bugtraq

Messages by Thread

[SECURITY] [DSA 4413-1] ntfs-3g security update Salvatore Bonaccorso
March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities Erin Jensby
[SECURITY] [DSA 4412-1] drupal7 security update Moritz Muehlenhoff
[SECURITY] [DSA 4411-1] firefox-esr security update Moritz Muehlenhoff
[SECURITY] [DSA 4410-1] openjdk-8 security update Moritz Muehlenhoff
[SE-2019-01] Java Card vulnerabilities Security Explorations
[slackware-security] libssh2 (SSA:2019-077-01) Slackware Security Team
[SECURITY] [DSA 4409-1] neutron security update Moritz Muehlenhoff
Gitea 1.7.3 stored HTML injection (XSS) Anti Räis
[SECURITY] [DSA 4408-1] liblivemedia security update Moritz Muehlenhoff
NEW: VMSA-2019-0003 - VMware Horizon update addresses Connection Server information disclosure vulnerability VMware Security Response Center
NEW: VMSA-2019-0002 - VMware Workstation update addresses elevation of privilege issues. VMware Security Response Center
IPv6 Security for IPv4 Engineers Fernando Gont
Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723) David Coomber
[SECURITY] [DSA 4407-1] xmltooling security update Moritz Muehlenhoff
[SECURITY] [DSA 4406-1] waagent security update Moritz Muehlenhoff
Microsoft Windows .Reg File Dialog Box Message Spoofing 0day apparitionsec
[**UPDATED] Microsoft Windows .Reg File Dialog Box Message Spoofing 0day apparitionsec
FlexPaper <= 2.3.6 Remote Command Execution Red Timmy Sec -
- CVE-2019-7727 - JMX/RMI Nice ENGAGE <= 6.5 Remote Command Execution Red Timmy Sec -
- CVE-2018-2879 - anniversary Red Timmy Sec -
[SECURITY] [DSA 4405-1] openjpeg2 security update Luciano Bello
[SECURITY] [DSA 4404-1] chromium security update Michael Gilbert
[SECURITY] [DSA 4403-1] php7.0 security update Moritz Muehlenhoff
[slackware-security] ntp (SSA:2019-067-01) Slackware Security Team
[SECURITY] [DSA 4402-1] mumble security update Moritz Muehlenhoff
SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS) Ece örsel
- SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS) Ece örsel
SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS) Ece örsel
[slackware-security] python (SSA:2019-062-01) Slackware Security Team
[SECURITY] [DSA 4387-2] openssh security update Yves-Alexis Perez
[slackware-security] infozip (SSA:2019-060-01) Slackware Security Team
[SECURITY] [DSA 4401-1] wordpress security update Sebastien Delafond
[SECURITY] [DSA 4400-1] openssl1.0 security update Moritz Muehlenhoff
[SECURITY] [DSA 4399-1] ikiwiki security update Moritz Muehlenhoff
[SECURITY] [DSA 4398-1] php7.0 security update Moritz Muehlenhoff
AST-2019-001: Remote crash vulnerability with SDP protocol violation Asterisk Security Team
[SECURITY] [DSA 4397-1] ldb security update Salvatore Bonaccorso
[CORE-2018-0012] - Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 advisories
[SECURITY] [DSA 4395-2] chromium regression update Michael Gilbert
[slackware-security] openssl (slackware 14.2) (SSA:2019-057-01) Slackware Security Team
SHAREit for Android Authentication Bypass and Remote File Download RedForce Advisory
Defense in depth -- the Microsoft way (part 60): same old sins and incompetence! Stefan Kanthak
[slackware-security] file (SSA:2019-054-01) Slackware Security Team
[SECURITY] [DSA 4377-3] rssh security update Moritz Muehlenhoff
[SRP-2018-02] Details of a vulnerability in STMicroelectronics' chipset Adam Gowdiak
[SAUTH-2019-0001] - Micro Focus Filr Multiple Vulnerabilities advisories
[SECURITY] [DSA 4396-1] ansible security update Moritz Muehlenhoff
[SECURITY] [DSA 4395-1] chromium security update Michael Gilbert
[SECURITY] [DSA 4394-1] rdesktop security update Moritz Muehlenhoff
[SECURITY] [DSA 4393-1] systemd security update Salvatore Bonaccorso
[SECURITY] [DSA 4388-2] mosquitto regression update Salvatore Bonaccorso
CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape Stig Palmquist
[SECURITY] [DSA 4392-1] thunderbird security update Moritz Muehlenhoff
DASAN H665 has vendor backdoor built into BusyBox’s /bin/login Krzysztof Burghardt
[slackware-security] mozilla-thunderbird (SSA:2019-045-01) Slackware Security Team
[SECURITY] [DSA 4391-1] firefox-esr security update Moritz Muehlenhoff
[slackware-security] mozilla-firefox (SSA:2019-044-01) Slackware Security Team
Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702) David Coomber
[slackware-security] lxc (SSA:2019-043-01) Slackware Security Team
CA20190212-01: Security Notice for CA Privileged Access Manager Kevin Kotas
[SECURITY] [DSA 4390-1] flatpak security update Moritz Muehlenhoff
[SECURITY] [DSA 4377-2] rssh regression update Salvatore Bonaccorso
[SECURITY] [DSA 4389-1] libu2f-host security update Sebastien Delafond
[SECURITY] [DSA 4388-1] mosquitto security update Moritz Muehlenhoff
KSA-DEV-001: CVE-2018-19524 : StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals. Kingkaustubh
[SECURITY] [DSA 4387-1] openssh security update Yves-Alexis Perez
WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001 Michael Catanzaro
[slackware-security] php (SSA:2019-038-01) Slackware Security Team
APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS Apple Product Security
APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update Apple Product Security
APPLE-SA-2019-2-07-1 iOS 12.1.4 Apple Product Security
[slackware-security] curl (SSA:2019-037-01) Slackware Security Team
[SECURITY] [DSA 4386-1] curl security update Alessandro Ghedini
FreeBSD Security Advisory FreeBSD-SA-19:02.fd FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-19:01.syscall FreeBSD Security Advisories
[SECURITY] [DSA 4385-1] dovecot security update Salvatore Bonaccorso
SEC Consult SA-20190205-0 :: Multiple vulnerabilities in OSCI-Transport Library 1.2 for German e-Government SEC Consult Vulnerability Lab
[Multiple CVE] - Cisco Identity Services Engine unauth stored XSS to RCE as root Pedro Ribeiro
[SECURITY] [DSA 4384-1] libgd2 security update Salvatore Bonaccorso
[SECURITY] [DSA 4383-1] libvncserver security update Salvatore Bonaccorso
[SECURITY] [DSA 4381-1] libreoffice security update Moritz Muehlenhoff
[SECURITY] [DSA 4382-1] rssh security update Moritz Muehlenhoff
[slackware-security] mariadb (SSA:2019-032-01) Slackware Security Team
[SECURITY] [DSA 4380-1] golang-1.8 security update Moritz Muehlenhoff
[SECURITY] [DSA 4379-1] golang-1.7 security update Moritz Muehlenhoff
[SYSS-2018-032] COYO - Cross-Site Scripting simon . moser
[SYSS-2018-037] Pages for Bitbucket Server - Cross-Site Scripting simon . moser
[slackware-security] Slackware 14.2 kernel (SSA:2019-030-01) Slackware Security Team
[SECURITY] [DSA 4378-1] php-pear security update Salvatore Bonaccorso
[SECURITY] [DSA 4377-1] rssh security update Moritz Muehlenhoff
[SECURITY] [DSA 4376-1] firefox-esr security update Moritz Muehlenhoff
[slackware-security] mozilla-firefox (SSA:2019-029-01) Slackware Security Team
[SECURITY] [DSA 4375-1] spice security update Salvatore Bonaccorso
Fwd: CA20190124-01: Security Notice for CA Automic Workload Automation James Williams
[SECURITY] [DSA 4374-1] qtbase-opensource-src security update Sebastien Delafond
[SECURITY] [DSA 4373-1] coturn security update Yves-Alexis Perez
CVE-2019-6690: Improper Input Validation in python-gnupg Stig Palmquist
Microsoft Windows ".contact" File HTML Injection Mailto: Link Remote Code Execution 0day ZDI-CAN-75 apparitionsec
[SECURITY] [DSA 4372-1] ghostscript security update Salvatore Bonaccorso
SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI) SEC Consult Vulnerability Lab
APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows Apple Product Security
[RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting GmbH
[RT-SA-2018-004] Cisco RV320 Command Injection RedTeam Pentesting GmbH
[RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval RedTeam Pentesting GmbH
[slackware-security] httpd (SSA:2019-022-01) Slackware Security Team
APPLE-SA-2019-1-22-3 watchOS 5.1.3 Apple Product Security
CVE-2018-13042 - 1Password Android < 7.0 - Denial Of Service Valerio Brussani
APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra Apple Product Security
APPLE-SA-2019-1-22-4 tvOS 12.1.2 Apple Product Security
APPLE-SA-2019-1-22-5 Safari 12.0.3 Apple Product Security
APPLE-SA-2019-1-22-6 iCloud for Windows 7.10 Apple Product Security
APPLE-SA-2019-1-22-1 iOS 12.1.3 Apple Product Security
[SECURITY] [DSA 4371-1] apt security update Yves-Alexis Perez
[SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets Security Explorations
[Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE Pedro Ribeiro
CA20190117-01: Security Notice for CA Service Desk Manager Kevin Kotas
Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability Stefan Kanthak
[SECURITY] [DSA 4370-1] drupal7 security update Moritz Muehlenhoff
[SYSS-2018-043] Authentication Bypass in Kentix MultiSensor LAN - CVE-2018-19783 Micha Borrmann
[SYSS-2018-041] Mozilla Firefox - Information Exposure vladimir . bostanov
[SECURITY] [DSA 4367-2] systemd regression update Salvatore Bonaccorso
CVE-2018-13798 Siemens - SICAM A8000 Series Webinterface XXE DoS Advisories
Microsoft Windows VCF File Insufficient UI Warning Remote Code Execution 0day ZDI-CAN-6920 apparitionsec
- Microsoft Windows VCF File Insufficient UI Warning Remote Code Execution 0day ZDI-CAN-6920 apparitionsec
[SECURITY] [DSA 4369-1] xen security update Moritz Muehlenhoff
[SECURITY] [DSA 4368-1] zeromq3 security update Moritz Muehlenhoff
[slackware-security] zsh (SSA:2019-013-01) Slackware Security Team
[SECURITY] [DSA 4367-1] systemd security update Salvatore Bonaccorso
[SECURITY] [DSA 4366-1] vlc security update Moritz Muehlenhoff
[slackware-security] irssi (SSA:2019-011-01) Slackware Security Team
[SYSS-2018-042] XSS in HMS Netbiter WS100 - CVE-2018-19694 Micha Borrmann
[SYSS-2018-011] Portier - Cryptographic Issues christian . pappas
[SYSS-2018-011] Portier - SQL Injection christian . pappas
[SECURITY] [DSA 4365-1] tmpreaper security update Moritz Muehlenhoff
X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser X41 D-Sec GmbH Advisories
SEC Consult SA-20190109-0 :: Multiple Vulnerabilities in Cisco VoIP Phones (88xx series) SEC Consult Vulnerability Lab
System Down: A systemd-journald exploit Qualys Security Advisory
- Re: System Down: A systemd-journald exploit Qualys Security Advisory
[SECURITY] [DSA 4364-1] ruby-loofah security update Moritz Muehlenhoff
[SECURITY] [DSA 4363-1] python-django security update Moritz Muehlenhoff
[SECURITY] [DSA 4362-1] thunderbird security update Moritz Muehlenhoff
[KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability Egidio Romano
[KIS-2018-07] SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability Egidio Romano
[KIS-2018-05] SugarCRM (SaveDropDown) PHP Code Injection Vulnerability Egidio Romano
[KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability Egidio Romano
[KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability Egidio Romano
[KIS-2018-03] SugarCRM (portal_get_related_notes) SQL Injection Vulnerability Egidio Romano
[KIS-2018-02] SugarCRM (WorkFlow module) PHP Code Injection Vulnerability Egidio Romano
[KIS-2018-01] Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability Egidio Romano
Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton
[security bulletin] MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities security-alert
[SECURITY] [DSA 4361-1] libextractor security update Moritz Muehlenhoff
[SECURITY] [DSA 4360-1] libarchive security update Moritz Muehlenhoff
[SECURITY] [DSA 4359-1] wireshark security update Moritz Muehlenhoff
[SECURITY] [DSA 4358-1] ruby-sanitize security update Salvatore Bonaccorso
[SECURITY] [DSA 4346-2] ghostscript regression update Salvatore Bonaccorso
[slackware-security] netatalk (SSA:2018-355-01) Slackware Security Team
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section Murat Aydemir
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section Murat Aydemir
[SECURITY] [DSA 4357-1] libapache-mod-jk security update Salvatore Bonaccorso
[SECURITY] [DSA 4356-1] netatalk security update Salvatore Bonaccorso
[SECURITY] [DSA 4355-1] openssl1.0 security update Moritz Muehlenhoff
FreeBSD Security Advisory FreeBSD-SA-18:15.bootpd FreeBSD Security Advisories
Secunia Research: libexif EXIF_IFD_INTEROPERABILITY / EXIF_IFD_EXIF Denial of Service Vulnerability Secunia Research
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API Murat Aydemir
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009 Michael Catanzaro
[SECURITY] [DSA 4354-1] firefox-esr security update Moritz Muehlenhoff
[security bulletin] MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access security-alert
- [security bulletin] MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access security-alert
[security bulletin] MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities security-alert
[slackware-security] mozilla-firefox (SSA:2018-345-01) Slackware Security Team
Zoho ManageEngine OpManager 12.3 before Build 123237 has XSS via the domainController API. Murat Aydemir
[SECURITY] [DSA 4353-1] php7.0 security update Moritz Muehlenhoff
[slackware-security] php (SSA:2018-341-01) Slackware Security Team
[SECURITY] [DSA 4352-1] chromium-browser security update Michael Gilbert
[SECURITY] [DSA 4351-1] libphp-phpmailer security update Salvatore Bonaccorso
[SECURITY] [DSA 4350-1] policykit-1 security update Moritz Muehlenhoff
APPLE-SA-2018-12-06-1 watchOS 5.1.2 Apple Product Security
[slackware-security] gnutls (SSA:2018-339-01) Slackware Security Team
[slackware-security] nettle (SSA:2018-339-02) Slackware Security Team
APPLE-SA-2018-12-05-6 iCloud for Windows 7.9 Apple Product Security
APPLE-SA-2018-12-05-7 Shortcuts 2.1.2 Apple Product Security
SEC Consult SA-20181205-0 :: Inadequate cryptography implementation in Kerio Control VPN protocol SEC Consult Vulnerability Lab
APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows Apple Product Security
APPLE-SA-2018-12-05-3 tvOS 12.1.1 Apple Product Security
APPLE-SA-2018-12-05-4 Safari 12.0.2 Apple Product Security
APPLE-SA-2018-12-05-1 iOS 12.1.1 Apple Product Security
APPLE-SA-2018-12-05-2 macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra Apple Product Security
Hasan MWB v1.0 - Multiple Time-Based SQL Injections Socket_0x03
FreeBSD Security Advisory FreeBSD-SA-18:14.bhyve FreeBSD Security Advisories
[slackware-security] mozilla-nss (SSA:2018-337-01) Slackware Security Team
CSRF Vulnerability in MicroStrategy Web application wissam . bashour
[SECURITY] [DSA 4349-1] tiff security update Moritz Muehlenhoff
[SECURITY] [DSA 4348-1] openssl security update Moritz Muehlenhoff
SEC Consult SA-20181130-0 :: Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope SEC Consult Vulnerability Lab
[SECURITY] [DSA 4347-1] perl security update Salvatore Bonaccorso
[slackware-security] samba (SSA:2018-333-01) Slackware Security Team
FreeBSD Security Advisory FreeBSD-SA-18:13.nfs FreeBSD Security Advisories
[SECURITY] [DSA 4346-1] ghostscript security update Salvatore Bonaccorso