Bugtraq

• Thread Index

• FreeBSD Security Advisory FreeBSD-SA-18:04.vt
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 4165-1] ldap-account-manager security update
  • From: Luciano Bello
• [SECURITY] [DSA 4164-1] apache2 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4163-1] beep security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4160-1] libevt security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4159-1] remctl security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4162-1] irssi security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4161-1] python-django security update
  • From: Luciano Bello
• [slackware-security] php (SSA:2018-090-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4158-1] openssl1.0 security update
  • From: Salvatore Bonaccorso
• APPLE-SA-2018-3-29-3 tvOS 11.3
  • From: Apple Product Security
• [slackware-security] ruby (SSA:2018-088-01)
  • From: Slackware Security Team
• APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan
  • From: Apple Product Security
• APPLE-SA-2018-3-29-8 iCloud for Windows 7.4
  • From: Apple Product Security
• APPLE-SA-2018-3-29-4 Xcode 9.3
  • From: Apple Product Security
• CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center
  • From: Williams, Ken
• APPLE-SA-2018-3-29-2 watchOS 4.3
  • From: Apple Product Security
• [SECURITY] [DSA 4157-1] openssl security update
  • From: Salvatore Bonaccorso
• APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows
  • From: Apple Product Security
• APPLE-SA-2018-3-29-6 Safari 11.1
  • From: Apple Product Security
• APPLE-SA-2018-3-29-1 iOS 11.3
  • From: Apple Product Security
• [SECURITY] [DSA 4156-1] drupal7 security update
  • From: Salvatore Bonaccorso
• CA20180328-01: Security Notice for CA API Developer Portal
  • From: Kotas, Kevin J
• [SECURITY] [DSA 4155-1] thunderbird security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4154-1] net-snmp security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4153-1] firefox-esr security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4152-1] mupdf security update
  • From: Luciano Bello
• Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability
  • From: Vulnerability Lab
• Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities
  • From: Vulnerability Lab
• Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities
  • From: Vulnerability Lab
• AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [slackware-security] mozilla-firefox (SSA:2018-085-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4151-1] librelp security update
  • From: Salvatore Bonaccorso
• [slackware-security] mozilla-thunderbird (SSA:2018-082-01)
  • From: Slackware Security Team
• Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links
  • From: Securify B.V.
• [SECURITY] [DSA 4150-1] icu security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4149-1] plexus-utils2 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4148-1] kamailio security update
  • From: Moritz Muehlenhoff
• ModSecurity WAF 3.0 for Nginx - Denial of Service
  • From: x ksi
• Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal
  • From: x ksi
• Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation
  • From: x ksi
• Secunia Research: Microsoft Windows Embedded OpenType Font Engine Font Glyphs Handling Information Disclosure Vulnerability
  • From: Secunia Research
• Secunia Research: Microsoft Windows Embedded OpenType Font Engine hdmx Table Information Disclosure Vulnerability
  • From: Secunia Research
• Advisory - Bitbucket Server - CVE-2018-5225
  • From: Matthew Hart
• Secunia Research: Microsoft Windows Embedded OpenType Font Engine "MTX_IS_MTX_Data()" Information Disclosure Vulnerability
  • From: Secunia Research
• [SECURITY] [DSA 4147-1] polarssl security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 4146-1] plexus-utils security update
  • From: Moritz Muehlenhoff
• CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries
  • From: Advisories
• ES2018-05 Kamailio heap overflow
  • From: Sandro Gauci
• [slackware-security] mozilla-firefox (SSA:2018-075-01)
  • From: Slackware Security Team
• [slackware-security] libvorbis (SSA:2018-076-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4142-1] uwsgi security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4145-1] gitlab security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4143-1] firefox-esr security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4144-1] openjdk-8 security update
  • From: Moritz Muehlenhoff
• RedCoded ISR: Abine Blur Password Manager Insecure Permissions (CVE-2018-8213)
  • From: (RS) Tyler Schroder
• [SECURITY] [DSA 4141-1] libvorbisidec security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4140-1] libvorbis security update
  • From: Salvatore Bonaccorso
• [CVE-2017-1205] IBM Spectrum LSF Privilege Escalation
  • From: john . fitzpatrick
• [SECURITY] [DSA 4139-1] firefox-esr security update
  • From: Moritz Muehlenhoff
• [slackware-security] curl (SSA:2018-074-01)
  • From: Slackware Security Team
• Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities
  • From: Secunia Research
• [SECURITY] [DSA 4138-1] mbedtls security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 4137-1] libvirt security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4136-1] curl security update
  • From: Alessandro Ghedini
• SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net)
  • From: SEC Consult Vulnerability Lab
• FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution
  • From: FreeBSD Security Advisories
• [slackware-security] mozilla-firefox (SSA:2018-072-01)
  • From: Slackware Security Team
• [slackware-security] samba (SSA:2018-072-02)
  • From: Slackware Security Team
• [RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites
  • From: RedTeam Pentesting GmbH
• [SECURITY] [DSA 4135-1] samba security update
  • From: Salvatore Bonaccorso
• SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4134-1] util-linux security update
  • From: Salvatore Bonaccorso
• [RT-SA-2018-001] Arbitrary Redirect in Tuleap
  • From: RedTeam Pentesting GmbH
• FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec [REVISED]
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 4133-1] isc-dhcp security update
  • From: Salvatore Bonaccorso
• FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec
  • From: FreeBSD Security Advisories
• KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service
  • From: KoreLogic Disclosures
• DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery
  • From: Defense Code
• DefenseCode Security Advisory: Magento Stored Cross-Site Scripting – Downloadable Products
  • From: Defense Code
• DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities
  • From: Defense Code
• DefenseCode Security Advisory: Magento Stored Cross-Site Scripting – Product Attributes
  • From: Defense Code
• DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery
  • From: Defense Code
• CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor
  • From: spinfoo
• [SECURITY] [DSA 4120-2] linux regression update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4132-1] libvpx security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4129-1] freexl security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4130-1] dovecot security update
  • From: Salvatore Bonaccorso
• KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service
  • From: KoreLogic Disclosures
• [SECURITY] [DSA 4131-1] xen security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4128-1] trafficserver security update
  • From: Sebastien Delafond
• [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)
  • From: Slackware Security Team
• [Newsletter/Marketing] [slackware-security] dhcp (SSA:2018-060-01)
  • From: Slackware Security Team
• [security bulletin] MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS)
  • From: cyber-psrt
• [SECURITY] [DSA 4127-1] simplesamlphp security update
  • From: Thijs Kinkhorst
• CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor
  • From: spinfoo
• [security bulletin] MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities
  • From: cyber-psrt
• Secunia Research: Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability
  • From: Secunia Research
• SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4124-1] lucene-solr security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service
  • From: security-alert
• SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket
  • From: SEC Consult Vulnerability Lab
• ES2018-03 Asterisk pjsip sdp invalid media format description segfault
  • From: Sandro Gauci
• ES2018-04 Asterisk pjsip tcp segfault
  • From: Sandro Gauci
• ES2018-02 Asterisk pjsip sdp invalid fmtp segfault
  • From: Sandro Gauci
• ES2018-01 Asterisk pjsip subscribe stack corruption
  • From: Sandro Gauci
• CMS Made Simple 2.1.6 - Remote Code Execution
  • From: displaymyname
• [SECURITY] [DSA 4123-1] drupal7 security update
  • From: Moritz Muehlenhoff
• Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5
  • From: Justin Bull
• [security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance
  • From: cyber-psrt
• [SECURITY] [DSA 4122-1] squid3 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4120-1] linux security update
  • From: Yves-Alexis Perez
• [CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities
  • From: Core Security Advisories Team
• DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability
  • From: Defense Code
• [SECURITY] [DSA 4121-1] gcc-6 security update
  • From: Moritz Muehlenhoff
• SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors
  • From: SEC Consult Vulnerability Lab
• Sharutils 4.15.2 Heap-Buffer-Overflow
  • From: nafiez
• Sharutils 4.15.2 Heap-Buffer-Overflow
  • From: nafiez
• Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS
  • From: preethiknambiar
• Multiple Persistent XSS vulnerabilities in Radiant Content Management System
  • From: suparna . kachru
• APPLE-SA-2018-02-19-3 tvOS 11.2.6
  • From: Apple Product Security
• APPLE-SA-2018-02-19-1 iOS 11.2.6
  • From: Apple Product Security
• APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update
  • From: Apple Product Security
• APPLE-SA-2018-02-19-4 watchOS 4.2.3
  • From: Apple Product Security
• [SECURITY] [DSA 4119-1] libav security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4118-1] tomcat-native security update
  • From: Salvatore Bonaccorso
• Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)
  • From: displaymyname
• Kentico CMS version 9 through 11 - Arbitrary Code Execution
  • From: displaymyname
• [SECURITY] [DSA 4117-1] gcc-4.9 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4116-1] plasma-workspace security update
  • From: Moritz Muehlenhoff
• Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12
  • From: dkl
• [slackware-security] irssi (SSA:2018-046-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4115-1] quagga security update
  • From: Salvatore Bonaccorso
• Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload
  • From: Arvind Vishwakarma
• Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
  • From: Stefan Kanthak
• Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF
  • From: Arvind Vishwakarma
• [SECURITY] [DSA 4114-1] jackson-databind security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 4113-1] libvorbis security update
  • From: Moritz Muehlenhoff
• Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
  • From: Jeffrey Walton
• [SECURITY] [DSA 4112-1] xen security update
  • From: Moritz Muehlenhoff
• NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security)
  • From: apparitionsec
• Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS
  • From: Stefan Kanthak
• [security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification
  • From: cyber-psrt
• CSNC-2017-027 Microsoft Intune - App PIN Bypass
  • From: Advisories
• [SECURITY] [DSA 4111-2] libreoffice security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass
  • From: security-alert
• CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security)
  • From: apparitionsec
• KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability
  • From: KoreLogic Disclosures
• [SECURITY] [DSA 4109-1] ruby-omniauth security update
  • From: Luciano Bello
• [SECURITY] [DSA 4110-1] exim4 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4111-1] libreoffice security update
  • From: Moritz Muehlenhoff
• Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
  • From: Stefan Kanthak
• KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability
  • From: KoreLogic Disclosures
• KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution
  • From: KoreLogic Disclosures
• KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass
  • From: KoreLogic Disclosures
• KL-001-2018-002 : NetEx HyperIP Authentication Bypass
  • From: KoreLogic Disclosures
• [SECURITY] [DSA 4108-1] mailman security update
  • From: Thijs Kinkhorst
• Advisory - Fisheye and Crucible - CVE-2017-16861
  • From: David Black
• [SECURITY] [DSA 4105-2] mpv security update
  • From: Luciaon Bello
• SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4107-1] django-anymail security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)
  • From: security-alert
• [SECURITY] [DSA 4106-1] libtasn1-6 security update
  • From: Salvatore Bonaccorso
• SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip
  • From: SEC Consult Vulnerability Lab
• [slackware-security] Slackware 14.2 kernel (SSA:2018-037-01)
  • From: Slackware Security Team
• [SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform
  • From: Security Explorations
• [SECURITY] [DSA 4105-1] mpv security update
  • From: Luciano Bello
• [CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities
  • From: Core Security Advisories Team
• [slackware-security] php (SSA:2018-034-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4104-1] p7zip security update
  • From: Salvatore Bonaccorso
• [security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection
  • From: cyber-psrt
• SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4103-1] chromium-browser security update
  • From: Michael Gilbert
• Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831
  • From: Atlassian
• KonaKart Path Traversal Vulnerability
  • From: ajcraggs
• Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key
  • From: cfpmontreal2018
• SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4094-2] smarty3 security update
  • From: Luciano Bello
• Defense in depth -- the Microsoft way (part 49): fun with application manifests
  • From: Stefan Kanthak
• [SECURITY] [DSA 4100-1] tiff security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPESBHF03811 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities
  • From: security-alert
• [SECURITY] [DSA 4101-1] wireshark security update
  • From: Moritz Muehlenhoff
• [slackware-security] mozilla-thunderbird (SSA:2018-025-01)
  • From: Slackware Security Team
• Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities
  • From: Secunia Research
• [SECURITY] [DSA 4098-1] curl security update
  • From: Alessandro Ghedini
• [SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
  • From: matthias . deeg
• [security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification
  • From: security-alert
• [SECURITY] [DSA 4099-1] ffmpeg security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPESBHF03812 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities
  • From: security-alert
• KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability
  • From: KoreLogic Disclosures
• [security bulletin] HPESBHF03815 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
  • From: security-alert
• [security bulletin] HPESBHF03810 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPESBHF03813 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
  • From: security-alert
• [security bulletin] HPESBHF03808 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
  • From: security-alert
• [security bulletin] HPESBHF03809 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Authentication Restriction Bypass
  • From: security-alert
• [SECURITY] [DSA 4097-1] poppler security update
  • From: Moritz Muehlenhoff
• [slackware-security] curl (SSA:2018-024-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4095-1] gcab security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4096-1] firefox-esr security update
  • From: Moritz Muehlenhoff
• WebKitGTK+ Security Advisory WSA-2018-0002
  • From: Carlos Alberto Lopez Perez
• CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability
  • From: Akira Ajisaka
• APPLE-SA-2018-1-23-3 watchOS 4.2.2
  • From: Apple Product Security
• APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan
  • From: Apple Product Security
• APPLE-SA-2018-1-23-7 iCloud for Windows 7.3
  • From: Apple Product Security
• APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows
  • From: Apple Product Security
• APPLE-SA-2018-1-23-1 iOS 11.2.5
  • From: Apple Product Security
• APPLE-SA-2018-1-23-5 Safari 11.0.3
  • From: Apple Product Security
• APPLE-SA-2018-1-23-4 tvOS 11.2.5
  • From: Apple Product Security
• DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities
  • From: DefenseCode
• SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications
  • From: SEC Consult Vulnerability Lab
• [security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.
  • From: security-alert
• [SECURITY] [DSA 4094-1] smarty3 security update
  • From: Luciano Bello
• CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities
  • From: Vulnerability Lab
• Photo Vault v1.2 iOS - Insecure Authentication Vulnerability
  • From: Vulnerability Lab
• CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities
  • From: Vulnerability Lab
• Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security)
  • From: apparitionsec
• Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities
  • From: Vulnerability Lab
• Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 4093-1] openocd security update
  • From: luciano
• CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability
  • From: Jason Lowe
• [SECURITY] [DSA 4092-1] awstats security update
  • From: Sebastien Delafond
• [security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation
  • From: security-alert
• [security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.
  • From: security-alert
• [security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities
  • From: security-alert
• [slackware-security] bind (SSA:2018-017-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4090-1] wordpress security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 4089-1] bind9 security update
  • From: Salvatore Bonaccorso
• ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869
  • From: tim . kretschmann
• [SECURITY] [DSA 4088-1] gdk-pixbuf security update
  • From: Moritz Muehlenhoff
• Zenario v7.6 CMS - SQL Injection Web Vulnerability
  • From: Vulnerability Lab
• MagicSpam 2.0.13 - Insecure File Permission Vulnerability
  • From: Vulnerability Lab
• [RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2
  • From: RedTeam Pentesting GmbH
• Arbitrary file read in Kaseya VSA
  • From: Securify B.V.
• Broken TLS certificate pinning in VTech DigiGo Kid Connect app
  • From: Summer of Pwnage
• [SECURITY] [DSA 4087-1] transmission security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4086-1] libxml2 security update
  • From: Salvatore Bonaccorso
• Broken TLS certificate validation in VTech DigiGo browser
  • From: Summer of Pwnage
• Adminer <= v4.3.1 Server Side Request Forgery
  • From: apparitionsec
• Seagate Media Server allows deleting of arbitrary files and folders
  • From: Summer of Pwnage
• Authentication bypass in Kaseya VSA
  • From: Securify B.V.
• Multiple vulnerabilities in VTech DigiGo allow browser overlay attack
  • From: Summer of Pwnage
• Code execution in Kaseya VSA
  • From: Securify B.V.
• [SECURITY] [DSA 4085-1] xmltooling security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege
  • From: security-alert
• [security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass
  • From: security-alert
• [SECURITY] [DSA 4084-1] gifsicle security update
  • From: Sebastien Delafond
• MagicSpam 2.0.13 - Insecure File Permission Vulnerability
  • From: Vulnerability Lab
• Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability
  • From: Vulnerability Lab
• Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities
  • From: Vulnerability Lab
• SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• Magento Commerce - SSRF & XSPA Web Vulnerability
  • From: Vulnerability Lab
• Magento Connect T1 - (Claim) Persistent Vulnerability
  • From: Vulnerability Lab
• Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• Flash Operator Panel v2.31.03 - Command Execution Vulnerability
  • From: Vulnerability Lab
• CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting
  • From: Advisories
• [SECURITY] [DSA 4083-1] poco security update
  • From: Sebastien Delafond
• WebKitGTK+ Security Advisory WSA-2018-0001
  • From: Carlos Alberto Lopez Perez
• DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability
  • From: DefenseCode
• DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities
  • From: DefenseCode
• DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability
  • From: DefenseCode
• Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)
  • From: chunibalon
• [security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.
  • From: security-alert
• [SECURITY] [DSA 4082-1] linux security update
  • From: Salvatore Bonaccorso
• CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used
  • From: Imre Rad
• [SECURITY] [DSA 4080-1] php7.0 security update
  • From: Moritz Muehlenhoff
• [slackware-security] irssi (SSA:2018-008-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4081-1] php5 security update
  • From: Moritz Muehlenhoff
• Response to Meltdown and Spectre
  • From: Gordon Tetlow
• Social Media Widget by Acurax [CSRF]
  • From: Panagiotis Vagenas
• CMS Tree Page View [CSRF, Privilege Escalation]
  • From: Panagiotis Vagenas
• SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Wickr Inc - App Clock & Message Deletion Glitch - Bug Bounty
  • From: Vulnerability Lab
• WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• [SECURITY] [DSA 4079-1] poppler security update
  • From: Moritz Muehlenhoff
• APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update
  • From: Apple Product Security
• APPLE-SA-2018-1-8-3 Safari 11.0.2
  • From: Apple Product Security
• CVE-2017-16884 Mist Server v2.12 Unauthenticated Persistent XSS (hyp3rlinx / ApparitionSec)
  • From: apparitionsec
• APPLE-SA-2018-1-8-1 iOS 11.2.2
  • From: Apple Product Security
• Admin Menu Tree Page View [CSRF, Privilege Escalation]
  • From: Panagiotis Vagenas
• CVE-2017-17055 Artica Web Proxy v3.06 Remote Code Execution (hyp3rlinx / ApparitionSec)
  • From: apparitionsec
• Abyss Web Server < v2.11.6 Memory Heap Corruption (hyp3rlinx / apparitionsec)
  • From: apparitionsec
• iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• [SECURITY] [DSA 4078-1] linux security update
  • From: Yves-Alexis Perez
• Intel CPU bug forcing page table switch during syscalls?
  • From: Pavel Machek
• Re "Intel responds to security research findings"
  • From: Ed Maste
• [security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code
  • From: security-alert
• [security bulletin] MFSBGN03793 rev.2 - Project and Portfolio Management Center, Multiple vulnerabilities
  • From: cyber-psrt
• CVE-2017-6094 - Genexis GAPS Access Control Vulnerability
  • From: Antoine Neuenschwander
• b2evolution CMS 6.6.0 - 6.8.10 PHP code execution
  • From: Anti Räis
• Advisory - Bamboo - CVE-2017-14589 CVE-2017-14590
  • From: Atlassian
• APPLE-SA-2017-12-13-1 iOS 11.2.1
  • From: Apple Product Security
• APPLE-SA-2017-12-13-2 tvOS 11.2.1
  • From: Apple Product Security
• AST-2017-012: Remote Crash Vulnerability in RTCP Stack
  • From: Asterisk Security Team
• APPLE-SA-2017-12-13-7 Additional information for APPLE-SA-2017-12-6-4 tvOS 11.2
  • From: Apple Product Security
• ADVISORY - Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP POST data - CVE-2017-15524
  • From: tim . kretschmann
• APPLE-SA-2017-12-13-5 Safari 11.0.2
  • From: Apple Product Security
• [SECURITY] [DSA 4064-1] chromium-browser security update
  • From: Michael Gilbert
• Advisory - Fisheye and Crucible - CVE-2017-14591
  • From: Atlassian
• [SECURITY] [DSA 4062-1] firefox-esr security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4061-1] thunderbird security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4060-1] wireshark security update
  • From: Moritz Muehlenhoff
• [slackware-security] openssl (SSA:2017-342-01)
  • From: Slackware Security Team
• FreeBSD Security Advisory FreeBSD-SA-17:12.openssl
  • From: FreeBSD Security Advisories
• CISTI'2018 -- Doctoral Symposium -- Call for contributions
  • From: ML
• [SECURITY] [DSA 4059-1] libxcursor security update
  • From: Salvatore Bonaccorso
• Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities
  • From: Secunia Research
• [SECURITY] [DSA 4058-1] optipng security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4057-1] erlang security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4056-1] nova security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 4052-1] bzr security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4051-1] curl security update
  • From: Yves-Alexis Perez
• Advisory - Hipchat Data Center, Hipchat Server - CVE-2017-14585
  • From: Matthew Hart
• Advisory - Remote code execution in HipChat for Mac desktop client - CVE-2017-14586
  • From: Matthew Hart
• [SECURITY] [DSA 4050-1] xen security update
  • From: Moritz Muehlenhoff
• Edward Snowden free speech at JBFone - Data Security & Privacy
  • From: Vulnerability Lab
• [SECURITY] [DSA 4046-1] libspring-ldap-java security update
  • From: Sebastien Delafond
• Secunia Research: Oracle Outside In Denial of Service Vulnerability
  • From: Secunia Research
• [SECURITY] [DSA 4045-1] vlc security update
  • From: Moritz Muehlenhoff
• CSNC-2017-029 MyTy Blind SQL Injection
  • From: Advisories
• [security bulletin] HPESBHF03798 rev.1 - HPE Proliant Gen10 Servers, DL20 Gen9, ML30 Gen9 and Certain Apollo Servers Using Intel Server Platform Service (SPS) v4.0, Local Denial of Service and Execution of Arbitrary Code
  • From: security-alert
• [SECURITY] [DSA 4044-1] swauth security update
  • From: Yves-Alexis Perez
• CSNC-2017-030 MyTy Reflected Cross-Site Scripting (XSS)
  • From: Advisories
• FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat [REVISED]
  • From: FreeBSD Security Advisories
• [CVE-2017-15044] DocuWare FullText Search - Incorrect Access Control vulnerability
  • From: Graham Leggett
• [security bulletin] HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities
  • From: security-alert
• [security bulletin] HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities
  • From: security-alert
• [SECURITY] [DSA 4037-1] jackson-databind security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 4039-1] opensaml2 security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPESBHF03705 rev.4 - HPE Integrated Lights-Out 4, 3, 2 and Moonshot Remote Console Administrator (iLO 4 and MRCA) Remote Disclosure of Information
  • From: security-alert
• FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-17:09.shm
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-17:08.ptrace
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 4036-1] mediawiki security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4035-1] firefox-esr security update
  • From: Moritz Muehlenhoff
• Call for papers - WorldCIST'18 - Naples, Italy - Extended deadline: November 26
  • From: Maria Lemos
• CA20171114-01: Security Notice for CA Identity Governance
  • From: Kotas, Kevin J
• [SECURITY] [DSA 4033-1] konversation security update
  • From: Salvatore Bonaccorso
• [CVE-2017-15288] A privilege escalation vulnerability in the Scala compilation daemon
  • From: jason . zaugg
• Symantec Endpoint Protection (SEP) v12.1 Tamper-protection Bypass CVE-2017-6331 (hyp3rlinx)
  • From: apparitionsec
• [SECURITY] [DSA 4032-1] imagemagick security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4031-1] ruby2.3 security update
  • From: Salvatore Bonaccorso
• Bypassable authentication in SingTel / Aztech DSL8900GR(AC) router
  • From: cort
• [SECURITY] [DSA 4006-2] mupdf security update
  • From: Luciano Bello
• Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server
  • From: X41 D-Sec GmbH Advisories
• WebKitGTK+ Security Advisory WSA-2017-0009
  • From: Carlos Alberto Lopez Perez
• [RT-SA-2016-008] XML External Entity Expansion in Ladon Webservice
  • From: RedTeam Pentesting GmbH
• [SECURITY] [DSA 4029-1] postgresql-common security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4028-1] postgresql-9.6 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4027-1] postgresql-9.4 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4026-1] bchunk security update
  • From: Sebastien Delafond
• Datto Windows Agent 1.0.5.0 Remote Command Execution [CVE-2017-16673][CVE-2017-16674]
  • From: brainn
• AST-2017-009: Buffer overflow in pjproject header parsing can cause crash in Asterisk
  • From: Asterisk Security Team
• AST-2017-010: Buffer overflow in CDR's set user
  • From: Asterisk Security Team
• AST-2017-011: Memory leak in pjsip session resource
  • From: Asterisk Security Team
• [SECURITY] [DSA 4025-1] libpam4j security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4021-1] otrs2 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4020-1] chromium-browser security update
  • From: Michael Gilbert
• CVE-2017-9096 iText XML External Entity Vulnerability
  • From: Advisories
• [SECURITY] [DSA 4019-1] imagemagick security update
  • From: Moritz Muehlenhoff
• Call for papers - WorldCIST'18 - Naples, Italy - Extended deadline: November 22
  • From: ML
• Webmin v1.850 Remote Code Execution (hyp3rlinx / apparitionsec)
  • From: apparitionsec
• [SECURITY] [DSA 4016-1] irssi security update
  • From: Salvatore Bonaccorso
• KL-001-2017-022 : Splunk Local Privilege Escalation
  • From: KoreLogic Disclosures
• [SECURITY] [DSA 4015-1] openjdk-8 security update
  • From: Moritz Muehlenhoff
• APPLE-SA-2017-10-31-6 iTunes 12.7.1 for Windows
  • From: Apple Product Security
• APPLE-SA-2017-10-31-11 Additional information for APPLE-SA-2017-09-20-3 tvOS 11
  • From: Apple Product Security
• APPLE-SA-2017-10-31-2 macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan
  • From: Apple Product Security
• APPLE-SA-2017-10-31-12 Additional information for APPLE-SA-2017-09-25-9 macOS Server 5.4
  • From: Apple Product Security
• APPLE-SA-2017-10-31-3 tvOS 11.1
  • From: Apple Product Security
• APPLE-SA-2017-10-31-10 Additional information for APPLE-SA-2017-09-20-2 watchOS 4
  • From: Apple Product Security
• APPLE-SA-2017-10-31-7 iCloud for Windows 7.1
  • From: Apple Product Security
• APPLE-SA-2017-10-31-9 Additional information for APPLE-SA-2017-09-19-1 iOS 11
  • From: Apple Product Security
• APPLE-SA-2017-10-31-4 watchOS 4.1
  • From: Apple Product Security
• [SECURITY] [DSA 4012-1] libav security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPESBHF03785 rev.1 - HPE B-Series SAN Network Advisor Software, Multiple Remote Vulnerabilities
  • From: HPE Product Security Response Team
• [SECURITY] [DSA 4009-1] shadowsocks-libev security update
  • From: Moritz Muehlenhoff
• [slackware-security] wget (SSA:2017-300-02)
  • From: Slackware Security Team
• [security bulletin] HPESBHF03787 rev.1 - Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution
  • From: security-alert
• Bomgar Remote Support - Local Privilege Escalation (CVE-2017-5996)
  • From: VSR Advisories
• October 2017 - Bamboo - Critical Security Advisory
  • From: Atlassian
• KL-001-2017-020 : Sophos UTM 9 loginuser Privilege Escalation via Insecure Directory Permissions
  • From: KoreLogic Disclosures
• KL-001-2017-017 : Infoblox NetMRI Administration Shell Escape and Privilege Escalation
  • From: KoreLogic Disclosures
• [SECURITY] [DSA 4006-1] mupdf security update
  • From: Luciano Bello
• [security bulletin] HPESBHF03779 rev.1 - HPE Fabric OS using OpenSSH, Denial of Service
  • From: HPE Product Security Response Team
• [SECURITY] [DSA 4003-1] libvirt security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4002-1] mysql-5.5 security update
  • From: Salvatore Bonaccorso
• FreeBSD Security Advisory FreeBSD-SA-17:07.wpa [REVISED]
  • From: FreeBSD Security Advisories
• [slackware-security] xorg-server (SSA:2017-291-03)
  • From: Slackware Security Team
• [slackware-security] wpa_supplicant (SSA:2017-291-02)
  • From: Slackware Security Team
• [slackware-security] libXres (SSA:2017-291-01)
  • From: Slackware Security Team
• WebKitGTK+ Security Advisory WSA-2017-0008
  • From: Carlos Alberto Lopez Perez
• SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products
  • From: SEC Consult Vulnerability Lab
• [security bulletin] HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data
  • From: security-alert
• [SECURITY] [DSA 3999-1] wpa security update
  • From: Yves-Alexis Perez
• SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++
  • From: SEC Consult Vulnerability Lab
• [security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege
  • From: swpmb . cyber-psrt
• Advisory X41-2017-010: Command Execution in Shadowsocks-libev
  • From: X41 D-Sec GmbH Advisories
• Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks
  • From: X41 D-Sec GmbH Advisories
• [RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure
  • From: Julien Ahrens
• Multiple vulnerabilities in OpenText Documentum Content Server
  • From: Andrey B. Panfilov
• [SECURITY] [DSA 3995-1] libxfont security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3994-1] nautilus security update
  • From: Yves-Alexis Perez
• [SECURITY] [DSA 3993-1] tor security update
  • From: Moritz Muehlenhoff
• [slackware-security] xorg-server (SSA:2017-279-03)
  • From: Slackware Security Team
• DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1
  • From: DefenseCode
• [security bulletin] HPESBHF03776 rev.1 - HPE Intelligent Management Center (iMC) Service Operation Management (SOM), Remote Arbitrary File Download
  • From: security-alert
• HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities
  • From: HPE Product Security Response Team
• [SECURITY] [DSA 3988-1] libidn2-0 security update
  • From: Salvatore Bonaccorso
• Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 (apparitionsec / hyp3rlinx)
  • From: apparitionsec
• Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery (apparitionsec / hyp3rlinx)
  • From: apparitionsec
• Mac OS X Local Javascript Quarantine Bypass
  • From: filippo . cavallarin
• [SECURITY] [DSA 3987-1] firefox-esr security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3986-1] ghostscript security update
  • From: Salvatore Bonaccorso
• Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084 (apparitionsec / hyp3rlinx)
  • From: apparitionsec
• Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086 (apparitionsec / hyp3rlinx)
  • From: apparitionsec
• Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 (apparitionsec / hyp3rlinx)
  • From: apparitionsec
• Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Change Prevention Image File Execution Bypass (apparitionsec / hyp3rlinx)
  • From: apparitionsec
• Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Memory Corruption CVE-2017-14089 (apparitionsec / hyp3rlinx)
  • From: apparitionsec
• Mac OS X Local Javascript Quarantine Bypass
  • From: Filippo Cavallarin
• CVE-2017-14087 Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection (apparitionsec / hyp3rlinx)
  • From: apparitionsec
• [security bulletin] HPESBGN03773 rev.2 - HPE Application Performance Management (BSM), Remote Code Execution
  • From: swpmb . cyber-psrt
• CVE-2017-14084 Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution (apparitionsec / hyp3rlinx)
  • From: apparitionsec
• [CVE-2017-9538] Persistent Application Denial of Service
  • From: andys3c
• [CVE-2017-9537] Persistent Cross-Site Scripting Vulnerabilities
  • From: andys3c
• Faleemi FSC-880 Multiple Security Vulnerabilities
  • From: oleg
• Bitdefender Total Security 2017 Unquoted Service Path Vulnerability
  • From: wsachin092
• [SECURITY] [DSA 3984-1] git security update
  • From: Florian Weimer
• Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253)
  • From: Qualys Security Advisory
• [security bulletin] HPESBGN03773 rev.1 - HPE Application Performance Management (BSM), Remote Code Execution
  • From: swpmb . cyber-psrt
• Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities (apparitionsec / hyp3rlinx)
  • From: apparitionsec
• Kaltura - Remote Code Execution and Cross-Site Scripting
  • From: robin . verton
• [slackware-security] libxml2 (SSA:2017-266-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3983-1] samba security update
  • From: Moritz Muehlenhoff
• APPLE-SA-2017-09-19-1 iOS 11
  • From: Apple Product Security
• [slackware-security] httpd (SSA:2017-261-01)
  • From: Slackware Security Team
• [slackware-security] libgcrypt (SSA:2017-261-02)
  • From: Slackware Security Team
• [slackware-security] ruby (SSA:2017-261-03)
  • From: Slackware Security Team
• Watchguard Fireware OS DOS & Stored XSS
  • From: David Fernandez
• [SECURITY] [DSA 3978-1] gdk-pixbuf security update
  • From: Moritz Muehlenhoff
• ZK Time_Web Software 2.0 - Broken Authentication
  • From: Arvind Vishwakarma
• ZKTime_Web Software 2.0 - Cross Site Request Forgery
  • From: Arvind Vishwakarma
• [SECURITY] [DSA 3976-1] freexl security update
  • From: Salvatore Bonaccorso
• [slackware-security] kernel (SSA:2017-258-02)
  • From: Slackware Security Team
• [SECURITY] [DSA 3975-1] emacs25 security update
  • From: Moritz Muehlenhoff
• [slackware-security] emacs (SSA:2017-255-01)
  • From: Slackware Security Team
• [slackware-security] libzip (SSA:2017-255-02)
  • From: Slackware Security Team
• [SECURITY] [DSA 3970-1] emacs24 security update
  • From: Moritz Muehlenhoff
• SEC Consult SA-20170912-0 :: Email verification bypass in SAP E-Recruiting
  • From: SEC Consult Vulnerability Lab
• [slackware-security] bash (SSA:2017-251-01)
  • From: Slackware Security Team
• [slackware-security] mariadb (SSA:2017-251-02)
  • From: Slackware Security Team
• [SECURITY] [DSA 3967-1] mbedtls security update
  • From: Salvatore Bonaccorso
• Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol
  • From: Pierre Kim
• August 2017 - SourceTree - Critical Security Advisory
  • From: David Black
• [SECURITY] [DSA 3965-1] file security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPESBUX03772 rev.1 - HP-UX BIND Service Running Named, Multiple Vulnerabilities
  • From: security-alert
• CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution ( apparitionsec @ gmail / hyp3rlinx )
  • From: apparitionsec
• Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 3963-1] mercurial security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 3962-1] strongswan security update
  • From: Yves-Alexis Perez
• [SECURITY] [DSA 3961-1] libgd2 security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPESBGN03767 rev.1 - HPE Operations Orchestration, Remote Code Execution
  • From: security-alert
• [SECURITY] [DSA 3957-1] ffmpeg security update
  • From: Luciano Bello
• [security bulletin] HPESBHF03770 rev.1 - HPE Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat, Remote Arbitrary Code Execution
  • From: HPE Product Security Response Team
• [SECURITY] [DSA 3956-1] connman security update
  • From: Luciano Bello
• Trend Micro Hosted Email Security (HES) - Email Interception and Direct Object Reference
  • From: Patrick Webster
• [security bulletin] HPESBHF03769 rev.1 - HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities
  • From: security-alert
• [SECURITY] [DSA 3953-1] aodh security update
  • From: Luciano Bello
• [SECURITY] [DSA 3951-1] smb4k security update
  • From: Moritz Muehlenhoff
• [RT-SA-2015-008] WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs
  • From: RedTeam Pentesting GmbH
• [RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates
  • From: RedTeam Pentesting GmbH
• [RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification
  • From: RedTeam Pentesting GmbH
• [RT-SA-2015-011] WebClientPrint Processor 2.0: No Validation of TLS Certificates
  • From: RedTeam Pentesting GmbH
• [SECURITY] [DSA 3950-1] libraw security update
  • From: Luciano Bello
• [SECURITY] [DSA 3948-1] ioquake3 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3946-1] libmspack security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 3928-2] firefox-esr security update
  • From: Moritz Muehlenhoff
• Microsoft Resnet - DNS Configuration Web Vulnerability
  • From: Vulnerability Lab
• FreeBSD <= 10.3 jail SHM hole
  • From: WhiteWinterWolf
• [SECURITY] [DSA 3943-1] gajim security update
  • From: Salvatore Bonaccorso
• CVE-2017-9802: Apache Sling XSS vulnerability
  • From: Robert Munteanu
• [CVE-2017-9767] Quali CloudShell (v7.1.0.6508 Patch 6) Multiple Stored Cross Site Scripting Vulnerability
  • From: x62x65x6e
• [SECURITY] [DSA 3940-1] iortcw security update
  • From: Moritz Muehlenhoff
• [slackware-security] mercurial (SSA:2017-223-03)
  • From: Slackware Security Team
• [SECURITY] [DSA 3937-1] zabbix security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3936-1] postgresql-9.6 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3935-1] postgresql-9.4 security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPESB3P03762 rev.1 - HPE C Switch Software using Cisco Prime Data Center Network Manager (DCNM), Remote Code Execution
  • From: security-alert
• [ANN] Apache Struts: S2-049 Security Bulletin update
  • From: Lukasz Lenart
• [SECURITY] [DSA 3932-1] subversion security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 3933-1] pjproject security update
  • From: Moritz Muehlenhoff
• [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released
  • From: Daniel Shahaf
• [SECURITY] [DSA 3929-1] libsoup2.4 security update
  • From: Salvatore Bonaccorso
• [slackware-security] curl (SSA:2017-221-01)
  • From: Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2017-221-02)
  • From: Slackware Security Team
• DefenseCode ThunderScan SAST Advisory: WordPress Easy Modal Plugin Multiple Security Vulnerabilities
  • From: DefenseCode
• [SECURITY] [DSA 3927-1] linux security update
  • From: Salvatore Bonaccorso
• Re: [oss-security] [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename()
  • From: Brad Spengler
• [SECURITY] [DSA 3926-1] chromium-browser security update
  • From: Michael Gilbert
• [SECURITY] [DSA 3925-1] qemu security update
  • From: Moritz Muehlenhoff
• SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection
  • From: SEC Consult Vulnerability Lab
• SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability
  • From: SEC Consult Vulnerability Lab
• [security bulletin] HPESB3P03767 rev.1 - HPE Proliant ML10 Gen9 servers using Intel Xeon E3-1200M v5 and 6th Generation Intel Core Processors, Unauthorized Write to Filesystem
  • From: security-alert
• [SECURITY] [DSA 3924-1] varnish security update
  • From: Salvatore Bonaccorso
• [slackware-security] gnupg (SSA:2017-213-01)
  • From: Slackware Security Team
• CVE-2017-1500 - Relected XSS in IBM WorkLight OAuth Server Web Api
  • From: gabriele . gristina
• [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPESBGN03766 rev.1 - HPE Project and Portfolio Management (PPM), Remote Cross-Site Scripting
  • From: security-alert
• [CVE-2017-11494] SOL.Connect ISET-mpp meter 1.2.4.2 Authentication Bypass SQL Injection Vulnerability
  • From: andys3c
• [SECURITY] [DSA 3923-1] freerdp security update
  • From: Sebastien Delafond
• FortiOS <= 5.6.0 Multiple XSS Vulnerabilities
  • From: msg
• [security bulletin] HPESBHF03765 rev.1 - HPE ConvergedSystem 700 Solution with Comware v7 Switches using OpenSSL, Remote Denial of Service (DoS) and Disclosure of Sensitive Information
  • From: HPE Product Security Response Team
• [SECURITY] [DSA 3919-1] openjdk-8 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3920-1] qemu security update
  • From: Moritz Muehlenhoff
• [slackware-security] tcpdump (SSA:2017-205-01)
  • From: Slackware Security Team
• SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products
  • From: SEC Consult Vulnerability Lab
• SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products
  • From: SEC Consult Vulnerability Lab
• [RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [SECURITY] [DSA 3917-1] catdoc security update
  • From: Salvatore Bonaccorso
• [slackware-security] seamonkey (SSA:2017-202-01)
  • From: Slackware Security Team
• [security bulletin] HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
  • From: security-alert
• [security bulletin] HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Local Denial of Service (DoS)
  • From: security-alert
• File Upload in Integration Gateway (PSIGW)
  • From: ERPScan inc
• Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)
  • From: ERPScan inc
• Directory Traversal vulnerability in Integration Gateway (PSIGW)
  • From: ERPScan inc
• APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2
  • From: Apple Product Security
• APPLE-SA-2017-07-19-5 Safari 10.1.2
  • From: Apple Product Security
• APPLE-SA-2017-07-19-2 macOS 10.12.6
  • From: Apple Product Security
• APPLE-SA-2017-07-19-3 watchOS 3.2.2
  • From: Apple Product Security
• APPLE-SA-2017-07-19-1 iOS 10.3.3
  • From: Apple Product Security
• APPLE-SA-2017-07-19-6 iTunes 12.6.2
  • From: Apple Product Security
• APPLE-SA-2017-07-19-4 tvOS 10.2.2
  • From: Apple Product Security
• [SECURITY] [DSA 3914-1] imagemagick security update
  • From: Moritz Muehlenhoff
• [CVE-2017-7728] - Authentication Bypass allows alarm's commands execution in iSmartAlarm
  • From: ilia . shnaidman
• CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update
  • From: Maxim Solodovnik
• CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload
  • From: Maxim Solodovnik
• CVE-2017-7663 - Apache OpenMeetings - XSS in chat
  • From: Maxim Solodovnik
• CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation
  • From: Maxim Solodovnik
• CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest
  • From: William A Rowe Jr
• CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2
  • From: William A Rowe Jr
• [SECURITY] [DSA 3908-1] nginx security update
  • From: Moritz Muehlenhoff
• SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products
  • From: SEC Consult Vulnerability Lab
• [CVE request]linux kernel xfrm migrate out-of-bound access
  • From: bo Zhang
• [RT-SA-2017-011] Remote Command Execution in PDNS Manager
  • From: RedTeam Pentesting GmbH
• CVE-2017-4918: Code Injection in VMware Horizon’s macOS Client
  • From: Florian Bogner
• [security bulletin] HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution
  • From: HPE Product Security Response Team
• [security bulletin] HPESBGN03762 rev.1 - HPE Network Node Manager i (NNMi) Software, Remote Bypass Security Restrictions, Cross-Site Scripting (XSS), URL Redirection
  • From: HPE Product Security Response Team
• [security bulletin] HPESBHF03745 rev.2 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
  • From: HPE Product Security Response Team
• [security bulletin] HPESBNS03755 rev.1 - HPE NonStop Server using Samba, Multiple Remote Vulnerabilities
  • From: HPE Product Security Response Team
• CVE-2017-5640 Apache Impala (incubating) Information Disclosure
  • From: Sailesh Mukil
• [SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure
  • From: Sailesh Mukil
• ToorCon 19 Call For Papers Closing This Week!
  • From: h1kari
• [slackware-security] irssi (SSA:2017-190-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3905-1] xorg-server security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3904-1] bind9 security update
  • From: Yves-Alexis Perez
• [slackware-security] php (SSA:2017-188-01)
  • From: Slackware Security Team
• CVE-2017-10974 Yaws Web Server v1.91 Unauthenticated Remote File Disclosure
  • From: hyp3rlinx
• [ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr
  • From: Shalin Shekhar Mangar
• [SYSS-2017-011] Office 365: Insufficient Session Expiration (CWE-613)
  • From: Micha Borrmann
• Firefox v54.0.1 Denial Of Service
  • From: apparitionsec
• KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials
  • From: KoreLogic Disclosures
• KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack
  • From: KoreLogic Disclosures
• KL-001-2017-012 : Barracuda WAF Grub Password Complexity
  • From: KoreLogic Disclosures
• KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure
  • From: KoreLogic Disclosures
• [SECURITY] [DSA 3903-1] tiff security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3902-1] jabberd2 security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBMU02933 rev.3 - HPE SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS)
  • From: HPE Product Security Response Team
• [slackware-security] Slackware 14.0 kernel (SSA:2017-184-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3901-1] libgcrypt20 security update
  • From: Salvatore Bonaccorso
• [CVE-2017-9313] Webmin 1.840 Multiple XSS Vulnerabilities
  • From: andys3c
• InsomniaX loader allows loading of arbitrary Kernel Extensions
  • From: Securify B.V.
• [slackware-security] glibc (SSA:2017-181-01)
  • From: Slackware Security Team
• [slackware-security] kernel (SSA:2017-181-02)
  • From: Slackware Security Team
• Microsoft Dynamic CRM 2016 - Cross-Site Scripting vulnerability
  • From: gregory draperi
• SEC Consult SA-20170630-0 :: Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government
  • From: SEC Consult Vulnerability Lab
• ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability
  • From: EMC Product Security Response Center
• [SECURITY] [DSA 3900-1] openvpn security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 3886-2] linux regression update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3899-1] vlc security update
  • From: Salvatore Bonaccorso
• [slackware-security] kernel (SSA:2017-177-01)
  • From: Slackware Security Team
• [CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c
  • From: wpengfeinudt
• DefenseCode Security Advisory: IBM DB2 Command Line Processor Buffer Overflow
  • From: DefenseCode
• Microsoft Skype v7.2, v7.35 & v7.36 - Stack Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c
  • From: wpengfeinudt
• [CVE-2017-8813] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c
  • From: wpengfeinudt
• [SECURITY] [DSA 3893-1] jython security update
  • From: Salvatore Bonaccorso
• [slackware-security] openvpn (SSA:2017-172-01)
  • From: Slackware Security Team
• Sitecore 7.1-7.2 Cross Site Scripting Vulnerability
  • From: hamedizadi
• [SECURITY] [DSA 3890-1] spip security update
  • From: Salvatore Bonaccorso
• ESA-2017-053: EMC Isilon OneFS Privilege Escalation Vulnerability
  • From: EMC Product Security Response Center
• ESA-2017-054: EMC Avamar Multiple Vulnerabilities
  • From: EMC Product Security Response Center
• CVE-2017-3167: Apache httpd 2.x ap_get_basic_auth_pw authentication bypass
  • From: Jacob Champion
• CVE-2017-7659: mod_http2 null pointer dereference
  • From: Jim Jagielski
• [SECURITY] [DSA 3886-1] linux security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3887-1] glibc security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPESBGN03758 rev.2 - HPE UCMDB, Remote Code Execution
  • From: HPE Product Security Response Team
• Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting
  • From: ghasseminia
• Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting
  • From: ghasseminia
• Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting
  • From: ghasseminia
• ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station
  • From: EMC Product Security Response Center
• June 2017 - Bamboo - Critical Security Advisory
  • From: Atlassian
• [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege
  • From: security-alert
• [SECURITY] [DSA 3882-1] request-tracker4 security update
  • From: Salvatore Bonaccorso
• CVE-2017-9613: Stored Cross-Site Scripting in SAP successfactors
  • From: dunstan . pinto
• [slackware-security] mozilla-firefox (SSA:2017-165-02)
  • From: Slackware Security Team
• [slackware-security] bind (SSA:2017-165-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3881-1] firefox-esr security update
  • From: Moritz Muehlenhoff
• ESA-2017-043: EMC ESRS Virtual Edition Authentication Bypass Vulnerability
  • From: EMC Product Security Response Center
• ESA-2017-031: RSA BSAFE® Cert-C Improper Certificate Processing Vulnerability
  • From: EMC Product Security Response Center
• [SECURITY] [DSA 3880-1] libgcrypt20 security update
  • From: Salvatore Bonaccorso
• Secunia Research: libsndfile "aiff_read_chanmap()" Information Disclosure Vulnerability
  • From: Secunia Research
• SEC Consult SA-20170613-0 :: Access Restriction Bypass in Atlassian Confluence
  • From: SEC Consult Vulnerability Lab
• Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 3877-1] tor security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPESBHF03730 rev.2 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities
  • From: security-alert
• [SECURITY] [DSA 3876-1] otrs2 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3875-1] libmwaw security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPESBUX03759 rev.1 - HP-UX CIFS Sever using Samba, Multiple Remote Vulnerabilities
  • From: security-alert
• [security bulletin] HPESBUX03747 rev.1 - HP-UX running BIND, Remote Denial of Service
  • From: security-alert
• ESA-2017-064: RSA Identity Governance and Lifecycle Multiple Vulnerabilities
  • From: EMC Product Security Response Center
• [SYSS-2017-018] OTRS - Access to Installation Dialog
  • From: sebastian . auwaerter
• [security bulletin] HPESBGN03758 rev.1 - HPE UCMDB, Remote Code Execution
  • From: security-alert
• CVE update - fixed in Apache Ranger 0.7.1
  • From: Velmurugan Periasamy
• [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)
  • From: security-alert
• Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities
  • From: Vulnerability Lab
• Sophos Cyberoam Cross-site scripting (XSS) vulnerability
  • From: bhdresh
• [security bulletin] HPESBGN03752 rev.1 - HPE IceWall using OpenSSL, remote Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
  • From: security-alert
• X41-2017-005 - Multiple Vulnerabilities in peplink balance routers
  • From: X41 D-Sec GmbH Advisories
• [SECURITY] [DSA 3873-1] perl security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3870-1] wordpress security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 3869-1] tnef security update
  • From: Sebastien Delafond
• [CVE-2017-5688] Executable installers are vulnerable^WEVIL (case 52): Intel installation framework allows arbitrary code execution with escalation of privilege
  • From: Stefan Kanthak
• DefenseCode ThunderScan SAST Advisory: WordPress Simple Slideshow Manager Plugin Multiple Security Vulnerabilities
  • From: DefenseCode
• [SECURITY] [DSA 3867-1] sudo security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3866-1] strongswan security update
  • From: Yves-Alexis Perez
• [SECURITY] [DSA 3865-1] mosquitto security update
  • From: Moritz Muehlenhoff
• Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11
  • From: Florian Bogner
• Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Key and Token
  • From: kyle Lovett
• [security bulletin] HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities
  • From: security-alert
• [security bulletin] HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor, Remote Access Restriction Bypass
  • From: security-alert
• [security bulletin] HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification, Local Denial of Service (DoS)
  • From: security-alert
• [SECURITY] [DSA 3863-1] imagemagick security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
  • From: HPE Product Security Response Team
• WebKitGTK+ Security Advisory WSA-2017-0004
  • From: Carlos Alberto Lopez Perez
• [slackware-security] samba (SSA:2017-144-01)
  • From: Slackware Security Team
• [security bulletin] HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution
  • From: security-alert
• DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability
  • From: DefenseCode
• DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability
  • From: DefenseCode
• DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability
  • From: DefenseCode
• [SECURITY] [DSA 3861-1] libtasn1-6 security update
  • From: Sebastien Delafond
• Secunia Research: Microsoft Windows Heap-based Buffer Overflow Vulnerabilities
  • From: Secunia Research
• HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)
  • From: HPE Product Security Response Team
• CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal
  • From: hyp3rlinx
• CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution
  • From: hyp3rlinx
• CVE-2017-9046 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection
  • From: hyp3rlinx