BugTraq Mode:
(Page 31 of 1747)  < Prev  26 27 28 29 30 31 32 33 34 35 36  Next >
[slackware-security] Slackware 14.0 kernel (SSA:2017-184-01) 2017-07-03
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 14.0 kernel (SSA:2017-184-01)

New kernel packages are available for Slackware 14.0 to fix security issues.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/linux-3.

[ more ]  [ reply ]
[SECURITY] [DSA 3901-1] libgcrypt20 security update 2017-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3901-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2017

[ more ]  [ reply ]
[CVE-2017-9313] Webmin 1.840 Multiple XSS Vulnerabilities 2017-07-02
andys3c gmail com
Vulnerability type: Reflected Cross Site Scripting
------------------------
Product: Webmin
------------------------
Affected version: Webmin 1.840 and possibly
earlier
------------------------
Patched version: Webmin 1.850
------------------------
Credit: Andy Tan
------------------------
CVE ID:

[ more ]  [ reply ]
InsomniaX loader allows loading of arbitrary Kernel Extensions 2017-07-02
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

InsomniaX loader allows loading of arbitrary Kernel Extensions
------------------------------------------------------------------------

Yorick Koster, April 2017

----------------------------------------------------------------

[ more ]  [ reply ]
[slackware-security] glibc (SSA:2017-181-01) 2017-06-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] glibc (SSA:2017-181-01)

New glibc packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/glibc-2.23-i

[ more ]  [ reply ]
[slackware-security] kernel (SSA:2017-181-02) 2017-06-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kernel (SSA:2017-181-02)

New kernel packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.

[ more ]  [ reply ]
Microsoft Dynamic CRM 2016 - Cross-Site Scripting vulnerability 2017-06-30
gregory draperi (gregory draperi gmail com)
Hello Everyone,

Product: MS Dynamic CRM 2016
Vendor: Microsoft

Vulnerability type: Cross Site Scripting
Vulnerable version: MS Dynamic CRM 2016 SP1 and previous
Vulnerable component: SyncFilterPage.aspx
Report confidence: Confirmed
Solution status: Not fixed by Vendor, will not patch the vuln.
Fix

[ more ]  [ reply ]
SEC Consult SA-20170630-0 :: Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government 2017-06-30
SEC Consult Vulnerability Lab (research sec-consult com)
We have published an accompanying blog post to this technical advisory with
further information:
German version with less technical details as an overview:
http://blog.sec-consult.com/2017/06/e-government-in-deutschland-schwachs
tellen.html

English version containing more detailed attack scenario de

[ more ]  [ reply ]
ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability 2017-06-28
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability

EMC Identifier: ESA-2017-062

CVE Identifier: CVE-2017-4997

Severity Rating: CVSS v3 Base Score: 8.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)

Affected products:

[ more ]  [ reply ]
[SECURITY] [DSA 3900-1] openvpn security update 2017-06-27
Sebastien Delafond (seb untangle com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3900-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 27, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3886-2] linux regression update 2017-06-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3886-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 27, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3899-1] vlc security update 2017-06-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3899-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 27, 2017

[ more ]  [ reply ]
[slackware-security] kernel (SSA:2017-177-01) 2017-06-26
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kernel (SSA:2017-177-01)

New kernel packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.

[ more ]  [ reply ]
[CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c 2017-06-26
wpengfeinudt gmail com
Hi all,

I found this double-fetch vulnerability when I was doing my research on double fetch issue analysis, and I?d like to make an announcement here.

This was found in Linux kernel file Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c. The kernel (driver) use memcpy_fromio() to fetch twice

[ more ]  [ reply ]
DefenseCode Security Advisory: IBM DB2 Command Line Processor Buffer Overflow 2017-06-26
DefenseCode (defensecode defensecode com)

DefenseCode Security Advisory
IBM DB2 Command Line Processor Buffer Overflow

Advisory ID: DC-2017-04-002
Advisory Title: IBM DB2 Command Line Processor Buffer Overflow
Advisory URL:
http://www.defensecode.com/advisories/IBM_DB2_Command_Line_Processor_Buf
fer_Overflow.pdf
Software: I

[ more ]  [ reply ]
Microsoft Skype v7.2, v7.35 & v7.36 - Stack Buffer Overflow Vulnerability 2017-06-26
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Skype v7.2, v7.35 & v7.36 - Stack Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2071

MSRC ID: 38778
TRK ID: 0461000724

Vulnerability Magazine: https://www.vulnerability-db.co

[ more ]  [ reply ]
[CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c 2017-06-24
wpengfeinudt gmail com
Hi all,

I found this double-fetch vulnerability when I was doing my research on double fetch issue analysis, and I?d like to make an announcement here.

This was found in Linux kernel file Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c. The kernel (driver) use memcpy_fromio() to fetch twice

[ more ]  [ reply ]
[CVE-2017-8813] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c 2017-06-22
wpengfeinudt gmail com
Hi all,

I found this double-fetch vulnerability when I was doing my research on double fetch issue analysis, and I’?d like to make an announcement here.

This was found in Linux kernel file Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c. The kernel (driver) use memcpy_fromio() to fetch

[ more ]  [ reply ]
[SECURITY] [DSA 3893-1] jython security update 2017-06-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3893-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 22, 2017

[ more ]  [ reply ]
[slackware-security] openvpn (SSA:2017-172-01) 2017-06-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openvpn (SSA:2017-172-01)

New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+---------------------

[ more ]  [ reply ]
Sitecore 7.1-7.2 Cross Site Scripting Vulnerability 2017-06-21
hamedizadi gmail com
Sitecore 7.1-7.2 Cross Site Scripting Vulnerability

Information
--------------------
Author: Hamed Izadi
Email: ("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in Sitecore
Affected Software : Sitecore.NET
Affected Versions: v7.2-7.1 and possibly below
Vendor Homepage : http://www.sit

[ more ]  [ reply ]
[SECURITY] [DSA 3890-1] spip security update 2017-06-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3890-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 21, 2017

[ more ]  [ reply ]
ESA-2017-053: EMC Isilon OneFS Privilege Escalation Vulnerability 2017-06-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-053: EMC Isilon OneFS Privilege Escalation Vulnerability

EMC Identifier: ESA-2017-053

CVE Identifier: CVE-2017-4988

Severity Rating: CVSS v3 Base Score:

Base Score=> 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affected pro

[ more ]  [ reply ]
ESA-2017-054: EMC Avamar Multiple Vulnerabilities 2017-06-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-054: EMC Avamar Multiple Vulnerabilities

EMC Identifier: ESA-2017-054

CVE Identifiers:

CVE-2017-4989, CVE-2017-4990

Affected products:

? EMC Avamar Server Software 7.4.1-58, 7.4.0-242 (CVE-2017-4990)

? EMC Avamar Server Softwar

[ more ]  [ reply ]
CVE-2017-3167: Apache httpd 2.x ap_get_basic_auth_pw authentication bypass 2017-06-19
Jacob Champion (jchampion apache org)
CVE-2017-3167: ap_get_basic_auth_pw authentication bypass

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.2.0 to 2.2.32
httpd 2.4.0 to 2.4.25

Description:
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead t

[ more ]  [ reply ]
CVE-2017-7659: mod_http2 null pointer dereference 2017-06-19
Jim Jagielski (jim apache org)
CVE-2017-7659: mod_http2 null pointer dereference

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.24 (unreleased)
httpd 2.4.25

Description:
A maliciously constructed HTTP/2 request could cause mod_http2 to
dereference a NULL pointer and crash the server p

[ more ]  [ reply ]
[SECURITY] [DSA 3886-1] linux security update 2017-06-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3886-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 19, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3887-1] glibc security update 2017-06-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3887-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 19, 2017

[ more ]  [ reply ]
[security bulletin] HPESBGN03758 rev.2 - HPE UCMDB, Remote Code Execution 2017-06-19
HPE Product Security Response Team (security-alert hpe com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03758en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03758en_us

Version: 2

[ more ]  [ reply ]
Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting 2017-06-19
ghasseminia gmail com
# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version: 9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia
# CVE ID: CVE-2016-6201

# PROOF OF CONCEPT

Vulnerable URL:
/WorkAre

[ more ]  [ reply ]
(Page 31 of 1747)  < Prev  26 27 28 29 30 31 32 33 34 35 36  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus