Mail Index

• Thread Index

• Advisory - Bamboo - CVE-2017-14589 CVE-2017-14590
  • From: Atlassian
• b2evolution CMS 6.6.0 - 6.8.10 PHP code execution
  • From: Anti Räis
• CVE-2017-6094 - Genexis GAPS Access Control Vulnerability
  • From: Antoine Neuenschwander
• [security bulletin] MFSBGN03793 rev.2 - Project and Portfolio Management Center, Multiple vulnerabilities
  • From: cyber-psrt
• Intel CPU bug forcing page table switch during syscalls?
  • From: Pavel Machek
• Re "Intel responds to security research findings"
  • From: Ed Maste
• [security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code
  • From: security-alert
• [SECURITY] [DSA 4078-1] linux security update
  • From: Yves-Alexis Perez
• Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• Abyss Web Server < v2.11.6 Memory Heap Corruption (hyp3rlinx / apparitionsec)
  • From: apparitionsec
• Wickr Inc - App Clock & Message Deletion Glitch - Bug Bounty
  • From: Vulnerability Lab
• WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• CVE-2017-17055 Artica Web Proxy v3.06 Remote Code Execution (hyp3rlinx / ApparitionSec)
  • From: apparitionsec
• CVE-2017-16884 Mist Server v2.12 Unauthenticated Persistent XSS (hyp3rlinx / ApparitionSec)
  • From: apparitionsec
• [SECURITY] [DSA 4079-1] poppler security update
  • From: Moritz Muehlenhoff
• Social Media Widget by Acurax [CSRF]
  • From: Panagiotis Vagenas
• CMS Tree Page View [CSRF, Privilege Escalation]
  • From: Panagiotis Vagenas
• Admin Menu Tree Page View [CSRF, Privilege Escalation]
  • From: Panagiotis Vagenas
• SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• APPLE-SA-2018-1-8-1 iOS 11.2.2
  • From: Apple Product Security
• APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update
  • From: Apple Product Security
• APPLE-SA-2018-1-8-3 Safari 11.0.2
  • From: Apple Product Security
• Response to Meltdown and Spectre
  • From: Gordon Tetlow
• [SECURITY] [DSA 4081-1] php5 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4080-1] php7.0 security update
  • From: Moritz Muehlenhoff
• [slackware-security] irssi (SSA:2018-008-01)
  • From: Slackware Security Team
• CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used
  • From: Imre Rad
• [SECURITY] [DSA 4082-1] linux security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.
  • From: security-alert
• Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)
  • From: chunibalon
• DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability
  • From: DefenseCode
• DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability
  • From: DefenseCode
• DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities
  • From: DefenseCode
• WebKitGTK+ Security Advisory WSA-2018-0001
  • From: Carlos Alberto Lopez Perez
• [SECURITY] [DSA 4083-1] poco security update
  • From: Sebastien Delafond
• CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting
  • From: Advisories
• Flash Operator Panel v2.31.03 - Command Execution Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 4084-1] gifsicle security update
  • From: Sebastien Delafond
• Magento Commerce - SSRF & XSPA Web Vulnerability
  • From: Vulnerability Lab
• Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities
  • From: Vulnerability Lab
• MagicSpam 2.0.13 - Insecure File Permission Vulnerability
  • From: Vulnerability Lab
• Magento Connect T1 - (Claim) Persistent Vulnerability
  • From: Vulnerability Lab
• SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability
  • From: Vulnerability Lab
• Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass
  • From: security-alert
• [SECURITY] [DSA 4085-1] xmltooling security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege
  • From: security-alert
• Code execution in Kaseya VSA
  • From: Securify B.V.
• Arbitrary file read in Kaseya VSA
  • From: Securify B.V.
• Broken TLS certificate pinning in VTech DigiGo Kid Connect app
  • From: Summer of Pwnage
• [SECURITY] [DSA 4087-1] transmission security update
  • From: Moritz Muehlenhoff
• Adminer <= v4.3.1 Server Side Request Forgery
  • From: apparitionsec
• Broken TLS certificate validation in VTech DigiGo browser
  • From: Summer of Pwnage
• [SECURITY] [DSA 4086-1] libxml2 security update
  • From: Salvatore Bonaccorso
• Seagate Media Server allows deleting of arbitrary files and folders
  • From: Summer of Pwnage
• Authentication bypass in Kaseya VSA
  • From: Securify B.V.
• Multiple vulnerabilities in VTech DigiGo allow browser overlay attack
  • From: Summer of Pwnage
• [RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2
  • From: RedTeam Pentesting GmbH
• Zenario v7.6 CMS - SQL Injection Web Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 4088-1] gdk-pixbuf security update
  • From: Moritz Muehlenhoff
• MagicSpam 2.0.13 - Insecure File Permission Vulnerability
  • From: Vulnerability Lab
• ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869
  • From: tim . kretschmann
• [SECURITY] [DSA 4089-1] bind9 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4090-1] wordpress security update
  • From: Sebastien Delafond
• [slackware-security] bind (SSA:2018-017-01)
  • From: Slackware Security Team
• [security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities
  • From: security-alert
• [security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.
  • From: security-alert
• [security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation
  • From: security-alert
• [SECURITY] [DSA 4092-1] awstats security update
  • From: Sebastien Delafond
• CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability
  • From: Jason Lowe
• [SECURITY] [DSA 4093-1] openocd security update
  • From: luciano
• CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities
  • From: Vulnerability Lab
• Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security)
  • From: apparitionsec
• Photo Vault v1.2 iOS - Insecure Authentication Vulnerability
  • From: Vulnerability Lab
• Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities
  • From: Vulnerability Lab
• CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities
  • From: Vulnerability Lab
• Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• [SECURITY] [DSA 4094-1] smarty3 security update
  • From: Luciano Bello
• [security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.
  • From: security-alert
• SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications
  • From: SEC Consult Vulnerability Lab
• DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities
  • From: DefenseCode
• APPLE-SA-2018-1-23-5 Safari 11.0.3
  • From: Apple Product Security
• APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows
  • From: Apple Product Security
• APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan
  • From: Apple Product Security
• APPLE-SA-2018-1-23-1 iOS 11.2.5
  • From: Apple Product Security
• APPLE-SA-2018-1-23-3 watchOS 4.2.2
  • From: Apple Product Security
• APPLE-SA-2018-1-23-7 iCloud for Windows 7.3
  • From: Apple Product Security
• APPLE-SA-2018-1-23-4 tvOS 11.2.5
  • From: Apple Product Security
• CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability
  • From: Akira Ajisaka
• WebKitGTK+ Security Advisory WSA-2018-0002
  • From: Carlos Alberto Lopez Perez
• [SECURITY] [DSA 4096-1] firefox-esr security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4095-1] gcab security update
  • From: Salvatore Bonaccorso
• [slackware-security] curl (SSA:2018-024-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4097-1] poppler security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPESBHF03809 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Authentication Restriction Bypass
  • From: security-alert
• [security bulletin] HPESBHF03813 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
  • From: security-alert
• [security bulletin] HPESBHF03815 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
  • From: security-alert
• [security bulletin] HPESBHF03810 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPESBHF03808 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
  • From: security-alert
• KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability
  • From: KoreLogic Disclosures
• [security bulletin] HPESBHF03812 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities
  • From: security-alert
• [slackware-security] mozilla-thunderbird (SSA:2018-025-01)
  • From: Slackware Security Team
• [security bulletin] HPESBHF03811 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities
  • From: security-alert
• [security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification
  • From: security-alert
• [SECURITY] [DSA 4100-1] tiff security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4101-1] wireshark security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4099-1] ffmpeg security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4098-1] curl security update
  • From: Alessandro Ghedini
• [SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
  • From: matthias . deeg
• Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities
  • From: Secunia Research
• Defense in depth -- the Microsoft way (part 49): fun with application manifests
  • From: Stefan Kanthak
• [SECURITY] [DSA 4094-2] smarty3 security update
  • From: Luciano Bello
• SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433
  • From: SEC Consult Vulnerability Lab