hpe com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c039694 35 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03969435 Version: 3 HPSBMU02933 rev [ more ] [ reply ] [slackware-security] Slackware 14.0 kernel (SSA:2017-184-01) 2017-07-03 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.0 kernel (SSA:2017-184-01) New kernel packages are available for Slackware 14.0 to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/linux-3. [ more ] [ reply ] [SECURITY] [DSA 3901-1] libgcrypt20 security update 2017-07-02 Salvatore Bonaccorso (carnil debian org) [CVE-2017-9313] Webmin 1.840 Multiple XSS Vulnerabilities 2017-07-02 andys3c gmail com Vulnerability type: Reflected Cross Site Scripting ------------------------ Product: Webmin ------------------------ Affected version: Webmin 1.840 and possibly earlier ------------------------ Patched version: Webmin 1.850 ------------------------ Credit: Andy Tan ------------------------ CVE ID: [ more ] [ reply ] InsomniaX loader allows loading of arbitrary Kernel Extensions 2017-07-02 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ InsomniaX loader allows loading of arbitrary Kernel Extensions ------------------------------------------------------------------------ Yorick Koster, April 2017 ---------------------------------------------------------------- [ more ] [ reply ] [slackware-security] glibc (SSA:2017-181-01) 2017-06-30 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] glibc (SSA:2017-181-01) New glibc packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/glibc-2.23-i [ more ] [ reply ] [slackware-security] kernel (SSA:2017-181-02) 2017-06-30 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kernel (SSA:2017-181-02) New kernel packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4. [ more ] [ reply ] Microsoft Dynamic CRM 2016 - Cross-Site Scripting vulnerability 2017-06-30 gregory draperi (gregory draperi gmail com) Hello Everyone, Product: MS Dynamic CRM 2016 Vendor: Microsoft Vulnerability type: Cross Site Scripting Vulnerable version: MS Dynamic CRM 2016 SP1 and previous Vulnerable component: SyncFilterPage.aspx Report confidence: Confirmed Solution status: Not fixed by Vendor, will not patch the vuln. Fix [ more ] [ reply ] SEC Consult SA-20170630-0 :: Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government 2017-06-30 SEC Consult Vulnerability Lab (research sec-consult com) We have published an accompanying blog post to this technical advisory with further information: German version with less technical details as an overview: http://blog.sec-consult.com/2017/06/e-government-in-deutschland-schwachs tellen.html English version containing more detailed attack scenario de [ more ] [ reply ] ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability 2017-06-28 EMC Product Security Response Center (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability EMC Identifier: ESA-2017-062 CVE Identifier: CVE-2017-4997 Severity Rating: CVSS v3 Base Score: 8.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L) Affected products: [ more ] [ reply ] [slackware-security] kernel (SSA:2017-177-01) 2017-06-26 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kernel (SSA:2017-177-01) New kernel packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4. [ more ] [ reply ] [CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c 2017-06-26 wpengfeinudt gmail com Hi all, I found this double-fetch vulnerability when I was doing my research on double fetch issue analysis, and I?d like to make an announcement here. This was found in Linux kernel file Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c. The kernel (driver) use memcpy_fromio() to fetch twice [ more ] [ reply ] DefenseCode Security Advisory: IBM DB2 Command Line Processor Buffer Overflow 2017-06-26 DefenseCode (defensecode defensecode com) DefenseCode Security Advisory IBM DB2 Command Line Processor Buffer Overflow Advisory ID: DC-2017-04-002 Advisory Title: IBM DB2 Command Line Processor Buffer Overflow Advisory URL: http://www.defensecode.com/advisories/IBM_DB2_Command_Line_Processor_Buf fer_Overflow.pdf Software: I [ more ] [ reply ] Microsoft Skype v7.2, v7.35 & v7.36 - Stack Buffer Overflow Vulnerability 2017-06-26 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Microsoft Skype v7.2, v7.35 & v7.36 - Stack Buffer Overflow Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2071 MSRC ID: 38778 TRK ID: 0461000724 Vulnerability Magazine: https://www.vulnerability-db.co [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA256
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3905-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 09, 2017
[ more ] [ reply ]