Bugtraq
[Prev Page][Next Page]
- [SECURITY] [DSA 4389-1] libu2f-host security update
- [SECURITY] [DSA 4388-1] mosquitto security update
- KSA-DEV-001: CVE-2018-19524 : StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals.
- [SECURITY] [DSA 4387-1] openssh security update
- WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001
- [slackware-security] php (SSA:2019-038-01)
- From: Slackware Security Team
- APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS
- From: Apple Product Security
- APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update
- From: Apple Product Security
- APPLE-SA-2019-2-07-1 iOS 12.1.4
- From: Apple Product Security
- [slackware-security] curl (SSA:2019-037-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4386-1] curl security update
- FreeBSD Security Advisory FreeBSD-SA-19:02.fd
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-19:01.syscall
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 4385-1] dovecot security update
- From: Salvatore Bonaccorso
- SEC Consult SA-20190205-0 :: Multiple vulnerabilities in OSCI-Transport Library 1.2 for German e-Government
- From: SEC Consult Vulnerability Lab
- [Multiple CVE] - Cisco Identity Services Engine unauth stored XSS to RCE as root
- [SECURITY] [DSA 4384-1] libgd2 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4383-1] libvncserver security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4382-1] rssh security update
- [slackware-security] mariadb (SSA:2019-032-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4381-1] libreoffice security update
- [SECURITY] [DSA 4380-1] golang-1.8 security update
- [SECURITY] [DSA 4379-1] golang-1.7 security update
- [SYSS-2018-032] COYO - Cross-Site Scripting
- [SYSS-2018-037] Pages for Bitbucket Server - Cross-Site Scripting
- [slackware-security] Slackware 14.2 kernel (SSA:2019-030-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4378-1] php-pear security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4377-1] rssh security update
- [SECURITY] [DSA 4376-1] firefox-esr security update
- [slackware-security] mozilla-firefox (SSA:2019-029-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4375-1] spice security update
- From: Salvatore Bonaccorso
- Fwd: CA20190124-01: Security Notice for CA Automic Workload Automation
- [SECURITY] [DSA 4374-1] qtbase-opensource-src security update
- [SECURITY] [DSA 4373-1] coturn security update
- Microsoft Windows ".contact" File HTML Injection Mailto: Link Remote Code Execution 0day ZDI-CAN-75
- [SECURITY] [DSA 4372-1] ghostscript security update
- From: Salvatore Bonaccorso
- CVE-2019-6690: Improper Input Validation in python-gnupg
- SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI)
- From: SEC Consult Vulnerability Lab
- APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows
- From: Apple Product Security
- [RT-SA-2018-004] Cisco RV320 Command Injection
- From: RedTeam Pentesting GmbH
- [RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval
- From: RedTeam Pentesting GmbH
- [RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export
- From: RedTeam Pentesting GmbH
- [slackware-security] httpd (SSA:2019-022-01)
- From: Slackware Security Team
- APPLE-SA-2019-1-22-3 watchOS 5.1.3
- From: Apple Product Security
- CVE-2018-13042 - 1Password Android < 7.0 - Denial Of Service
- APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra
- From: Apple Product Security
- APPLE-SA-2019-1-22-4 tvOS 12.1.2
- From: Apple Product Security
- APPLE-SA-2019-1-22-5 Safari 12.0.3
- From: Apple Product Security
- APPLE-SA-2019-1-22-6 iCloud for Windows 7.10
- From: Apple Product Security
- APPLE-SA-2019-1-22-1 iOS 12.1.3
- From: Apple Product Security
- [SECURITY] [DSA 4371-1] apt security update
- [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets
- From: Security Explorations
- [Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE
- CA20190117-01: Security Notice for CA Service Desk Manager
- Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability
- [SECURITY] [DSA 4370-1] drupal7 security update
- [SYSS-2018-043] Authentication Bypass in Kentix MultiSensor LAN - CVE-2018-19783
- [SYSS-2018-041] Mozilla Firefox - Information Exposure
- From: vladimir . bostanov
- [SECURITY] [DSA 4367-2] systemd regression update
- From: Salvatore Bonaccorso
- CVE-2018-13798 Siemens - SICAM A8000 Series Webinterface XXE DoS
- Microsoft Windows VCF File Insufficient UI Warning Remote Code Execution 0day ZDI-CAN-6920
- Microsoft Windows VCF File Insufficient UI Warning Remote Code Execution 0day ZDI-CAN-6920
- [SECURITY] [DSA 4369-1] xen security update
- [SECURITY] [DSA 4368-1] zeromq3 security update
- [slackware-security] zsh (SSA:2019-013-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4367-1] systemd security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4366-1] vlc security update
- [slackware-security] irssi (SSA:2019-011-01)
- From: Slackware Security Team
- [SYSS-2018-042] XSS in HMS Netbiter WS100 - CVE-2018-19694
- [SYSS-2018-011] Portier - Cryptographic Issues
- [SYSS-2018-011] Portier - SQL Injection
- [SECURITY] [DSA 4365-1] tmpreaper security update
- X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser
- From: X41 D-Sec GmbH Advisories
- SEC Consult SA-20190109-0 :: Multiple Vulnerabilities in Cisco VoIP Phones (88xx series)
- From: SEC Consult Vulnerability Lab
- System Down: A systemd-journald exploit
- From: Qualys Security Advisory
- [SECURITY] [DSA 4364-1] ruby-loofah security update
- [SECURITY] [DSA 4363-1] python-django security update
- [SECURITY] [DSA 4362-1] thunderbird security update
- [KIS-2018-07] SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability
- [KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability
- [KIS-2018-03] SugarCRM (portal_get_related_notes) SQL Injection Vulnerability
- [KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability
- [KIS-2018-05] SugarCRM (SaveDropDown) PHP Code Injection Vulnerability
- [KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability
- [KIS-2018-02] SugarCRM (WorkFlow module) PHP Code Injection Vulnerability
- [KIS-2018-01] Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability
- Asserts considered harmful (or GMP spills its sensitive information)
- [security bulletin] MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities
- [SECURITY] [DSA 4361-1] libextractor security update
- [SECURITY] [DSA 4360-1] libarchive security update
- [SECURITY] [DSA 4359-1] wireshark security update
- [SECURITY] [DSA 4358-1] ruby-sanitize security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4346-2] ghostscript regression update
- From: Salvatore Bonaccorso
- [slackware-security] netatalk (SSA:2018-355-01)
- From: Slackware Security Team
- Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section
- Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section
- [SECURITY] [DSA 4357-1] libapache-mod-jk security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4356-1] netatalk security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4355-1] openssl1.0 security update
- FreeBSD Security Advisory FreeBSD-SA-18:15.bootpd
- From: FreeBSD Security Advisories
- [security bulletin] MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access
- Secunia Research: libexif EXIF_IFD_INTEROPERABILITY / EXIF_IFD_EXIF Denial of Service Vulnerability
- Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities
- Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API
- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009
- [SECURITY] [DSA 4354-1] firefox-esr security update
- [security bulletin] MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access
- [security bulletin] MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities
- [slackware-security] mozilla-firefox (SSA:2018-345-01)
- From: Slackware Security Team
- Zoho ManageEngine OpManager 12.3 before Build 123237 has XSS via the domainController API.
- [SECURITY] [DSA 4353-1] php7.0 security update
- [slackware-security] php (SSA:2018-341-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4352-1] chromium-browser security update
- [SECURITY] [DSA 4351-1] libphp-phpmailer security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4350-1] policykit-1 security update
- APPLE-SA-2018-12-06-1 watchOS 5.1.2
- From: Apple Product Security
- [slackware-security] gnutls (SSA:2018-339-01)
- From: Slackware Security Team
- [slackware-security] nettle (SSA:2018-339-02)
- From: Slackware Security Team
- APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows
- From: Apple Product Security
- APPLE-SA-2018-12-05-7 Shortcuts 2.1.2
- From: Apple Product Security
- APPLE-SA-2018-12-05-6 iCloud for Windows 7.9
- From: Apple Product Security
- SEC Consult SA-20181205-0 :: Inadequate cryptography implementation in Kerio Control VPN protocol
- From: SEC Consult Vulnerability Lab
- APPLE-SA-2018-12-05-3 tvOS 12.1.1
- From: Apple Product Security
- APPLE-SA-2018-12-05-4 Safari 12.0.2
- From: Apple Product Security
- APPLE-SA-2018-12-05-1 iOS 12.1.1
- From: Apple Product Security
- APPLE-SA-2018-12-05-2 macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra
- From: Apple Product Security
- Hasan MWB v1.0 - Multiple Time-Based SQL Injections
- FreeBSD Security Advisory FreeBSD-SA-18:14.bhyve
- From: FreeBSD Security Advisories
- [slackware-security] mozilla-nss (SSA:2018-337-01)
- From: Slackware Security Team
- CSRF Vulnerability in MicroStrategy Web application
- [SECURITY] [DSA 4349-1] tiff security update
- [SECURITY] [DSA 4348-1] openssl security update
- SEC Consult SA-20181130-0 :: Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 4347-1] perl security update
- From: Salvatore Bonaccorso
- [slackware-security] samba (SSA:2018-333-01)
- From: Slackware Security Team
- FreeBSD Security Advisory FreeBSD-SA-18:13.nfs
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 4346-1] ghostscript security update
- From: Salvatore Bonaccorso
- [CORE-2018-0011] - Cisco WebEx Meetings Elevation of Privilege Vulnerability
- Avahi 0.7 missing link-local checks in Legacy Unicast Responses cause information disclosure and makes DDoS with mDNS traffic reflection possible
- From: Krzysztof Burghardt
- [SECURITY] [DSA 4345-1] samba security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4344-1] roundcube security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4343-1] liblivemedia security update
- Cory Support v1.0 - Time-Based SQL Injection in Signin
- [slackware-security] openssl (SSA:2018-325-01)
- From: Slackware Security Team
- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008
- [SECURITY] [DSA 4339-2] ceph regression update
- From: Salvatore Bonaccorso
- SEC Consult SA-20181121-0 :: Signature Bypass / Authentication Bypass in Governikus Autent SDK
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20181116-0 :: Multiple critical vulnerabilities in Miss Marple Enterprise Edition
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20181114-0 :: Denial of Service in Microsoft Skype for Business
- From: SEC Consult Vulnerability Lab
- Escalation of privilege with Intel Rapid Storage User Interface
- ACM CCS 2019 - Call for Papers
- [SECURITY] [DSA 4340-1] chromium-browser security update
- [SECURITY] [DSA 4341-1] mariadb-10.1 security update
- From: Salvatore Bonaccorso
- Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
- D-LINK Central WifiManager CWM-100 Server Side Request Forgery CVE-2018-15517
- D-LINK Central WifiManager CWM-100 Trojan File SYSTEM Privilege Escalation CVE-2018-15515
- D-LINK Central WifiManager CWM-100 FTP Server PORT Bounce Scan CVE-2018-15516
- [CVE-2018-3635] Executable installers are vulnerable^WEVIL (case 59): arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver
- Remote Code Execution Vulnerability in ELBA5 Electronic Banking
- AST-2018-010: Remote crash vulnerability DNS SRV and NAPTR lookups
- From: Asterisk Security Team
- AST-2018-010:
- From: Asterisk Security Team
- Custom Frontend Login Registration Form (WP Plugin) - Multiple XSS Vulnerabilities
- [SECURITY] [DSA 4339-1] ceph security update
- [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information
- [security bulletin] MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of information
- [security bulletin] MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of data
- [slackware-security] libtiff (SSA:2018-316-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4338-1] qemu security update
- [SECURITY] [DSA 4337-1] thunderbird security update
- [SECURITY] [DSA 4336-1] ghostscript security update
- From: Salvatore Bonaccorso
- PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members
- PeepSo v1.11.2 - Time-Based SQL Injection
- NEW VMSA-2018-0027 VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage
- From: VMware Security Response Center
- WP User Manager v2.0.8 - Time-Based SQL Injection
- [SECURITY] [DSA 4335-1] nginx security update
- [security bulletin] MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution
- [slackware-security] mariadb (SSA:2018-309-01)
- From: Slackware Security Team
- KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities
- From: KoreLogic Disclosures
- Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
- [SECURITY] [DSA 4333-1] icecast2 security update
- [SECURITY] [DSA 4334-1] mupdf security update
- [SECURITY] [DSA 4332-1] ruby2.3 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4331-1] curl security update
- [SECURITY] [DSA 4330-1] chromium-browser security update
- Disclose Vulnerability
- October 2018 Sourcetree Advisory
- [slackware-security] curl (SSA:2018-304-01)
- From: Slackware Security Team
- OpenText Brava! Enterprise and Brava! Server Components Sensitive Data Exposure
- Zoho ManageEngine OpManager 12.3 allows Self XSS Vulnerability
- Zoho ManageEngine OpManager 12.3 allows Stored XSS
- APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
- From: Apple Product Security
- APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12
- From: Apple Product Security
- APPLE-SA-2018-10-30-13 Additional information for APPLE-SA-2018-9-24-2 iTunes 12.9 for Windows
- From: Apple Product Security
- APPLE-SA-2018-10-30-7 iCloud for Windows 7.8
- From: Apple Product Security
- APPLE-SA-2018-10-30-12 Additional information APPLE-SA-2018-10-08-2 iCloud for Windows 7.7
- From: Apple Product Security
- APPLE-SA-2018-10-30-11 Additional information for APPLE-SA-2018-9-24-6 tvOS 12
- From: Apple Product Security
- APPLE-SA-2018-10-30-6 iTunes 12.9.1
- From: Apple Product Security
- APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14
- From: Apple Product Security
- APPLE-SA-2018-10-30-10 Additional information for APPLE-SA-2018-9-24-5 watchOS 5
- From: Apple Product Security
- APPLE-SA-2018-10-30-5 tvOS 12.1
- From: Apple Product Security
- APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra
- From: Apple Product Security
- APPLE-SA-2018-10-30-4 watchOS 5.1
- From: Apple Product Security
- APPLE-SA-2018-10-30-3 Safari 12.0.1
- From: Apple Product Security
- APPLE-SA-2018-10-30-1 iOS 12.1
- From: Apple Product Security
- [SECURITY] [DSA 4329-1] teeworlds security update
- [SECURITY] [DSA 4321-2] graphicsmagick update
- [CORE-2018-0005] - ASRock Drivers Elevation of Privilege Vulnerabilities
- From: SecureAuth Advisories Team
- [SECURITY] [DSA 4328-1] xorg-server security update
- [SECURITY] [DSA 4327-1] thunderbird security update
- [SECURITY] [DSA 4326-1] openjdk-8
- [SECURITY] [DSA 4325-1] mosquitto security update
- [SECURITY] [DSA 4324-1] firefox-esr security update
- [SYSS-2018-028] information leakage with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18566
- [SYSS-2018-027] missing X.509 validation with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18568
- [security bulletin] MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability
- [SYSS-2018-026] missing X.509 validation with AudioCodes IP Phones (Skype for Business, on-premise) - CVE-2018-18567
- [slackware-security] mozilla-firefox (SSA:2018-296-01)
- From: Slackware Security Team
- Question Answer v1.2.30 (WordPress Plugin) - Multiple XSS Vulnerabilities
- CA20181017-01: Security Notice for CA Identity Governance
- SATE VI - Call for Participation
- From: Delaitre, Aurelien (IntlAssoc)
- Zoho ManageEngine OpManager 12.3 allows Unrestricted Arbitrary File Upload
- Pie Register v3.0.17 (WordPress Plugin) - XSS Vulnerability in Forgot-Password
- SEC Consult SA-20181009-0 :: Remote Code Execution via XMeye P2P Cloud in Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices (CVE-2018-17915, CVE-2018-17917, CVE-2018-17919)
- From: SEC Consult Vulnerability Lab
- Responsive Filemanager 9.8.1 Reflected Cross Site Scripting (XSS)
- Responsive Filemanager 9.8.1 Authentication Bypass
- CVE Request: Sitepress Multilingual CMS Plugin Unauthenticated Stored XSS
- [SECURITY] [DSA 4313-1] linux security update
- From: Salvatore Bonaccorso
- APPLE-SA-2018-10-08-2 iCloud for Windows 7.7
- From: Apple Product Security
- APPLE-SA-2018-10-08-1 iOS 12.0.1
- From: Apple Product Security
- [SECURITY] [DSA 4312-1] tinc security update
- From: Salvatore Bonaccorso
- [UPDATE][CVE-2018-11797] DoS vulnerability in Apache PDFBox parser
- From: Andreas Lehmkuehler
- [SECURITY] [DSA 4311-1] git security update
- From: Salvatore Bonaccorso
- [CVE-2018-11797] DoS vulnerability in Apache PDFBox parser
- From: Andreas Lehmkuehler
- Pie Register v3.0.15 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Login
- [SECURITY] [DSA 4310-1] firefox-esr security update
- From: Salvatore Bonaccorso
- [slackware-security] mozilla-firefox (SSA:2018-276-01)
- From: Slackware Security Team
- [SYSS-2018-024] Privilege Escalation in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17872)
- [SYSS-2018-023] Password leakage in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17871)
- [SECURITY] [DSA 4309-1] strongswan security update
- Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument
- Ivanti Workspace Control Data Security bypass via localhost UNC path
- SEC Consult SA-20181001-0 :: Password disclosure vulnerability & XSS in PTC ThingWorx (CVE-2018-17216, CVE-2018-17217, CVE-2018-17218)
- From: SEC Consult Vulnerability Lab
- Ivanti Workspace Control local privilege escalation via Named Pipe
- Ivanti Workspace Control Application Whitelist bypass via PowerGrid /RWS command line argument
- Stored credentials Ivanti Workspace Control can be retrieved from Registry
- [SECURITY] [DSA 4308-1] linux security update
- From: Salvatore Bonaccorso
- e2 Security GmbH Advisory 2018-01: MensaMax Android app / Unencrypted transmission and usage of hardcoded encryption key
- [SECURITY] [DSA 4307-1] python3.5 security update
- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007
- [SYSS-2018-014] Bestwebsoft PDF & Print - Cross-Site Scripting
- [SECURITY] [DSA 4306-1] python2.7 security update
- [waraxe-2018-SA#108] - Username Disclosure in Breadcrumb NavXT Wordpress plugin
- SEC Consult SA-20180926-0 ::
- From: SEC Consult Vulnerability Lab
- Re: SEC Consult SA-20180926-0 :: Stored Cross-Site Scripting in Progress Kendo UI Editor
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20180924-0 :: Multiple Vulnerabilities in Citrix StorageZones Controller
- From: SEC Consult Vulnerability Lab
- Integer overflow in Linux's create_elf_tables() (CVE-2018-14634)
- From: Qualys Security Advisory
- tekno.Portal v0.1b - Cross-Site Scripting Vulnerability in "link.php"
- APPLE-SA-2018-9-24-4 Additional information for APPLE-SA-2018-9-17-1 iOS 12
- From: Apple Product Security
- APPLE-SA-2018-9-24-5 Additional information for APPLE-SA-2018-9-17-2 watchOS 5
- From: Apple Product Security
- APPLE-SA-2018-9-24-6 Additional information for APPLE-SA-2018-9-17-3 tvOS 12
- From: Apple Product Security
- APPLE-SA-2018-9-24-2 iTunes 12.9 for Windows
- From: Apple Product Security
- APPLE-SA-2018-9-24-3 Additional information for APPLE-SA-2018-9-17-4 Safari 12
- From: Apple Product Security
- APPLE-SA-2018-9-24-1 macOS Mojave 10.14
- From: Apple Product Security
- [SECURITY] [DSA 4305-1] strongswan security update
- [SECURITY] [DSA 4304-1] firefox-esr security update
- [SECURITY] [DSA 4303-1] okular security update
- [SECURITY] [DSA 4302-1] openafs security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4301-1] mediawiki security update
- [slackware-security] mozilla-firefox (SSA:2018-265-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4300-1] libarchive-zip-perl security update
- From: Salvatore Bonaccorso
- [slackware-security] Slackware 14.2 kernel (SSA:2018-264-01)
- From: Slackware Security Team
- [SYSS-2018-016] Postman - Improper Certificate Validation
- [SECURITY] [DSA 4299-1] texlive-bin security update
- [waraxe-2018-SA#107] - Reflected XSS in FV Flowplayer Wordpress plugin
- AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade
- From: Asterisk Security Team
- [SECURITY] [DSA 4298-1] hylafax security update
- OPManager SQL Injection Vulnerability
- X41 D-Sec GmbH Security Advisory X41-2018-007: Multiple Vulnerabilities in mgetty
- From: X41 D-Sec GmbH Advisories
- X41 D-Sec GmbH Security Advisory X41-2018-008: Multiple Vulnerabilities in HylaFAX
- From: X41 D-Sec GmbH Advisories
- [HITB-Announce] #HITBSecConf2018PEK Call for CTF
- [SECURITY] [DSA 4297-1] chromium-browser security update
- Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges
- SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform
- From: SEC Consult Vulnerability Lab
- APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS
- From: Apple Product Security
- APPLE-SA-2018-9-17-3 tvOS 12
- From: Apple Product Security
- race condition in .net core System.IO.Directory.Delete allowing deletion of entire drives
- APPLE-SA-2018-9-17-4 Safari 12
- From: Apple Product Security
- APPLE-SA-2018-9-17-1 iOS 12
- From: Apple Product Security
- APPLE-SA-2018-9-17-2 watchOS 5
- From: Apple Product Security
- Disclose SSRF Vulnerability
- [SECURITY] [DSA 4295-1] thunderbird security update
- [SECURITY] [DSA 4296-1] mbedtls security update
- [SECURITY] [DSA 4294-1] ghostscript security update
- [SECURITY] [DSA 4273-2] intel-microcode security update
- [slackware-security] php (SSA:2018-257-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4293-1] discount security update
- [slackware-security] ghostscript (SSA:2018-256-01)
- From: Slackware Security Team
- CVE-2018-16242 - oBike Electronic Lock Bypass
- From: Antoine Neuenschwander
- CVE-2017-16639 - Tor Browser Deanonymization With SMB
- Seagate Personal Cloud multiple information disclosure vulnerabilities
- [SYSS-2018-015] HiScout GRC Suite < 3.1.5 - Unrestricted Upload of File with Dangerous Type
- From: sebastian . auwaerter
- Disclose SSRF Vulnerability
- FreeBSD Security Advisory FreeBSD-SA-18:12.elf
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 4292-1] kamailio security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4291-1] mgetty security update
- [SECURITY] [DSA 4290-1] libextractor security update
- From: Salvatore Bonaccorso
- CVE-2017-16541 details: Deanonymize Tor Browser Users with Automount
- [SECURITY] [DSA 4289-1] chromium-browser security update
- [SECURITY] [DSA 4288-1] ghostscript security update
- [SECURITY] [DSA 4287-1] firefox-esr security update
- [CVE-2018-15876] Ajax BootModal Login Captcha Reuse
- SEC Consult SA-20180906-0 :: CSV Formula Injection in DokuWiki
- From: SEC Consult Vulnerability Lab
- CVE-2017-17762 - XXE Vulnerability in Episerver
- Vulnerabilities in KONEs Group Controller (KGC)
- [slackware-security] Slackware 14.2 mozilla-thunderbird (SSA:2018-249-04)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2018-249-03)
- From: Slackware Security Team
- [slackware-security] curl (SSA:2018-249-01)
- From: Slackware Security Team
- [slackware-security] ghostscript (SSA:2018-249-02)
- From: Slackware Security Team
- [SECURITY] [DSA 4286-1] curl security update
- [SECURITY] [DSA 4285-1] sympa security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4284-1] lcms2 security update
- Amcrest Cameras SSL Key Reuse Across installations
- Defense in depth -- the Microsoft way (part 57): installation of security updates fails on Windows Embedded POSReady 2009
- [SECURITY] [DSA 4283-1] ruby-json-jwt security update
- [SECURITY] [DSA 4282-1] trafficserver security update
- CA20180829-03: Security Notice for CA Release Automation
- CA20180829-02: Security Notice for CA Unified Infrastructure Management
- CA20180829-01: Security Notice for CA PPM
- [security bulletin] MFSBGN03812 rev.1 - Application Performance Management, remote cross-site tracing
- Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489]
- CSNC-2018-015 - ownCloud Impersonate - Authorization Bypass
- [security bulletin] MFSBGN03821 rev.1 - Micro Focus Hybrid Cloud Management (HCM) containerized suite, Remote Code Execution
- [security bulletin] MFSBGN03820 rev.1 - Micro Focus Hybrid Cloud Management (HCM) containerized suites, remote code execution
- [security bulletin] MFSBGN03815 rev.1 - Data Center Automation Containerized (DCA) suite, remote code execution
- [security bulletin] MFSBGN03818 rev.1 - Micro Focus Operations Bridge containerized suite, Remote Code Execution
- [security bulletin] MFSBGN03814 rev.1 - Service Management Automation (SMA) containerized, Remote Code Execution
- [security bulletin] MFSBGN03817 rev.1 - Operations Bridge containerized suite, Remote Code Execution
- [security bulletin] MFSBGN03813 rev.1 - Network Operations Management (NOM) Suite CDF, Remote Code Execution
- [SECURITY] [DSA 4281-1] tomcat8 security update
- Signal IOS Remote Memory Exhaustion and Restart
- [slackware-security] Slackware 14.2 kernel (SSA:2018-240-01)
- From: Slackware Security Team
- [HITB-Announce] Reminder: HITBSecConf2018 Dubai CFP
- [CVE-2018-15877] Plainview Activity Monitor RCE
- [CVE-2018-15877] Plainview Activity Monitor RCE
- [SYSS-2018-010] Dojo Toolkit - dojox.grid.DataGrid editing XSS
- Couchbase Server - Remote Code Execution
- Couchbase Server - Remote Code Execution
- Couchbase Server - Remote Code Execution
- Seagate Media Server multiple SQL injection vulnerabilities
- [SECURITY] [DSA 4279-2] linux regression update
- From: Salvatore Bonaccorso
- [ANN] CVE-2018-11776 Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16
- [SECURITY] [DSA 4280-1] openssh security update
- Mutiny Monitoring Appliance < 6.1.0-5263 - Command Injection (CVE-2018-15529)
- [slackware-security] libX11 (SSA:2018-233-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4279-1] linux security update
- From: Salvatore Bonaccorso
- [CVE-2018-15528] Reflected XSS in Java System Solutions SSO Plugin 4.0.13.1 for BMC MyIT
- [SECURITY] [DSA 4278-1] jetty9 security update
- [slackware-security] ntp (SSA:2018-229-01)
- From: Slackware Security Team
- [slackware-security] samba (SSA:2018-229-02)
- From: Slackware Security Team
- [SECURITY] [DSA 4277-1] mutt security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4276-1] php-horde-image security update
- [SECURITY] [DSA 4275-1] keystone security update
- [SECURITY] [DSA 4274-1] xen security update
- [SECURITY] [DSA 4273-1] intel-microcode security update
- SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore
- From: SEC Consult Vulnerability Lab
- CSNC-2018-016 - ownCloud iOS Application - Cross-Site Scripting
- CSNC-2018-023 - Atmosphere Framework - Reflected Cross-Site Scripting (XSS)
- FreeBSD Security Advisory FreeBSD-SA-18:11.hostapd
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-18:10.ip
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-18:09.l1tf
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-18:08.tcp
- From: FreeBSD Security Advisories
- [slackware-security] openssl (SSA:2018-226-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4272-1] linux security update
- From: Salvatore Bonaccorso
- Defense in depth -- the Microsoft way (part 57): all the latest MSVCRT installers allow escalation of privilege
- X41 D-Sec GmbH Security Advisory X41-2018-005: Multiple Vulnerabilities in Apple smartcardservices
- From: X41 D-Sec GmbH Advisories
- X41 D-Sec GmbH Security Advisory X41-2018-004: Multiple Vulnerabilities in Yubico libykneomgr
- From: X41 D-Sec GmbH Advisories
- X41 D-Sec GmbH Security Advisory X41-2018-003: Multiple Vulnerabilities in pam_pkcs11
- From: X41 D-Sec GmbH Advisories
- X41 D-Sec GmbH Security Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC
- From: X41 D-Sec GmbH Advisories
- X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv
- From: X41 D-Sec GmbH Advisories
- [SECURITY] [DSA 4271-1] samba security update
- From: Salvatore Bonaccorso
- ASUSTOR NAS ADM - 3.1.0 Remote Command Execution, SQL Injections
- [SECURITY] [DSA 4267-1] kamailio security update
- From: Salvatore Bonaccorso
- [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2
- New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability
- From: VMware Security Response Center
- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006
- CA20180802-01: Security Notice for CA API Developer Portal
- [CVE-2018-14429] man-cgi < 1.16 Local File Include
- FreeBSD Security Advisory FreeBSD-SA-18:08.tcp
- From: FreeBSD Security Advisories
- RE: [FD] Executable installers are vulnerable^WEVIL (case 56): arbitrary code execution WITH escalation of privilege via rufus*.exe
- [SECURITY] [DSA 4266-1] linux security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4262-1] symfony security update
- [SECURITY] [DSA 4265-1] xml-security-c security update
- [slackware-security] lftp (SSA:2018-214-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4260-1] libmspack security update
- From: Salvatore Bonaccorso
- Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9
- [slackware-security] blueman (SSA:2018-213-01)
- From: Slackware Security Team
- CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe
- [SECURITY] [DSA 4259-1] ruby2.3 security update
- [slackware-security] seamonkey (SSA:2018-212-02)
- From: Slackware Security Team
- [slackware-security] file (SSA:2018-212-01)
- From: Slackware Security Team
- secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306
- [SECURITY] [DSA 4258-1] ffmpeg security update
- [SECURITY] [DSA 4257-1] fuse security update
- From: Salvatore Bonaccorso
- [slackware-security] Slackware 14.2 kernel (SSA:2018-208-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4256-1] chromium-browser security update
- [CORE-2018-0009] - SoftNAS Cloud OS Command Injection
- From: Core Security Advisories Team
- DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities
- DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability
- [SECURITY] [DSA 4255-1] ant security update
- From: Salvatore Bonaccorso
- DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities
- [SECURITY] [DSA 4254-1] slurm-llnl security update
- From: Salvatore Bonaccorso
- FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018
- [SECURITY] [DSA 4253-1] network-manager-vpnc security update
- From: Salvatore Bonaccorso
- APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1
- From: Apple Product Security
- APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4
- From: Apple Product Security
- APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4
- From: Apple Product Security
- APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan
- From: Apple Product Security
- APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
- From: Apple Product Security
- Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235
- [slackware-security] php (SSA:2018-201-01)
- From: Slackware Security Team
- Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities
- Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities
- Secunia Research: LibRaw "parse_minolta()" Infinite Loop Denial of Service Vulnerability
- Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities
- Adobe Systems - Arbitrary Code Injection Vulnerability
- [slackware-security] httpd (SSA:2018-199-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4252-1] znc security update
- GhostMail - (filename to link) POST Inject Web Vulnerability
- GhostMail - (Status Message) Persistent Web Vulnerability
- Binance v1.5.0 - Insecure File Permission Vulnerability
- [SECURITY] [DSA 4251-1] vlc security update
- Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability
- Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability
- [SECURITY] [DSA 4250-1] wordpress security update
- [slackware-security] mutt (SSA:2018-198-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4248-1] blender security update
- [SECURITY] [DSA 4249-1] ffmpeg security update
- [CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper
- Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities
- [SECURITY] [DSA 4247-1] ruby-rack-protection security update
- [SECURITY] [DSA 4246-1] mailman security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4245-1] imagemagick security update
- [SECURITY] [DSA 4244-1] thunderbird security update
- Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability
- Secunia Research: Clam AntiVirus "parsehwp3_paragraph()" Denial of Service Vulnerability
- SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS
- From: SEC Consult Vulnerability Lab
- [security bulletin] MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities
- Barracuda ADC v5.x - Multiple Persistent Vulnerabilities
- Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability
- [slackware-security] curl (SSA:2018-192-02)
- From: Slackware Security Team
- [slackware-security] bind (SSA:2018-192-01)
- From: Slackware Security Team
- [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities
- From: Core Security Advisories Team
- [SECURITY] [DSA 4243-1] cups security update
- AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities
- Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability
- Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability
- ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability
- Intel System CU - Buffer Overflow (Denial of Service) Vulnerability
- Secutech DSL WR RIS 330 - Filter Bypass Vulnerability
- SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T
- From: SEC Consult Vulnerability Lab
- [slackware-security] mozilla-thunderbird (SSA:2018-191-01)
- From: Slackware Security Team
- APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows
- From: Apple Product Security
- APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
- From: Apple Product Security
- APPLE-SA-2018-7-9-5 Safari 11.1.2
- From: Apple Product Security
- APPLE-SA-2018-7-9-2 watchOS 4.3.2
- From: Apple Product Security
- APPLE-SA-2018-7-9-6 iCloud for Windows 7.6
- From: Apple Product Security
- APPLE-SA-2018-7-9-3 tvOS 11.4.1
- From: Apple Product Security
- APPLE-SA-2018-7-9-1 iOS 11.4.1
- From: Apple Product Security
- [SECURITY] [DSA 4242-1] ruby-sprockets security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4241-1] libsoup2.4 security update
- [slackware-security] mozilla-thunderbird (SSA:2018-186-01)
- From: Slackware Security Team
- APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0
- From: Apple Product Security
- [SECURITY] [DSA 4240-1] php7.0 security update
- SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers
- From: SEC Consult Vulnerability Lab
- [CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool
- [SECURITY] [DSA 4239-1] gosa security update
- [SECURITY] [DSA 4238-1] exiv2 security update
- [SECURITY] [DSA 4237-1] chromium-browser security update
- [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser
- From: Andreas Lehmkuehler
- [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser
- From: Andreas Lehmkuehler
- [SECURITY] [DSA 4236-1] xen security update
- APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0
- From: Apple Product Security
- TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575)
- [SECURITY] [DSA 4235-1] firefox-esr security update
- TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577)
- TP-Link TL-WR841N v13: CSRF (CVE-2018-12574)
- PRTG < 18.2.39 Command Injection
- [slackware-security] mozilla-firefox (SSA:2018-176-01)
- From: Slackware Security Team
- KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability
- From: KoreLogic Disclosures
- [SECURITY] [DSA 4234-1] lava-server security update
- [SECURITY] [DSA 4233-1] bouncycastle security update
- FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 4232-1] xen security update
- [slackware-security] gnupg (SSA:2018-170-01)
- From: Slackware Security Team
- XSS in Canopy login page
- [SECURITY] [DSA 4229-1] strongswan security update
- [SECURITY] [DSA 4231-1] libgcrypt20 security update
- From: Salvatore Bonaccorso
- [security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF
- [SECURITY] [DSA 4230-1] redis security update
- [security bulletin] MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF
- CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018
- CA20180614-01: Security Notice for CA Privileged Access Manager
- [SECURITY] [DSA 4228-1] spip security update
- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005
- APPLE-SA-2018-06-13-01 Xcode 9.4.1
- From: Apple Product Security
- Multiple Security Issues in Ecos Secure Boot Stick (SBS)
- Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689
- CSNC-2018-021 - Vert.x - HTTP Header Injection
- [SECURITY] [DSA 4227-1] plexus-archiver security update
- From: Salvatore Bonaccorso
- DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities
- DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi)
- [SECURITY] [DSA 4226-1] perl security update
- From: Salvatore Bonaccorso
- AST-2018-008: PJSIP endpoint presence disclosure when using ACL
- From: Asterisk Security Team
- AST-2018-007: Infinite loop when reading iostreams
- From: Asterisk Security Team
- [SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release)
- From: Security Explorations
- [SECURITY] [DSA 4225-1] openjdk-7 security update
- SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect)
- [slackware-security] gnupg2 (SSA:2018-159-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4222-1] gnupg2 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4224-1] gnupg security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4220-1] firefox-esr security update
- [SECURITY] [DSA 4223-1] gnupg1 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4221-1] libvncserver security update
- Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS)
- [SECURITY] [DSA 4219-1] jruby security update
- DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities
- DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities
- [slackware-security] mozilla-firefox (SSA:2018-157-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4218-1] memcached security update
- From: Salvatore Bonaccorso
- Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)
- [slackware-security] git (SSA:2018-152-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4217-1] wireshark security update
- APPLE-SA-2018-06-01-2 Safari 11.1.1
- From: Apple Product Security
- APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan
- From: Apple Product Security
- [SECURITY] [DSA 4214-1] zookeeper security update
- [SECURITY] [DSA 4191-2] redmine regression update
- From: Salvatore Bonaccorso
- APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows
- From: Apple Product Security
- APPLE-SA-2018-06-01-5 watchOS 4.3.1
- From: Apple Product Security
- [SECURITY] [DSA 4216-1] prosody security update
- From: Salvatore Bonaccorso
- APPLE-SA-2018-06-01-4 iOS 11.4
- From: Apple Product Security
- [SECURITY] [DSA 4215-1] batik security update
- [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities
- From: Core Security Advisories Team
- [CORE-2018-0004] - Quest KACE System Management Appliance Multiple Vulnerabilities
- From: Core Security Advisories Team
- APPLE-SA-2018-06-01-3 iCloud for Windows 7.5
- From: Apple Product Security
- APPLE-SA-2018-06-01-6 tvOS 11.4
- From: Apple Product Security
- MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411
- CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Vulnerability
- [SECURITY] [DSA 4209-1] thunderbird security update
- [SECURITY] [DSA 4210-1] xen security update
- Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting
- Android OS Didnt use FLAG_SECURE for Sensitive Settings [CVE-2017-13243]
- PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392)
- [security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting
- [CVE-2018-8013] Apache Batik information disclosure vulnerability
- K2 smartforms runtime application - 4.6.11 SSRF
- [slackware-security] mozilla-thunderbird (SSA:2018-142-02)
- From: Slackware Security Team
- [SECURITY] [DSA 4208-1] procps security update
- From: Salvatore Bonaccorso
- [slackware-security] Slackware 14.2 kernel (SSA:2018-142-01)
- From: Slackware Security Team
- [slackware-security] procps-ng (SSA:2018-142-03)
- From: Slackware Security Team
- [SECURITY] [DSA 4207-1] packagekit security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4206-1] gitlab security update
- Qualys Security Advisory - Procps-ng Audit Report
- From: Qualys Security Advisory
- [SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for
- [SECURITY] [DSA 4204-1] imagemagick security update
- [SYSS-2018-007] ILIAS e-Learning - Reflected Cross-Site-Scripting
- MagniComp SysInfo Information Exposure [CVE-2018-7268]
- [SECURITY] [DSA 4203-1] vlc security update
- [slackware-security] curl (SSA:2018-136-01)
- From: Slackware Security Team
- [slackware-security] php (SSA:2018-136-02)
- From: Slackware Security Team
- [SECURITY] [DSA 4202-1] curl security update
- CVE-2018-11101: Signal-desktop HTML tag injection variant 2
- SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 4201-1] xen security update
- CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery
- CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking
- Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet
- From: SEC Consult Vulnerability Lab
- CVE-2018-10994: HTML tag injection in Signal-desktop
- [SECURITY] [DSA 4200-1] kwallet-pam security update
- SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet
- From: SEC Consult Vulnerability Lab
- Vulnerabilities in IBMs Flashsystems and Storwize Products
- [slackware-security] mariadb (SSA:2018-130-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4199-1] firefox-esr security update
- [security bulletin] MFSBGN03807 rev.1 - HP Service Manager Software, SQL Injection
- [security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information
- [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information
- [slackware-security] mozilla-firefox (SSA:2018-129-01)
- From: Slackware Security Team
- [slackware-security] wget (SSA:2018-129-02)
- From: Slackware Security Team
- [SECURITY] [DSA 4198-1] prosody security update
- [SECURITY] [DSA 4197-1] wavpack security updaze
- [security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information
- [security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities
- t2'18: Call For Papers 2018 (Helsinki, Finland)
- [ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy
- [SECURITY] [DSA 4196-1] linux security update
- From: Salvatore Bonaccorso
- FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg
- From: FreeBSD Security Advisories
- APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001
- From: Apple Product Security
- [SECURITY] [DSA 4195-1] wget security update
- From: Salvatore Bonaccorso
- WebKitGTK+ Security Advisory WSA-2018-0004
- [SECURITY] [DSA 4194-1] lucene-solr security update
- [SECURITY] [DSA 4193-1] wordpress security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4192-1] libmad security update
- CANADIAN JOB VACANCY!!!
- [slackware-security] python (SSA:2018-124-01)
- From: Slackware Security Team
- APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04
- From: Apple Product Security
- [slackware-security] seamonkey (SSA:2018-123-01)
- From: Slackware Security Team
- Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution
- From: VMware Security Response Center
- [SECURITY] [DSA 4191-1] redmine security update
- [SECURITY] [DSA 4190-1] jackson-databind security update
- SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM)
- From: SEC Consult Vulnerability Lab
- Command injections via USB upgrade in MSTAR Set-Top box products
- [SECURITY] [DSA 4189-1] quassel security update
- [SECURITY] [DSA 4187-1] linux security update
- CA20180501-01: Security Notice for CA Spectrum
- [SECURITY] [DSA 4188-1] linux security update
- From: Salvatore Bonaccorso
- Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF
- CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability
- [slackware-security] libwmf (SSA:2018-120-01)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2018-120-02)
- From: Slackware Security Team
- Advisory - Sourcetree for Windows - CVE-2018-5226
- [SECURITY] [DSA 4185-1] openjdk-8 security update
- [SECURITY] [DSA 4183-1] tor security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4184-1] sdl-image1.2 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4186-1] gunicorn security update
- [SECURITY] [DSA 4181-1] roundcube security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4182-1] chromium-browser security update
- [slackware-security] openvpn (SSA:2018-116-01)
- From: Slackware Security Team
- [HITB-Announce] HITBGSEC2018 CFP - Final Call
- [SECURITY] [DSA 4180-1] drupal7 security update
- From: Salvatore Bonaccorso
- Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability
- APPLE-SA-2018-04-24-2 Security Update 2018-001
- From: Apple Product Security
- APPLE-SA-2018-04-24-1 iOS 11.3.1
- From: Apple Product Security
- APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4)
- From: Apple Product Security
- [SECURITY] [DSA 4179-1] linux-tools security update
- From: Salvatore Bonaccorso
- SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server
- From: SEC Consult Vulnerability Lab
- Seagate Media Server path traversal vulnerability
- [SECURITY] [DSA 4176-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4175-1] freeplane security update
- From: Salvatore Bonaccorso
- [SE-2011-01] The origin and impact of vulnerabilities in ST chipsets
- From: Security Explorations
- [SECURITY] [DSA 4178-1] libreoffice security update
- [SECURITY] [DSA 4177-1] libsdl2-image security update
- Seagate Media Server stored Cross-Site Scripting vulnerability
- [slackware-security] gd (SSA:2018-108-01)
- From: Slackware Security Team
- WebKitGTK+ Security Advisory WSA-2018-0003
- [SECURITY] [DSA 4174-1] corosync security update
- [SECURITY] [DSA 4173-1] r-cran-readxl security update
- [security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information
- [security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability
- [SECURITY] [DSA 4079-2] poppler regression update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 4169-1] pcs security update
- Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18)
- secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application
- [SECURITY] [DSA 4170-1] pjproject security update
- Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH
- secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application
- [SECURITY] [DSA 4168-1] squirrelmail security update
- From: Salvatore Bonaccorso
- [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution
- From: RedTeam Pentesting GmbH
- [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure
- From: RedTeam Pentesting GmbH
- [slackware-security] patch (SSA:2018-096-01)
- From: Slackware Security Team
- [SECURITY] [DSA 4167-1] sharutils security update
- Advisory - Fisheye and Crucible - CVE-2018-5223
- Advisory - Bamboo - CVE-2018-5224
- [SECURITY] [DSA 4166-1] openjdk-7 security update
- FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec
- From: FreeBSD Security Advisories
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]
