[SECURITY] [DSA 4191-2] redmine regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4191-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2018

APPLE-SA-2018-06-01-5 watchOS 4.3.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-06-01-5 watchOS 4.3.1 watchOS 4.3.1 addresses the following: Crash Reporter Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed

[slackware-security] git (SSA:2018-152-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] git (SSA:2018-152-01) New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog:

[SECURITY] [DSA 4217-1] wireshark security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4217-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 03, 2018

APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and Security Update 2018-003 El Capitan are now available and address

APPLE-SA-2018-06-01-2 Safari 11.1.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-06-01-2 Safari 11.1.1 Safari 11.1.1 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may be able to cause a

MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411

Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google dork examples: -- "machform"

CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Vulnerability

Aloha, *1. Introduction* Vendor:NCH Software Affected Product: AXON PBX - 2.02 Vendor Website:http://www.nch.com.au/pbx/index.html Vulnerability Type:Reflected XSS Remote Exploitable:Yes CVE: CVE-2018-11552 *2. Overview* There is a

[SECURITY] [DSA 4209-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4209-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 25, 2018

[SECURITY] [DSA 4210-1] xen security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4210-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 25, 2018

Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting

I. VULNERABILITY - Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting II. CVE REFERENCE - CVE-2018-11027 III. VENDOR HOMEPAGE - https://www.ruckuswireless.com IV. DESCRIPTION - Ruckus

Android OS Didnt use FLAG_SECURE for Sensitive Settings [CVE-2017-13243]

[Blog post here: https://wwws.nightwatchcybersecurity.com/2018/05/24/android-os-didnt-use-flag_secure-for-sensitive-settings-cve-2017-13243/] SUMMARY Android OS did not use the FLAG_SECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device

PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392)

[Title] PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) [Product] PHP Login & User Management https://codecanyon.net/item/php-login-user-management/49008 [CVE] CVE-2018-11392 [Credit] Reginald Dodd [Description] An arbitrary file upload vulnerability in

[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03164778 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03164778 Version: 1 MFSBGN03808 rev.1 -

[CVE-2018-8013] Apache Batik information disclosure vulnerability

CVE-2018-8013: Apache Batik information disclosure vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Batik 1.0 - 1.9.1 Description: When deserializing subclass of `AbstractDocument`, the class takes a string from

K2 smartforms runtime application - 4.6.11 SSRF

# Vulnerability type: Server Side Request Forgery # Vendor: https://www.k2.com/ # Product: K2 Smartforms # Affected version: 4.6.11 # Credit: Foo Jong Meng # CVE ID: CVE-2018-9920 # DESCRIPTION: Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified

[slackware-security] procps-ng (SSA:2018-142-03)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] procps-ng (SSA:2018-142-03) New procps-ng packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[slackware-security] mozilla-thunderbird (SSA:2018-142-02)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2018-142-02) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[SECURITY] [DSA 4208-1] procps security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4208-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2018

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) New kernel packages are available for Slackware 14.2 to fix a regression in the getsockopt() function and to fix two denial-of-service security issues. Here are the details from the

[SECURITY] [DSA 4207-1] packagekit security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4207-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2018

[SECURITY] [DSA 4206-1] gitlab security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4206-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2018

Qualys Security Advisory - Procps-ng Audit Report

Qualys Security Advisory Procps-ng Audit Report Contents Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged process hiding 3. Local Privilege

[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for

Debian oldstable -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4205-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 18,

[SECURITY] [DSA 4204-1] imagemagick security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4204-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond May 18, 2018

[SYSS-2018-007] ILIAS e-Learning - Reflected Cross-Site-Scripting

Advisory ID: SYSS-2018-007 Product: ILIAS Affected Version(s): 5.3.2, 5.2.14, 5.1.25 Tested Version(s): 5.3.2, 5.2.12 Vulnerability Type: Reflected Cross-Site-Scripting Risk Level: MEDIUM Solution Status: Fixed Manufacturer Notification: 2018-03-29 Solution Date: 2018-04-25 Public Disclosure:

MagniComp SysInfo Information Exposure [CVE-2018-7268]

MagniComp SysInfo Information Exposure [CVE-2018-7268] == The latest version of this advisory is available at: https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.txt Overview MagniComp SysInfo contains a

[SECURITY] [DSA 4203-1] vlc security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4203-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2018

[slackware-security] curl (SSA:2018-136-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] curl (SSA:2018-136-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[slackware-security] php (SSA:2018-136-02)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] php (SSA:2018-136-02) New php packages are available for Slackware 14.0, 14.1, and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[SECURITY] [DSA 4202-1] curl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4202-1 secur...@debian.org https://www.debian.org/security/ Alessandro Ghedini May 16, 2018

CVE-2018-11101: Signal-desktop HTML tag injection variant 2

Title: Signal-desktop HTML tag injection variant 2 Date Published: 2018-05-16 Last Update: 2018-05-16 CVE Name: CVE-2018-11101 Class: Code injection Remotely Exploitable: Yes Locally Exploitable: No Vendors contacted: Signal.org Vulnerability Description: Signal-desktop is the standalone

SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager

SEC Consult Vulnerability Lab Security Advisory < 20180516-0 > === title: XXE & XSS vulnerabilities product: RSA Authentication Manager vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P1 fixed

[SECURITY] [DSA 4201-1] xen security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4201-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2018

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery

# # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # Product: totemomail Encryption Gateway #

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking

# # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # Product: totemomail Encryption Gateway #

Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet

The following CVE numbers have been assigned now: XSS issue: CVE-2018-11090 Arbitrary File Upload: CVE-2018-11091 On 2018-05-14 13:25, SEC Consult Vulnerability Lab wrote: > SEC Consult Vulnerability Lab Security Advisory < 20180514-0 > >

CVE-2018-10994: HTML tag injection in Signal-desktop

Title: HTML tag injection in Signal-desktop Date Published: 14-05-2018 CVE Name: CVE-2018-10994 Class: Code injection Remotely Exploitable: Yes Locally Exploitable: No Vendors contacted: Signal.org Vulnerability Description: Signal-desktop is the standalone desktop version of the secure

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet

SEC Consult Vulnerability Lab Security Advisory < 20180514-0 > === title: Arbitrary File Upload & Cross-site scripting product: MyBiz MyProcureNet vulnerable version: 5.0.0 fixed version: unknown

Vulnerabilities in IBMs Flashsystems and Storwize Products

Vulnerabilities in IBMs Flashsystems and Storwize Products - Introduction Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. These were discovered during a

[security bulletin] MFSBGN03807 rev.1 - HP Service Manager Software, SQL Injection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158656 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158656 Version: 1 MFSBGN03807 rev.1 - HP

[SECURITY] [DSA 4199-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4199-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 10, 2018

[slackware-security] mariadb (SSA:2018-130-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mariadb (SSA:2018-130-01) New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158629 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158629 Version: 2 MFSBGN03802 -

[security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158613 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158613 Version: 1 MFSBGN03805 - HP

[slackware-security] mozilla-firefox (SSA:2018-129-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-129-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[slackware-security] wget (SSA:2018-129-02)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] wget (SSA:2018-129-02) New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog:

[SECURITY] [DSA 4197-1] wavpack security updaze

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4197-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2018

[security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158061 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158061 Version: 1 MFSBGN03804 - HP

[SECURITY] [DSA 4198-1] prosody security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4198-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2018

[security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158014 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158014 Version: 1 MFSBGN03806 rev.1 - HP

t2'18: Call For Papers 2018 (Helsinki, Finland)

# # t2'18 - Call For Papers (Helsinki, Finland) - October 25 - 26, 2018 # Join us for the 15th anniversary celebrations on Oct 25-26! CFP and ticket sales are now open. To truly appreciate the full spectrum of cyber, one simply needs to visit Helsinki. Sooner or later you need a break from the

[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy

Hi @ll, during installation of Microsoft Office 2003 and newer versions as well as single components of Microsoft Office products, the executable of the "Office Source Engine", ose.exe, is copied as "%TEMP%\ose0.exe" and then executed with elevated privileges. %TEMP% is writable by

[SECURITY] [DSA 4196-1] linux security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4196-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 08, 2018

FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-18:06.debugreg Security Advisory The FreeBSD Project Topic:

APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 Security Update 2018-001 addresses the following: Crash Reporter Available for: macOS High Sierra 10.13.4 Impact: An application may be able to gain

[SECURITY] [DSA 4195-1] wget security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4195-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 08, 2018

WebKitGTK+ Security Advisory WSA-2018-0004

WebKitGTK+ Security Advisory WSA-2018-0004 Date reported : May 07, 2018 Advisory ID: WSA-2018-0004 Advisory

[SECURITY] [DSA 4193-1] wordpress security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4193-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 05, 2018

[SECURITY] [DSA 4192-1] libmad security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4192-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 04, 2018

[slackware-security] python (SSA:2018-124-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] python (SSA:2018-124-01) New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 is now available and addresses the following: Swift for Ubuntu Available for: Ubuntu 14.04 Not impacted: Ubuntu 16.04

[slackware-security] seamonkey (SSA:2018-123-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] seamonkey (SSA:2018-123-01) New seamonkey packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Changelog: 2018-05-03: VMSA-2018-0007.3 Updated in conjunction with the release of vSphere Data Protection (VDP) 6.1.5 on 2018-05-03. -BEGIN PGP SIGNATURE- Version: Encryption Desktop 10.4.1 (Build 490) Charset: utf-8

[SECURITY] [DSA 4191-1] redmine security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4191-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond May 03, 2018

[SECURITY] [DSA 4190-1] jackson-databind security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4190-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond May 03, 2018

SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM)

We have published an accompanying blog post to this technical advisory with further information: Blog: https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/ Demo video: https://www.youtube.com/watch?v=YK7_1NozAwQ SEC Consult Vulnerability Lab Security Advisory <

Command injections via USB upgrade in MSTAR Set-Top box products

While I was working on diagnostic device for some of my clients I found command injections in MSTAR Set-Top box products. Diagnostic device is not specialy target this vendor but we used it in development phase and for testing. Vulnerable functionality is in automatic USB upgrade process. It is

[SECURITY] [DSA 4189-1] quassel security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4189-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 02, 2018

CA20180501-01: Security Notice for CA Spectrum

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CA20180501-01: Security Notice for CA Spectrum Issued: May 1st, 2018 Last Updated: May 1st, 2018 CA Technologies Support is alerting customers to a potential risk with CA Spectrum. A vulnerability exists that can allow an unauthenticated remote

[SECURITY] [DSA 4188-1] linux security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4188-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2018

[SECURITY] [DSA 4187-1] linux security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4187-1 secur...@debian.org https://www.debian.org/security/Ben Hutchings May 01, 2018

Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF

Telekom Security security.telekom.com Advisory: Trovebox - Authentication Bypass, SQLi, SSRF Release Date: 2018/04/30 Author: Robin Verton (robin.ver...@telekom.de) CVE: requested Application: Trovebox <= 4.0.0-rc6

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability Severity: Critical Vendor: The Apache Software Foundation Versions Affected: All the Apache Hadoop versions from 2.2.0 to 2.7.3 Description: A user who can escalate to yarn user can possibly run arbitrary commands as root user.

[slackware-security] libwmf (SSA:2018-120-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] libwmf (SSA:2018-120-01) New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog:

[slackware-security] mozilla-firefox (SSA:2018-120-02)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-120-02) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

Advisory - Sourcetree for Windows - CVE-2018-5226

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/ERyUO . CVE ID: * CVE-2018-5226. Product: Sourcetree for Windows. Affected Sourcetree for Windows product versions: version < 2.5.5.0 Fixed Sourcetree for Windows

[SECURITY] [DSA 4186-1] gunicorn security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4186-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2018

[SECURITY] [DSA 4184-1] sdl-image1.2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4184-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2018

[SECURITY] [DSA 4183-1] tor security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4183-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2018

[SECURITY] [DSA 4185-1] openjdk-8 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4185-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2018

[SECURITY] [DSA 4181-1] roundcube security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4181-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2018

[SECURITY] [DSA 4182-1] chromium-browser security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4182-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert April 28, 2018

[slackware-security] openvpn (SSA:2018-116-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] openvpn (SSA:2018-116-01) New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog:

[HITB-Announce] HITBGSEC2018 CFP - Final Call

FINAL CALL!! The Call for Papers for the HITB GSEC 2018 Singapore is now open! Call for Papers: https://gsec.hitb.org/call-for-papers/ Event Website: https://gsec.hitb.org/sg2018/ HITB GSEC is a three-day security conference where attendees get to vote on the final agenda of talks. Attendees

[SECURITY] [DSA 4180-1] drupal7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4180-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2018

Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability

== Secunia Research 2018/04/25 Oracle Outside In Technology Use-After-Free Vulnerability == Table of Contents Affected

APPLE-SA-2018-04-24-2 Security Update 2018-001

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-04-24-2 Security Update 2018-001 Security Update 2018-001 is now available and addresses the following: Crash Reporter Available for: macOS High Sierra 10.13.4 Impact: An application may be able to gain elevated privileges

APPLE-SA-2018-04-24-1 iOS 11.3.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-04-24-1 iOS 11.3.1 iOS 11.3.1 is now available and addresses the following: Crash Reporter Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) is now available and addresses the following: WebKit Available for: OS X El Capitan

SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products

SEC Consult Vulnerability Lab Security Advisory < 20180424-0 > === title: Reflected Cross-Site Scripting product: Zyxel ZyWALL: see "Vulnerable / tested version" vulnerable version: ZLD 4.30 and before

[SECURITY] [DSA 4179-1] linux-tools security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4179-1 secur...@debian.org https://www.debian.org/security/Ben Hutchings April 24, 2018

SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server

SEC Consult Vulnerability Lab Security Advisory < 20180423-0 > === title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 5.3.0

[SECURITY] [DSA 4176-1] mysql-5.5 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4176-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2018

Seagate Media Server path traversal vulnerability

Seagate Media Server path traversal vulnerability Yorick Koster, September 2017

[SECURITY] [DSA 4175-1] freeplane security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4175-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2018

[SE-2011-01] The origin and impact of vulnerabilities in ST chipsets

Hello All, We have published an initial document describing the origin and impact of the vulnerabilities discovered in ST chipsets along some rationale indicating why it's worth to dig further into this case: http://www.security-explorations.com/materials/se-2011-01-st-impact.pdf This

[SECURITY] [DSA 4178-1] libreoffice security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4178-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 20, 2018

[SECURITY] [DSA 4177-1] libsdl2-image security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4177-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 20, 2018

Seagate Media Server stored Cross-Site Scripting vulnerability

Seagate Media Server stored Cross-Site Scripting vulnerability Yorick Koster, September 2017

<    8   9   10   11   12   13   14   15   16   17   >