Bugtraq

Date Index

[Prev Page][Next Page]

[SECURITY] [DSA 4388-1] mosquitto security update, Moritz Muehlenhoff
KSA-DEV-001: CVE-2018-19524 : StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals., Kingkaustubh
[SECURITY] [DSA 4387-1] openssh security update, Yves-Alexis Perez
WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001, Michael Catanzaro
[slackware-security] php (SSA:2019-038-01), Slackware Security Team
APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS, Apple Product Security
APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update, Apple Product Security
APPLE-SA-2019-2-07-1 iOS 12.1.4, Apple Product Security
[slackware-security] curl (SSA:2019-037-01), Slackware Security Team
[SECURITY] [DSA 4386-1] curl security update, Alessandro Ghedini
FreeBSD Security Advisory FreeBSD-SA-19:02.fd, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-19:01.syscall, FreeBSD Security Advisories
[SECURITY] [DSA 4385-1] dovecot security update, Salvatore Bonaccorso
SEC Consult SA-20190205-0 :: Multiple vulnerabilities in OSCI-Transport Library 1.2 for German e-Government, SEC Consult Vulnerability Lab
[Multiple CVE] - Cisco Identity Services Engine unauth stored XSS to RCE as root, Pedro Ribeiro
[SECURITY] [DSA 4384-1] libgd2 security update, Salvatore Bonaccorso
[SECURITY] [DSA 4383-1] libvncserver security update, Salvatore Bonaccorso
[SECURITY] [DSA 4382-1] rssh security update, Moritz Muehlenhoff
[slackware-security] mariadb (SSA:2019-032-01), Slackware Security Team
[SECURITY] [DSA 4381-1] libreoffice security update, Moritz Muehlenhoff
[SECURITY] [DSA 4380-1] golang-1.8 security update, Moritz Muehlenhoff
[SECURITY] [DSA 4379-1] golang-1.7 security update, Moritz Muehlenhoff
[SYSS-2018-032] COYO - Cross-Site Scripting, simon . moser
[SYSS-2018-037] Pages for Bitbucket Server - Cross-Site Scripting, simon . moser
[slackware-security] Slackware 14.2 kernel (SSA:2019-030-01), Slackware Security Team
[SECURITY] [DSA 4378-1] php-pear security update, Salvatore Bonaccorso
[SECURITY] [DSA 4377-1] rssh security update, Moritz Muehlenhoff
[SECURITY] [DSA 4376-1] firefox-esr security update, Moritz Muehlenhoff
[slackware-security] mozilla-firefox (SSA:2019-029-01), Slackware Security Team
[SECURITY] [DSA 4375-1] spice security update, Salvatore Bonaccorso
Fwd: CA20190124-01: Security Notice for CA Automic Workload Automation, James Williams
[SECURITY] [DSA 4374-1] qtbase-opensource-src security update, Sebastien Delafond
[SECURITY] [DSA 4373-1] coturn security update, Yves-Alexis Perez
Microsoft Windows ".contact" File HTML Injection Mailto: Link Remote Code Execution 0day ZDI-CAN-75, apparitionsec
[SECURITY] [DSA 4372-1] ghostscript security update, Salvatore Bonaccorso
CVE-2019-6690: Improper Input Validation in python-gnupg, Stig Palmquist
SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI), SEC Consult Vulnerability Lab
APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows, Apple Product Security
[RT-SA-2018-004] Cisco RV320 Command Injection, RedTeam Pentesting GmbH
[RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval, RedTeam Pentesting GmbH
[RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export, RedTeam Pentesting GmbH
[slackware-security] httpd (SSA:2019-022-01), Slackware Security Team
APPLE-SA-2019-1-22-3 watchOS 5.1.3, Apple Product Security
CVE-2018-13042 - 1Password Android < 7.0 - Denial Of Service, Valerio Brussani
APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, Apple Product Security
APPLE-SA-2019-1-22-4 tvOS 12.1.2, Apple Product Security
APPLE-SA-2019-1-22-5 Safari 12.0.3, Apple Product Security
APPLE-SA-2019-1-22-6 iCloud for Windows 7.10, Apple Product Security
APPLE-SA-2019-1-22-1 iOS 12.1.3, Apple Product Security
[SECURITY] [DSA 4371-1] apt security update, Yves-Alexis Perez
[SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets, Security Explorations
[Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE, Pedro Ribeiro
CA20190117-01: Security Notice for CA Service Desk Manager, Kevin Kotas
Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability, Stefan Kanthak
[SECURITY] [DSA 4370-1] drupal7 security update, Moritz Muehlenhoff
[SYSS-2018-043] Authentication Bypass in Kentix MultiSensor LAN - CVE-2018-19783, Micha Borrmann
[SYSS-2018-041] Mozilla Firefox - Information Exposure, vladimir . bostanov
[SECURITY] [DSA 4367-2] systemd regression update, Salvatore Bonaccorso
CVE-2018-13798 Siemens - SICAM A8000 Series Webinterface XXE DoS, Advisories
Microsoft Windows VCF File Insufficient UI Warning Remote Code Execution 0day ZDI-CAN-6920, apparitionsec
- <Possible follow-ups>
- Microsoft Windows VCF File Insufficient UI Warning Remote Code Execution 0day ZDI-CAN-6920, apparitionsec
[SECURITY] [DSA 4369-1] xen security update, Moritz Muehlenhoff
[SECURITY] [DSA 4368-1] zeromq3 security update, Moritz Muehlenhoff
[slackware-security] zsh (SSA:2019-013-01), Slackware Security Team
[SECURITY] [DSA 4367-1] systemd security update, Salvatore Bonaccorso
[SECURITY] [DSA 4366-1] vlc security update, Moritz Muehlenhoff
[slackware-security] irssi (SSA:2019-011-01), Slackware Security Team
[SYSS-2018-042] XSS in HMS Netbiter WS100 - CVE-2018-19694, Micha Borrmann
[SYSS-2018-011] Portier - Cryptographic Issues, christian . pappas
[SYSS-2018-011] Portier - SQL Injection, christian . pappas
[SECURITY] [DSA 4365-1] tmpreaper security update, Moritz Muehlenhoff
X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser, X41 D-Sec GmbH Advisories
SEC Consult SA-20190109-0 :: Multiple Vulnerabilities in Cisco VoIP Phones (88xx series), SEC Consult Vulnerability Lab
System Down: A systemd-journald exploit, Qualys Security Advisory
- Re: System Down: A systemd-journald exploit, Qualys Security Advisory
[SECURITY] [DSA 4364-1] ruby-loofah security update, Moritz Muehlenhoff
[SECURITY] [DSA 4363-1] python-django security update, Moritz Muehlenhoff
[SECURITY] [DSA 4362-1] thunderbird security update, Moritz Muehlenhoff
[KIS-2018-07] SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability, Egidio Romano
[KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability, Egidio Romano
[KIS-2018-03] SugarCRM (portal_get_related_notes) SQL Injection Vulnerability, Egidio Romano
[KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability, Egidio Romano
[KIS-2018-05] SugarCRM (SaveDropDown) PHP Code Injection Vulnerability, Egidio Romano
[KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability, Egidio Romano
[KIS-2018-02] SugarCRM (WorkFlow module) PHP Code Injection Vulnerability, Egidio Romano
[KIS-2018-01] Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability, Egidio Romano
Asserts considered harmful (or GMP spills its sensitive information), Jeffrey Walton
[security bulletin] MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities, security-alert
[SECURITY] [DSA 4361-1] libextractor security update, Moritz Muehlenhoff
[SECURITY] [DSA 4360-1] libarchive security update, Moritz Muehlenhoff
[SECURITY] [DSA 4359-1] wireshark security update, Moritz Muehlenhoff
[SECURITY] [DSA 4358-1] ruby-sanitize security update, Salvatore Bonaccorso
[SECURITY] [DSA 4346-2] ghostscript regression update, Salvatore Bonaccorso
[slackware-security] netatalk (SSA:2018-355-01), Slackware Security Team
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section, Murat Aydemir
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section, Murat Aydemir
[SECURITY] [DSA 4357-1] libapache-mod-jk security update, Salvatore Bonaccorso
[SECURITY] [DSA 4356-1] netatalk security update, Salvatore Bonaccorso
[SECURITY] [DSA 4355-1] openssl1.0 security update, Moritz Muehlenhoff
FreeBSD Security Advisory FreeBSD-SA-18:15.bootpd, FreeBSD Security Advisories
Secunia Research: libexif EXIF_IFD_INTEROPERABILITY / EXIF_IFD_EXIF Denial of Service Vulnerability, Secunia Research
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API, Murat Aydemir
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009, Michael Catanzaro
[SECURITY] [DSA 4354-1] firefox-esr security update, Moritz Muehlenhoff
[security bulletin] MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access, security-alert
- <Possible follow-ups>
- [security bulletin] MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access, security-alert
[security bulletin] MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities, security-alert
[slackware-security] mozilla-firefox (SSA:2018-345-01), Slackware Security Team
Zoho ManageEngine OpManager 12.3 before Build 123237 has XSS via the domainController API., Murat Aydemir
[SECURITY] [DSA 4353-1] php7.0 security update, Moritz Muehlenhoff
[slackware-security] php (SSA:2018-341-01), Slackware Security Team
[SECURITY] [DSA 4352-1] chromium-browser security update, Michael Gilbert
[SECURITY] [DSA 4351-1] libphp-phpmailer security update, Salvatore Bonaccorso
[SECURITY] [DSA 4350-1] policykit-1 security update, Moritz Muehlenhoff
APPLE-SA-2018-12-06-1 watchOS 5.1.2, Apple Product Security
[slackware-security] gnutls (SSA:2018-339-01), Slackware Security Team
[slackware-security] nettle (SSA:2018-339-02), Slackware Security Team
APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows, Apple Product Security
APPLE-SA-2018-12-05-7 Shortcuts 2.1.2, Apple Product Security
APPLE-SA-2018-12-05-6 iCloud for Windows 7.9, Apple Product Security
SEC Consult SA-20181205-0 :: Inadequate cryptography implementation in Kerio Control VPN protocol, SEC Consult Vulnerability Lab
APPLE-SA-2018-12-05-3 tvOS 12.1.1, Apple Product Security
APPLE-SA-2018-12-05-4 Safari 12.0.2, Apple Product Security
APPLE-SA-2018-12-05-1 iOS 12.1.1, Apple Product Security
APPLE-SA-2018-12-05-2 macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, Apple Product Security
Hasan MWB v1.0 - Multiple Time-Based SQL Injections, Socket_0x03
FreeBSD Security Advisory FreeBSD-SA-18:14.bhyve, FreeBSD Security Advisories
[slackware-security] mozilla-nss (SSA:2018-337-01), Slackware Security Team
CSRF Vulnerability in MicroStrategy Web application, wissam . bashour
[SECURITY] [DSA 4349-1] tiff security update, Moritz Muehlenhoff
[SECURITY] [DSA 4348-1] openssl security update, Moritz Muehlenhoff
SEC Consult SA-20181130-0 :: Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope, SEC Consult Vulnerability Lab
[SECURITY] [DSA 4347-1] perl security update, Salvatore Bonaccorso
[slackware-security] samba (SSA:2018-333-01), Slackware Security Team
FreeBSD Security Advisory FreeBSD-SA-18:13.nfs, FreeBSD Security Advisories
[SECURITY] [DSA 4346-1] ghostscript security update, Salvatore Bonaccorso
[CORE-2018-0011] - Cisco WebEx Meetings Elevation of Privilege Vulnerability, advisories
Avahi 0.7 missing link-local checks in Legacy Unicast Responses cause information disclosure and makes DDoS with mDNS traffic reflection possible, Krzysztof Burghardt
[SECURITY] [DSA 4345-1] samba security update, Salvatore Bonaccorso
[SECURITY] [DSA 4344-1] roundcube security update, Salvatore Bonaccorso
[SECURITY] [DSA 4343-1] liblivemedia security update, Moritz Muehlenhoff
Cory Support v1.0 - Time-Based SQL Injection in Signin, Socket_0x03
[slackware-security] openssl (SSA:2018-325-01), Slackware Security Team
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008, Michael Catanzaro
[SECURITY] [DSA 4339-2] ceph regression update, Salvatore Bonaccorso
SEC Consult SA-20181121-0 :: Signature Bypass / Authentication Bypass in Governikus Autent SDK, SEC Consult Vulnerability Lab
SEC Consult SA-20181116-0 :: Multiple critical vulnerabilities in Miss Marple Enterprise Edition, SEC Consult Vulnerability Lab
SEC Consult SA-20181114-0 :: Denial of Service in Microsoft Skype for Business, SEC Consult Vulnerability Lab
Escalation of privilege with Intel Rapid Storage User Interface, Stefan Kanthak
ACM CCS 2019 - Call for Papers, m.manulis
[SECURITY] [DSA 4340-1] chromium-browser security update, Michael Gilbert
[SECURITY] [DSA 4341-1] mariadb-10.1 security update, Salvatore Bonaccorso
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API., Murat Aydemir
D-LINK Central WifiManager CWM-100 Server Side Request Forgery CVE-2018-15517, apparitionsec
D-LINK Central WifiManager CWM-100 Trojan File SYSTEM Privilege Escalation CVE-2018-15515, apparitionsec
D-LINK Central WifiManager CWM-100 FTP Server PORT Bounce Scan CVE-2018-15516, apparitionsec
[CVE-2018-3635] Executable installers are vulnerable^WEVIL (case 59): arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver, Stefan Kanthak
Remote Code Execution Vulnerability in ELBA5 Electronic Banking, Florian Bogner
AST-2018-010: Remote crash vulnerability DNS SRV and NAPTR lookups, Asterisk Security Team
AST-2018-010:, Asterisk Security Team
Custom Frontend Login Registration Form (WP Plugin) - Multiple XSS Vulnerabilities, Socket_0x03
[SECURITY] [DSA 4339-1] ceph security update, Moritz Muehlenhoff
[security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information, cyber-psrt
[security bulletin] MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of information, cyber-psrt
[security bulletin] MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of data, cyber-psrt
[slackware-security] libtiff (SSA:2018-316-01), Slackware Security Team
[SECURITY] [DSA 4338-1] qemu security update, Moritz Muehlenhoff
[SECURITY] [DSA 4337-1] thunderbird security update, Moritz Muehlenhoff
[SECURITY] [DSA 4336-1] ghostscript security update, Salvatore Bonaccorso
PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members, Socket_0x03
PeepSo v1.11.2 - Time-Based SQL Injection, Socket_0x03
NEW VMSA-2018-0027 VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage, VMware Security Response Center
WP User Manager v2.0.8 - Time-Based SQL Injection, Socket_0x03
[SECURITY] [DSA 4335-1] nginx security update, Moritz Muehlenhoff
[security bulletin] MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution, cyber-psrt
[slackware-security] mariadb (SSA:2018-309-01), Slackware Security Team
KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities, KoreLogic Disclosures
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings., Hakan Bayır
[SECURITY] [DSA 4333-1] icecast2 security update, Moritz Muehlenhoff
[SECURITY] [DSA 4334-1] mupdf security update, Moritz Muehlenhoff
[SECURITY] [DSA 4332-1] ruby2.3 security update, Salvatore Bonaccorso
[SECURITY] [DSA 4331-1] curl security update, Alessandro Ghedini
[SECURITY] [DSA 4330-1] chromium-browser security update, Michael Gilbert
Disclose Vulnerability, alphan yavaş
October 2018 Sourcetree Advisory, Anton Black
[slackware-security] curl (SSA:2018-304-01), Slackware Security Team
OpenText Brava! Enterprise and Brava! Server Components Sensitive Data Exposure, luke . bailiff
Zoho ManageEngine OpManager 12.3 allows Self XSS Vulnerability, Hakan Bayır
Zoho ManageEngine OpManager 12.3 allows Stored XSS, Hakan Bayır
APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan, Apple Product Security
APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12, Apple Product Security
APPLE-SA-2018-10-30-13 Additional information for APPLE-SA-2018-9-24-2 iTunes 12.9 for Windows, Apple Product Security
APPLE-SA-2018-10-30-7 iCloud for Windows 7.8, Apple Product Security
APPLE-SA-2018-10-30-12 Additional information APPLE-SA-2018-10-08-2 iCloud for Windows 7.7, Apple Product Security
APPLE-SA-2018-10-30-11 Additional information for APPLE-SA-2018-9-24-6 tvOS 12, Apple Product Security
APPLE-SA-2018-10-30-6 iTunes 12.9.1, Apple Product Security
APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14, Apple Product Security
APPLE-SA-2018-10-30-10 Additional information for APPLE-SA-2018-9-24-5 watchOS 5, Apple Product Security
APPLE-SA-2018-10-30-5 tvOS 12.1, Apple Product Security
APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra, Apple Product Security
APPLE-SA-2018-10-30-4 watchOS 5.1, Apple Product Security
APPLE-SA-2018-10-30-3 Safari 12.0.1, Apple Product Security
APPLE-SA-2018-10-30-1 iOS 12.1, Apple Product Security
[SECURITY] [DSA 4329-1] teeworlds security update, Moritz Muehlenhoff
[SECURITY] [DSA 4321-2] graphicsmagick update, Moritz Muehlenhoff
[CORE-2018-0005] - ASRock Drivers Elevation of Privilege Vulnerabilities, SecureAuth Advisories Team
[SECURITY] [DSA 4328-1] xorg-server security update, Moritz Muehlenhoff
[SECURITY] [DSA 4327-1] thunderbird security update, Moritz Muehlenhoff
[SECURITY] [DSA 4326-1] openjdk-8, Moritz Muehlenhoff
[SECURITY] [DSA 4325-1] mosquitto security update, Sebastien Delafond
[SECURITY] [DSA 4324-1] firefox-esr security update, Moritz Muehlenhoff
[SYSS-2018-028] information leakage with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18566, Micha Borrmann
[SYSS-2018-027] missing X.509 validation with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18568, Micha Borrmann
[security bulletin] MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability, cyber-psrt
[SYSS-2018-026] missing X.509 validation with AudioCodes IP Phones (Skype for Business, on-premise) - CVE-2018-18567, Micha Borrmann
[slackware-security] mozilla-firefox (SSA:2018-296-01), Slackware Security Team
Question Answer v1.2.30 (WordPress Plugin) - Multiple XSS Vulnerabilities, Socket_0x03
CA20181017-01: Security Notice for CA Identity Governance, Kotas, Kevin J
SATE VI - Call for Participation, Delaitre, Aurelien (IntlAssoc)
Zoho ManageEngine OpManager 12.3 allows Unrestricted Arbitrary File Upload, Murat Aydemir
Pie Register v3.0.17 (WordPress Plugin) - XSS Vulnerability in Forgot-Password, Socket_0x03
SEC Consult SA-20181009-0 :: Remote Code Execution via XMeye P2P Cloud in Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices (CVE-2018-17915, CVE-2018-17917, CVE-2018-17919), SEC Consult Vulnerability Lab
Responsive Filemanager 9.8.1 Reflected Cross Site Scripting (XSS), yavuz atlas
Responsive Filemanager 9.8.1 Authentication Bypass, yavuz atlas
CVE Request: Sitepress Multilingual CMS Plugin Unauthenticated Stored XSS, Rahul Pratap Singh
[SECURITY] [DSA 4313-1] linux security update, Salvatore Bonaccorso
APPLE-SA-2018-10-08-2 iCloud for Windows 7.7, Apple Product Security
APPLE-SA-2018-10-08-1 iOS 12.0.1, Apple Product Security
[SECURITY] [DSA 4312-1] tinc security update, Salvatore Bonaccorso
[UPDATE][CVE-2018-11797] DoS vulnerability in Apache PDFBox parser, Andreas Lehmkuehler
[SECURITY] [DSA 4311-1] git security update, Salvatore Bonaccorso
[CVE-2018-11797] DoS vulnerability in Apache PDFBox parser, Andreas Lehmkuehler
Pie Register v3.0.15 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Login, Socket_0x03
[SECURITY] [DSA 4310-1] firefox-esr security update, Salvatore Bonaccorso
[slackware-security] mozilla-firefox (SSA:2018-276-01), Slackware Security Team
[SYSS-2018-024] Privilege Escalation in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17872), Micha Borrmann
[SYSS-2018-023] Password leakage in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17871), Micha Borrmann
[SECURITY] [DSA 4309-1] strongswan security update, Yves-Alexis Perez
Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument, Securify B.V.
Ivanti Workspace Control Data Security bypass via localhost UNC path, Securify B.V.
SEC Consult SA-20181001-0 :: Password disclosure vulnerability & XSS in PTC ThingWorx (CVE-2018-17216, CVE-2018-17217, CVE-2018-17218), SEC Consult Vulnerability Lab
Ivanti Workspace Control local privilege escalation via Named Pipe, Securify B.V.
Ivanti Workspace Control Application Whitelist bypass via PowerGrid /RWS command line argument, Securify B.V.
Stored credentials Ivanti Workspace Control can be retrieved from Registry, Securify B.V.
[SECURITY] [DSA 4308-1] linux security update, Salvatore Bonaccorso
e2 Security GmbH Advisory 2018-01: MensaMax Android app / Unencrypted transmission and usage of hardcoded encryption key, Stefan Pietsch
[SECURITY] [DSA 4307-1] python3.5 security update, Moritz Muehlenhoff
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007, Michael Catanzaro
[SYSS-2018-014] Bestwebsoft PDF & Print - Cross-Site Scripting, Robin . Trost
[SECURITY] [DSA 4306-1] python2.7 security update, Moritz Muehlenhoff
[waraxe-2018-SA#108] - Username Disclosure in Breadcrumb NavXT Wordpress plugin, come2waraxe
SEC Consult SA-20180926-0 ::, SEC Consult Vulnerability Lab
- Re: SEC Consult SA-20180926-0 :: Stored Cross-Site Scripting in Progress Kendo UI Editor, SEC Consult Vulnerability Lab
SEC Consult SA-20180924-0 :: Multiple Vulnerabilities in Citrix StorageZones Controller, SEC Consult Vulnerability Lab
Integer overflow in Linux's create_elf_tables() (CVE-2018-14634), Qualys Security Advisory
tekno.Portal v0.1b - Cross-Site Scripting Vulnerability in "link.php", Socket_0x03
APPLE-SA-2018-9-24-4 Additional information for APPLE-SA-2018-9-17-1 iOS 12, Apple Product Security
APPLE-SA-2018-9-24-5 Additional information for APPLE-SA-2018-9-17-2 watchOS 5, Apple Product Security
APPLE-SA-2018-9-24-6 Additional information for APPLE-SA-2018-9-17-3 tvOS 12, Apple Product Security
APPLE-SA-2018-9-24-2 iTunes 12.9 for Windows, Apple Product Security
APPLE-SA-2018-9-24-3 Additional information for APPLE-SA-2018-9-17-4 Safari 12, Apple Product Security
APPLE-SA-2018-9-24-1 macOS Mojave 10.14, Apple Product Security
[SECURITY] [DSA 4305-1] strongswan security update, Yves-Alexis Perez
[SECURITY] [DSA 4304-1] firefox-esr security update, Moritz Muehlenhoff
[SECURITY] [DSA 4303-1] okular security update, Moritz Muehlenhoff
[SECURITY] [DSA 4302-1] openafs security update, Salvatore Bonaccorso
[SECURITY] [DSA 4301-1] mediawiki security update, Moritz Muehlenhoff
[slackware-security] mozilla-firefox (SSA:2018-265-01), Slackware Security Team
[SECURITY] [DSA 4300-1] libarchive-zip-perl security update, Salvatore Bonaccorso
[slackware-security] Slackware 14.2 kernel (SSA:2018-264-01), Slackware Security Team
[SYSS-2018-016] Postman - Improper Certificate Validation, ludwig . stage
[SECURITY] [DSA 4299-1] texlive-bin security update, Yves-Alexis Perez
[waraxe-2018-SA#107] - Reflected XSS in FV Flowplayer Wordpress plugin, come2waraxe
AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade, Asterisk Security Team
[SECURITY] [DSA 4298-1] hylafax security update, Moritz Muehlenhoff
OPManager SQL Injection Vulnerability, Murat Aydemir
X41 D-Sec GmbH Security Advisory X41-2018-007: Multiple Vulnerabilities in mgetty, X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-008: Multiple Vulnerabilities in HylaFAX, X41 D-Sec GmbH Advisories
[HITB-Announce] #HITBSecConf2018PEK Call for CTF, Hafez Kamal
[SECURITY] [DSA 4297-1] chromium-browser security update, Michael Gilbert
SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform, SEC Consult Vulnerability Lab
APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS, Apple Product Security
APPLE-SA-2018-9-17-3 tvOS 12, Apple Product Security
race condition in .net core System.IO.Directory.Delete allowing deletion of entire drives, Joshua Hudson
APPLE-SA-2018-9-17-4 Safari 12, Apple Product Security
APPLE-SA-2018-9-17-1 iOS 12, Apple Product Security
APPLE-SA-2018-9-17-2 watchOS 5, Apple Product Security
[SECURITY] [DSA 4295-1] thunderbird security update, Moritz Muehlenhoff
[SECURITY] [DSA 4296-1] mbedtls security update, Moritz Muehlenhoff
[SECURITY] [DSA 4294-1] ghostscript security update, Moritz Muehlenhoff
[SECURITY] [DSA 4273-2] intel-microcode security update, Moritz Muehlenhoff
[slackware-security] php (SSA:2018-257-01), Slackware Security Team
[SECURITY] [DSA 4293-1] discount security update, Alessandro Ghedini
[slackware-security] ghostscript (SSA:2018-256-01), Slackware Security Team
CVE-2018-16242 - oBike Electronic Lock Bypass, Antoine Neuenschwander
CVE-2017-16639 - Tor Browser Deanonymization With SMB, Filippo Cavallarin
Seagate Personal Cloud multiple information disclosure vulnerabilities, Summer of Pwnage
[SYSS-2018-015] HiScout GRC Suite < 3.1.5 - Unrestricted Upload of File with Dangerous Type, sebastian . auwaerter
Disclose SSRF Vulnerability, Alphan Yavaş
- <Possible follow-ups>
- Disclose SSRF Vulnerability, alphan yavaş
FreeBSD Security Advisory FreeBSD-SA-18:12.elf, FreeBSD Security Advisories
[SECURITY] [DSA 4292-1] kamailio security update, Salvatore Bonaccorso
[SECURITY] [DSA 4291-1] mgetty security update, Yves-Alexis Perez
[SECURITY] [DSA 4290-1] libextractor security update, Salvatore Bonaccorso
CVE-2017-16541 details: Deanonymize Tor Browser Users with Automount, Filippo Cavallarin
[SECURITY] [DSA 4289-1] chromium-browser security update, Michael Gilbert
[SECURITY] [DSA 4288-1] ghostscript security update, Moritz Muehlenhoff
[SECURITY] [DSA 4287-1] firefox-esr security update, Moritz Muehlenhoff
[CVE-2018-15876] Ajax BootModal Login Captcha Reuse, Lyderic LEFEBVRE
SEC Consult SA-20180906-0 :: CSV Formula Injection in DokuWiki, SEC Consult Vulnerability Lab
CVE-2017-17762 - XXE Vulnerability in Episerver, Jonas Lejon
Vulnerabilities in KONEs Group Controller (KGC), Sebastian Neuner
[slackware-security] Slackware 14.2 mozilla-thunderbird (SSA:2018-249-04), Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2018-249-03), Slackware Security Team
[slackware-security] curl (SSA:2018-249-01), Slackware Security Team
[slackware-security] ghostscript (SSA:2018-249-02), Slackware Security Team
[SECURITY] [DSA 4286-1] curl security update, Alessandro Ghedini
[SECURITY] [DSA 4285-1] sympa security update, Salvatore Bonaccorso
[SECURITY] [DSA 4284-1] lcms2 security update, Moritz Muehlenhoff
Amcrest Cameras SSL Key Reuse Across installations, jack . m . mckenna
Defense in depth -- the Microsoft way (part 57): installation of security updates fails on Windows Embedded POSReady 2009, Stefan Kanthak
[SECURITY] [DSA 4283-1] ruby-json-jwt security update, Moritz Muehlenhoff
[SECURITY] [DSA 4282-1] trafficserver security update, Moritz Muehlenhoff
CA20180829-03: Security Notice for CA Release Automation, Williams, Ken
CA20180829-02: Security Notice for CA Unified Infrastructure Management, Williams, Ken
CA20180829-01: Security Notice for CA PPM, Williams, Ken
[security bulletin] MFSBGN03812 rev.1 - Application Performance Management, remote cross-site tracing, cyber-psrt
Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489], research
CSNC-2018-015 - ownCloud Impersonate - Authorization Bypass, Advisories
[security bulletin] MFSBGN03821 rev.1 - Micro Focus Hybrid Cloud Management (HCM) containerized suite, Remote Code Execution, cyber-psrt
[security bulletin] MFSBGN03820 rev.1 - Micro Focus Hybrid Cloud Management (HCM) containerized suites, remote code execution, cyber-psrt
[security bulletin] MFSBGN03815 rev.1 - Data Center Automation Containerized (DCA) suite, remote code execution, cyber-psrt
[security bulletin] MFSBGN03818 rev.1 - Micro Focus Operations Bridge containerized suite, Remote Code Execution, cyber-psrt
[security bulletin] MFSBGN03814 rev.1 - Service Management Automation (SMA) containerized, Remote Code Execution, cyber-psrt
[security bulletin] MFSBGN03817 rev.1 - Operations Bridge containerized suite, Remote Code Execution, cyber-psrt
[security bulletin] MFSBGN03813 rev.1 - Network Operations Management (NOM) Suite CDF, Remote Code Execution, cyber-psrt
[SECURITY] [DSA 4281-1] tomcat8 security update, Sebastien Delafond
Signal IOS Remote Memory Exhaustion and Restart, nick . m . mckenna
[slackware-security] Slackware 14.2 kernel (SSA:2018-240-01), Slackware Security Team
[HITB-Announce] Reminder: HITBSecConf2018 Dubai CFP, Hafez Kamal
[CVE-2018-15877] Plainview Activity Monitor RCE, Lydéric LEFEBVRE
- <Possible follow-ups>
- [CVE-2018-15877] Plainview Activity Monitor RCE, Lydéric LEFEBVRE
[SYSS-2018-010] Dojo Toolkit - dojox.grid.DataGrid editing XSS, Moritz Bechler
Couchbase Server - Remote Code Execution, x ksi
- <Possible follow-ups>
- Couchbase Server - Remote Code Execution, x ksi
- Couchbase Server - Remote Code Execution, x ksi
Seagate Media Server multiple SQL injection vulnerabilities, Summer of Pwnage
[SECURITY] [DSA 4279-2] linux regression update, Salvatore Bonaccorso
[ANN] CVE-2018-11776 Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16, Yasser Zamani
[SECURITY] [DSA 4280-1] openssh security update, Sebastien Delafond
Mutiny Monitoring Appliance < 6.1.0-5263 - Command Injection (CVE-2018-15529), reggie . dodd30
[slackware-security] libX11 (SSA:2018-233-01), Slackware Security Team
[SECURITY] [DSA 4279-1] linux security update, Salvatore Bonaccorso
[CVE-2018-15528] Reflected XSS in Java System Solutions SSO Plugin 4.0.13.1 for BMC MyIT, mamurch
[SECURITY] [DSA 4278-1] jetty9 security update, Moritz Muehlenhoff
[slackware-security] ntp (SSA:2018-229-01), Slackware Security Team
[slackware-security] samba (SSA:2018-229-02), Slackware Security Team
[SECURITY] [DSA 4277-1] mutt security update, Salvatore Bonaccorso
[SECURITY] [DSA 4276-1] php-horde-image security update, Sebastien Delafond
[SECURITY] [DSA 4275-1] keystone security update, Moritz Muehlenhoff
[SECURITY] [DSA 4274-1] xen security update, Moritz Muehlenhoff
[SECURITY] [DSA 4273-1] intel-microcode security update, Moritz Muehlenhoff
SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore, SEC Consult Vulnerability Lab
CSNC-2018-016 - ownCloud iOS Application - Cross-Site Scripting, Advisories
CSNC-2018-023 - Atmosphere Framework - Reflected Cross-Site Scripting (XSS), Advisories
FreeBSD Security Advisory FreeBSD-SA-18:11.hostapd, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-18:10.ip, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-18:09.l1tf, FreeBSD Security Advisories
[slackware-security] openssl (SSA:2018-226-01), Slackware Security Team
[SECURITY] [DSA 4272-1] linux security update, Salvatore Bonaccorso
Defense in depth -- the Microsoft way (part 57): all the latest MSVCRT installers allow escalation of privilege, Stefan Kanthak
X41 D-Sec GmbH Security Advisory X41-2018-005: Multiple Vulnerabilities in Apple smartcardservices, X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-004: Multiple Vulnerabilities in Yubico libykneomgr, X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-003: Multiple Vulnerabilities in pam_pkcs11, X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC, X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv, X41 D-Sec GmbH Advisories
[SECURITY] [DSA 4271-1] samba security update, Salvatore Bonaccorso
ASUSTOR NAS ADM - 3.1.0 Remote Command Execution, SQL Injections, kyle Lovett
[SECURITY] [DSA 4267-1] kamailio security update, Salvatore Bonaccorso
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2, Joachim De Zutter
New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability, VMware Security Response Center
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006, Michael Catanzaro
CA20180802-01: Security Notice for CA API Developer Portal, Kotas, Kevin J
[CVE-2018-14429] man-cgi < 1.16 Local File Include, eL_Bart0
FreeBSD Security Advisory FreeBSD-SA-18:08.tcp, FreeBSD Security Advisories
- <Possible follow-ups>
- FreeBSD Security Advisory FreeBSD-SA-18:08.tcp, FreeBSD Security Advisories
RE: [FD] Executable installers are vulnerable^WEVIL (case 56): arbitrary code execution WITH escalation of privilege via rufus*.exe, Andrius Duksta
[SECURITY] [DSA 4266-1] linux security update, Salvatore Bonaccorso
[SECURITY] [DSA 4262-1] symfony security update, Moritz Muehlenhoff
[SECURITY] [DSA 4265-1] xml-security-c security update, Moritz Muehlenhoff
[slackware-security] lftp (SSA:2018-214-01), Slackware Security Team
[SECURITY] [DSA 4260-1] libmspack security update, Salvatore Bonaccorso
Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9, Stefan Kanthak
[slackware-security] blueman (SSA:2018-213-01), Slackware Security Team
CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe, Stefan Kanthak
[SECURITY] [DSA 4259-1] ruby2.3 security update, Moritz Muehlenhoff
[slackware-security] seamonkey (SSA:2018-212-02), Slackware Security Team
[slackware-security] file (SSA:2018-212-01), Slackware Security Team
secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306, Tobias Glemser
[SECURITY] [DSA 4258-1] ffmpeg security update, Moritz Muehlenhoff
[SECURITY] [DSA 4257-1] fuse security update, Salvatore Bonaccorso
[slackware-security] Slackware 14.2 kernel (SSA:2018-208-01), Slackware Security Team
[SECURITY] [DSA 4256-1] chromium-browser security update, Michael Gilbert
[CORE-2018-0009] - SoftNAS Cloud OS Command Injection, Core Security Advisories Team
DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities, Defense Code
DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability, Defense Code
[SECURITY] [DSA 4255-1] ant security update, Salvatore Bonaccorso
DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities, Defense Code
[SECURITY] [DSA 4254-1] slurm-llnl security update, Salvatore Bonaccorso
FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018, Branco, Rodrigo
[SECURITY] [DSA 4253-1] network-manager-vpnc security update, Salvatore Bonaccorso
APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1, Apple Product Security
APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4, Apple Product Security
APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4, Apple Product Security
APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan, Apple Product Security
APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan, Apple Product Security
Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235, Anton Black
[slackware-security] php (SSA:2018-201-01), Slackware Security Team
Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities, Secunia Research
- <Possible follow-ups>
- Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities, Secunia Research
Secunia Research: LibRaw "parse_minolta()" Infinite Loop Denial of Service Vulnerability, Secunia Research
Adobe Systems - Arbitrary Code Injection Vulnerability, Vulnerability Lab
[slackware-security] httpd (SSA:2018-199-01), Slackware Security Team
[SECURITY] [DSA 4252-1] znc security update, Moritz Muehlenhoff
GhostMail - (filename to link) POST Inject Web Vulnerability, Vulnerability Lab
GhostMail - (Status Message) Persistent Web Vulnerability, Vulnerability Lab
Binance v1.5.0 - Insecure File Permission Vulnerability, Vulnerability Lab
[SECURITY] [DSA 4251-1] vlc security update, Moritz Muehlenhoff
Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability, Vulnerability Lab
Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability, Stefan Kanthak
[SECURITY] [DSA 4250-1] wordpress security update, Sebastien Delafond
[slackware-security] mutt (SSA:2018-198-01), Slackware Security Team
[SECURITY] [DSA 4248-1] blender security update, Moritz Muehlenhoff
[SECURITY] [DSA 4249-1] ffmpeg security update, Moritz Muehlenhoff
[CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper, Justin Bull
Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities, Stefan Kanthak
[SECURITY] [DSA 4247-1] ruby-rack-protection security update, Moritz Muehlenhoff
[SECURITY] [DSA 4246-1] mailman security update, Salvatore Bonaccorso
[SECURITY] [DSA 4245-1] imagemagick security update, Moritz Muehlenhoff
[SECURITY] [DSA 4244-1] thunderbird security update, Moritz Muehlenhoff
Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability, Vulnerability Lab
Secunia Research: Clam AntiVirus "parsehwp3_paragraph()" Denial of Service Vulnerability, Secunia Research
SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS, SEC Consult Vulnerability Lab
[security bulletin] MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities, cyber-psrt
Barracuda ADC v5.x - Multiple Persistent Vulnerabilities, Vulnerability Lab
Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability, Vulnerability Lab
[slackware-security] curl (SSA:2018-192-02), Slackware Security Team
[slackware-security] bind (SSA:2018-192-01), Slackware Security Team
[CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities, Core Security Advisories Team
[SECURITY] [DSA 4243-1] cups security update, Luciano Bello
AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities, Vulnerability Lab
Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability, Vulnerability Lab
ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability, Vulnerability Lab
Intel System CU - Buffer Overflow (Denial of Service) Vulnerability, Vulnerability Lab
Secutech DSL WR RIS 330 - Filter Bypass Vulnerability, Vulnerability Lab
SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T, SEC Consult Vulnerability Lab
[slackware-security] mozilla-thunderbird (SSA:2018-191-01), Slackware Security Team
APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows, Apple Product Security
APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan, Apple Product Security
APPLE-SA-2018-7-9-5 Safari 11.1.2, Apple Product Security
APPLE-SA-2018-7-9-2 watchOS 4.3.2, Apple Product Security
APPLE-SA-2018-7-9-6 iCloud for Windows 7.6, Apple Product Security
APPLE-SA-2018-7-9-3 tvOS 11.4.1, Apple Product Security
APPLE-SA-2018-7-9-1 iOS 11.4.1, Apple Product Security
[SECURITY] [DSA 4242-1] ruby-sprockets security update, Salvatore Bonaccorso
[SECURITY] [DSA 4241-1] libsoup2.4 security update, Moritz Muehlenhoff
[slackware-security] mozilla-thunderbird (SSA:2018-186-01), Slackware Security Team
APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0, Apple Product Security
[SECURITY] [DSA 4240-1] php7.0 security update, Moritz Muehlenhoff
SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers, SEC Consult Vulnerability Lab
SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers, SEC Consult Vulnerability Lab
SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers, SEC Consult Vulnerability Lab
[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool, Stefan Kanthak
[SECURITY] [DSA 4239-1] gosa security update, Moritz Muehlenhoff
[SECURITY] [DSA 4238-1] exiv2 security update, Moritz Muehlenhoff
[SECURITY] [DSA 4237-1] chromium-browser security update, Michael Gilbert
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser, Andreas Lehmkuehler
- <Possible follow-ups>
- [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser, Andreas Lehmkuehler
[SECURITY] [DSA 4236-1] xen security update, Moritz Muehlenhoff
APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0, Apple Product Security
TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575), Tim Coen
[SECURITY] [DSA 4235-1] firefox-esr security update, Moritz Muehlenhoff
TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577), Tim Coen
TP-Link TL-WR841N v13: CSRF (CVE-2018-12574), Tim Coen
PRTG < 18.2.39 Command Injection, Josh Berry
[slackware-security] mozilla-firefox (SSA:2018-176-01), Slackware Security Team
KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability, KoreLogic Disclosures
[SECURITY] [DSA 4234-1] lava-server security update, Moritz Muehlenhoff
[SECURITY] [DSA 4233-1] bouncycastle security update, Moritz Muehlenhoff
FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu, FreeBSD Security Advisories
[SECURITY] [DSA 4232-1] xen security update, Moritz Muehlenhoff
[slackware-security] gnupg (SSA:2018-170-01), Slackware Security Team
XSS in Canopy login page, RYT
[SECURITY] [DSA 4229-1] strongswan security update, Yves-Alexis Perez
[SECURITY] [DSA 4231-1] libgcrypt20 security update, Salvatore Bonaccorso
[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF, cyber-psrt
[SECURITY] [DSA 4230-1] redis security update, Moritz Muehlenhoff
[security bulletin] MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF, cyber-psrt
CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018, Branco, Rodrigo
CA20180614-01: Security Notice for CA Privileged Access Manager, Williams, Ken
[SECURITY] [DSA 4228-1] spip security update, Sebastien Delafond
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005, Michael Catanzaro
APPLE-SA-2018-06-13-01 Xcode 9.4.1, Apple Product Security
Multiple Security Issues in Ecos Secure Boot Stick (SBS), Michael Rossberg
Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689, yavuz atlas
CSNC-2018-021 - Vert.x - HTTP Header Injection, Advisories
[SECURITY] [DSA 4227-1] plexus-archiver security update, Salvatore Bonaccorso
DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities, Defense Code
DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi), Defense Code
[SECURITY] [DSA 4226-1] perl security update, Salvatore Bonaccorso
AST-2018-008: PJSIP endpoint presence disclosure when using ACL, Asterisk Security Team
AST-2018-007: Infinite loop when reading iostreams, Asterisk Security Team
[SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release), Security Explorations
[SECURITY] [DSA 4225-1] openjdk-7 security update, Moritz Muehlenhoff
SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect), ch . sangsakul
[slackware-security] gnupg2 (SSA:2018-159-01), Slackware Security Team
[SECURITY] [DSA 4222-1] gnupg2 security update, Salvatore Bonaccorso
[SECURITY] [DSA 4224-1] gnupg security update, Salvatore Bonaccorso
[SECURITY] [DSA 4220-1] firefox-esr security update, Moritz Muehlenhoff
[SECURITY] [DSA 4223-1] gnupg1 security update, Salvatore Bonaccorso
[SECURITY] [DSA 4221-1] libvncserver security update, Moritz Muehlenhoff
Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS), yavuz atlas
[SECURITY] [DSA 4219-1] jruby security update, Sebastien Delafond
DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities, Defense Code
DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities, Defense Code
[slackware-security] mozilla-firefox (SSA:2018-157-01), Slackware Security Team
[SECURITY] [DSA 4218-1] memcached security update, Salvatore Bonaccorso
Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688), yavuz atlas
[slackware-security] git (SSA:2018-152-01), Slackware Security Team
[SECURITY] [DSA 4217-1] wireshark security update, Moritz Muehlenhoff
APPLE-SA-2018-06-01-2 Safari 11.1.1, Apple Product Security
APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan, Apple Product Security
[SECURITY] [DSA 4214-1] zookeeper security update, Moritz Muehlenhoff
[SECURITY] [DSA 4191-2] redmine regression update, Salvatore Bonaccorso
APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows, Apple Product Security
APPLE-SA-2018-06-01-5 watchOS 4.3.1, Apple Product Security
[SECURITY] [DSA 4216-1] prosody security update, Salvatore Bonaccorso
APPLE-SA-2018-06-01-4 iOS 11.4, Apple Product Security
[SECURITY] [DSA 4215-1] batik security update, Sebastien Delafond
[CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities, Core Security Advisories Team
[CORE-2018-0004] - Quest KACE System Management Appliance Multiple Vulnerabilities, Core Security Advisories Team
APPLE-SA-2018-06-01-3 iCloud for Windows 7.5, Apple Product Security
APPLE-SA-2018-06-01-6 tvOS 11.4, Apple Product Security
MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411, Amine Taouirsa
CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Vulnerability, mehta . himanshu21
[SECURITY] [DSA 4209-1] thunderbird security update, Moritz Muehlenhoff
[SECURITY] [DSA 4210-1] xen security update, Moritz Muehlenhoff
Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting, Yavuz Atlas
Android OS Didnt use FLAG_SECURE for Sensitive Settings [CVE-2017-13243], research
PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392), reggie . dodd30
[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting, cyber-psrt
[CVE-2018-8013] Apache Batik information disclosure vulnerability, Simon Steiner
K2 smartforms runtime application - 4.6.11 SSRF, fuming22
[slackware-security] mozilla-thunderbird (SSA:2018-142-02), Slackware Security Team
[SECURITY] [DSA 4208-1] procps security update, Salvatore Bonaccorso
[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01), Slackware Security Team
[slackware-security] procps-ng (SSA:2018-142-03), Slackware Security Team
[SECURITY] [DSA 4207-1] packagekit security update, Salvatore Bonaccorso
[SECURITY] [DSA 4206-1] gitlab security update, Moritz Muehlenhoff
Qualys Security Advisory - Procps-ng Audit Report, Qualys Security Advisory
[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for, Moritz Muehlenhoff
[SECURITY] [DSA 4204-1] imagemagick security update, Sebastien Delafond
[SYSS-2018-007] ILIAS e-Learning - Reflected Cross-Site-Scripting, Moritz Bechler
MagniComp SysInfo Information Exposure [CVE-2018-7268], Harry Sintonen
[SECURITY] [DSA 4203-1] vlc security update, Moritz Muehlenhoff
[slackware-security] curl (SSA:2018-136-01), Slackware Security Team
[slackware-security] php (SSA:2018-136-02), Slackware Security Team
[SECURITY] [DSA 4202-1] curl security update, Alessandro Ghedini
CVE-2018-11101: Signal-desktop HTML tag injection variant 2, Alfredo Ortega
SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager, SEC Consult Vulnerability Lab
[SECURITY] [DSA 4201-1] xen security update, Moritz Muehlenhoff
CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery, Advisories
CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking, Advisories
CVE-2018-10994: HTML tag injection in Signal-desktop, Alfredo Ortega
[SECURITY] [DSA 4200-1] kwallet-pam security update, Moritz Muehlenhoff
SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet, SEC Consult Vulnerability Lab
- Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet, SEC Consult Vulnerability Lab
Vulnerabilities in IBMs Flashsystems and Storwize Products, Sebastian Neuner
[slackware-security] mariadb (SSA:2018-130-01), Slackware Security Team
[SECURITY] [DSA 4199-1] firefox-esr security update, Moritz Muehlenhoff
[security bulletin] MFSBGN03807 rev.1 - HP Service Manager Software, SQL Injection, cyber-psrt
[security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information, cyber-psrt
[slackware-security] mozilla-firefox (SSA:2018-129-01), Slackware Security Team
[slackware-security] wget (SSA:2018-129-02), Slackware Security Team
[SECURITY] [DSA 4198-1] prosody security update, Moritz Muehlenhoff
[SECURITY] [DSA 4197-1] wavpack security updaze, Moritz Muehlenhoff
[security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information, cyber-psrt
[security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities, cyber-psrt
t2'18: Call For Papers 2018 (Helsinki, Finland), Tomi Tuominen
[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy, Stefan Kanthak
[SECURITY] [DSA 4196-1] linux security update, Salvatore Bonaccorso
FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg, FreeBSD Security Advisories
APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001, Apple Product Security
[SECURITY] [DSA 4195-1] wget security update, Salvatore Bonaccorso
WebKitGTK+ Security Advisory WSA-2018-0004, Michael Catanzaro
[SECURITY] [DSA 4194-1] lucene-solr security update, Moritz Muehlenhoff
[SECURITY] [DSA 4193-1] wordpress security update, Salvatore Bonaccorso
[SECURITY] [DSA 4192-1] libmad security update, Moritz Muehlenhoff
CANADIAN JOB VACANCY!!!, SUNCOR ENERGY
[slackware-security] python (SSA:2018-124-01), Slackware Security Team
APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04, Apple Product Security
[slackware-security] seamonkey (SSA:2018-123-01), Slackware Security Team
Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution, VMware Security Response Center
[SECURITY] [DSA 4191-1] redmine security update, Sebastien Delafond
[SECURITY] [DSA 4190-1] jackson-databind security update, Sebastien Delafond
SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM), SEC Consult Vulnerability Lab
Command injections via USB upgrade in MSTAR Set-Top box products, IM
[SECURITY] [DSA 4189-1] quassel security update, Moritz Muehlenhoff
[SECURITY] [DSA 4187-1] linux security update, Ben Hutchings
CA20180501-01: Security Notice for CA Spectrum, Kotas, Kevin J
[SECURITY] [DSA 4188-1] linux security update, Salvatore Bonaccorso
Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF, robin . verton
CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability, Akira Ajisaka
[slackware-security] libwmf (SSA:2018-120-01), Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2018-120-02), Slackware Security Team
Advisory - Sourcetree for Windows - CVE-2018-5226, Atlassian
[SECURITY] [DSA 4185-1] openjdk-8 security update, Moritz Muehlenhoff
[SECURITY] [DSA 4183-1] tor security update, Salvatore Bonaccorso
[SECURITY] [DSA 4184-1] sdl-image1.2 security update, Salvatore Bonaccorso
[SECURITY] [DSA 4186-1] gunicorn security update, Moritz Muehlenhoff
[SECURITY] [DSA 4181-1] roundcube security update, Salvatore Bonaccorso
[SECURITY] [DSA 4182-1] chromium-browser security update, Michael Gilbert
[slackware-security] openvpn (SSA:2018-116-01), Slackware Security Team
[HITB-Announce] HITBGSEC2018 CFP - Final Call, Hafez Kamal
[SECURITY] [DSA 4180-1] drupal7 security update, Salvatore Bonaccorso
Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability, Secunia Research
APPLE-SA-2018-04-24-2 Security Update 2018-001, Apple Product Security
APPLE-SA-2018-04-24-1 iOS 11.3.1, Apple Product Security
APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4), Apple Product Security
[SECURITY] [DSA 4179-1] linux-tools security update, Salvatore Bonaccorso
SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products, SEC Consult Vulnerability Lab
SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server, SEC Consult Vulnerability Lab
Seagate Media Server path traversal vulnerability, Summer of Pwnage
[SECURITY] [DSA 4176-1] mysql-5.5 security update, Salvatore Bonaccorso
[SECURITY] [DSA 4175-1] freeplane security update, Salvatore Bonaccorso
[SE-2011-01] The origin and impact of vulnerabilities in ST chipsets, Security Explorations
[SECURITY] [DSA 4178-1] libreoffice security update, Moritz Muehlenhoff
[SECURITY] [DSA 4177-1] libsdl2-image security update, Moritz Muehlenhoff
Seagate Media Server stored Cross-Site Scripting vulnerability, Summer of Pwnage
[slackware-security] gd (SSA:2018-108-01), Slackware Security Team
WebKitGTK+ Security Advisory WSA-2018-0003, Michael Catanzaro
[SECURITY] [DSA 4174-1] corosync security update, Sebastien Delafond
[SECURITY] [DSA 4173-1] r-cran-readxl security update, Moritz Muehlenhoff
[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information, cyber-psrt
- <Possible follow-ups>
- [security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information, cyber-psrt
[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability, cyber-psrt
[SECURITY] [DSA 4079-2] poppler regression update, Salvatore Bonaccorso
[SECURITY] [DSA 4169-1] pcs security update, Yves-Alexis Perez
Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18), Yves Younan
secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application, Simon Bieber
[SECURITY] [DSA 4170-1] pjproject security update, Moritz Muehlenhoff
Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH, Stefan Kanthak
secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application, Simon Bieber
[SECURITY] [DSA 4168-1] squirrelmail security update, Salvatore Bonaccorso
[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution, RedTeam Pentesting GmbH
[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure, RedTeam Pentesting GmbH
[slackware-security] patch (SSA:2018-096-01), Slackware Security Team
[SECURITY] [DSA 4167-1] sharutils security update, Luciano Bello
Advisory - Fisheye and Crucible - CVE-2018-5223, Atlassian
Advisory - Bamboo - CVE-2018-5224, Atlassian
[SECURITY] [DSA 4166-1] openjdk-7 security update, Moritz Muehlenhoff
FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-18:04.vt, FreeBSD Security Advisories
[SECURITY] [DSA 4165-1] ldap-account-manager security update, Luciano Bello
[SECURITY] [DSA 4164-1] apache2 security update, Salvatore Bonaccorso

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]