-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4191-2 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 03, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2018-06-01-5 watchOS 4.3.1
watchOS 4.3.1 addresses the following:
Crash Reporter
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] git (SSA:2018-152-01)
New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4217-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 03, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5,
Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan
macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and
Security Update 2018-003 El Capitan are now available and address
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2018-06-01-2 Safari 11.1.1
Safari 11.1.1 is now available and addresses the following:
Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to cause a
Vendor: Appnitro
Product webpage: https://www.machform.com/
Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/
Fix: https://www.machform.com/blog-machform-423-security-release/
Author: Amine Taouirsa
Twitter: @metalamin
Google dork examples:
--
"machform"
Aloha,
*1. Introduction*
Vendor:NCH Software
Affected Product: AXON PBX - 2.02
Vendor Website:http://www.nch.com.au/pbx/index.html
Vulnerability Type:Reflected XSS
Remote Exploitable:Yes
CVE: CVE-2018-11552
*2. Overview*
There is a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4209-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 25, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4210-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 25, 2018
I. VULNERABILITY
-
Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting
II. CVE REFERENCE
-
CVE-2018-11027
III. VENDOR HOMEPAGE
-
https://www.ruckuswireless.com
IV. DESCRIPTION
-
Ruckus
[Blog post here:
https://wwws.nightwatchcybersecurity.com/2018/05/24/android-os-didnt-use-flag_secure-for-sensitive-settings-cve-2017-13243/]
SUMMARY
Android OS did not use the FLAG_SECURE flag for sensitive settings,
potentially exposing sensitive data to other applications on the same
device
[Title]
PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392)
[Product]
PHP Login & User Management
https://codecanyon.net/item/php-login-user-management/49008
[CVE]
CVE-2018-11392
[Credit]
Reginald Dodd
[Description]
An arbitrary file upload vulnerability in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03164778
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03164778
Version: 1
MFSBGN03808 rev.1 -
CVE-2018-8013:
Apache Batik information disclosure vulnerability
Severity:
Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Batik 1.0 - 1.9.1
Description:
When deserializing subclass of `AbstractDocument`, the class takes a
string from
# Vulnerability type: Server Side Request Forgery
# Vendor: https://www.k2.com/
# Product: K2 Smartforms
# Affected version: 4.6.11
# Credit: Foo Jong Meng
# CVE ID: CVE-2018-9920
# DESCRIPTION:
Server side request forgery exists in the runtime application in K2 smartforms
4.6.11 via a modified
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] procps-ng (SSA:2018-142-03)
New procps-ng packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] mozilla-thunderbird (SSA:2018-142-02)
New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4208-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 22, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01)
New kernel packages are available for Slackware 14.2 to fix a regression in the
getsockopt() function and to fix two denial-of-service security issues.
Here are the details from the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4207-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 22, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4206-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 21, 2018
Qualys Security Advisory
Procps-ng Audit Report
Contents
Summary
1. FUSE-backed /proc/PID/cmdline
2. Unprivileged process hiding
3. Local Privilege
Debian oldstable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4205-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 18,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4204-1 secur...@debian.org
https://www.debian.org/security/ Sebastien Delafond
May 18, 2018
Advisory ID: SYSS-2018-007
Product: ILIAS
Affected Version(s): 5.3.2, 5.2.14, 5.1.25
Tested Version(s): 5.3.2, 5.2.12
Vulnerability Type: Reflected Cross-Site-Scripting
Risk Level: MEDIUM
Solution Status: Fixed
Manufacturer Notification: 2018-03-29
Solution Date: 2018-04-25
Public Disclosure:
MagniComp SysInfo Information Exposure [CVE-2018-7268]
==
The latest version of this advisory is available at:
https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.txt
Overview
MagniComp SysInfo contains a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4203-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 17, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] curl (SSA:2018-136-01)
New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] php (SSA:2018-136-02)
New php packages are available for Slackware 14.0, 14.1, and 14.2 to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4202-1 secur...@debian.org
https://www.debian.org/security/ Alessandro Ghedini
May 16, 2018
Title: Signal-desktop HTML tag injection variant 2
Date Published: 2018-05-16
Last Update: 2018-05-16
CVE Name: CVE-2018-11101
Class: Code injection
Remotely Exploitable: Yes
Locally Exploitable: No
Vendors contacted: Signal.org
Vulnerability Description:
Signal-desktop is the standalone
SEC Consult Vulnerability Lab Security Advisory < 20180516-0 >
===
title: XXE & XSS vulnerabilities
product: RSA Authentication Manager
vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P1
fixed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4201-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 15, 2018
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
# Product: totemomail Encryption Gateway
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
# Product: totemomail Encryption Gateway
#
The following CVE numbers have been assigned now:
XSS issue: CVE-2018-11090
Arbitrary File Upload: CVE-2018-11091
On 2018-05-14 13:25, SEC Consult Vulnerability Lab wrote:
> SEC Consult Vulnerability Lab Security Advisory < 20180514-0 >
>
Title: HTML tag injection in Signal-desktop
Date Published: 14-05-2018
CVE Name: CVE-2018-10994
Class: Code injection
Remotely Exploitable: Yes
Locally Exploitable: No
Vendors contacted: Signal.org
Vulnerability Description:
Signal-desktop is the standalone desktop version of the secure
SEC Consult Vulnerability Lab Security Advisory < 20180514-0 >
===
title: Arbitrary File Upload & Cross-site scripting
product: MyBiz MyProcureNet
vulnerable version: 5.0.0
fixed version: unknown
Vulnerabilities in IBMs Flashsystems and Storwize Products
-
Introduction
Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem
900 and IBM Storwize V7000. These were discovered during a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158656
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03158656
Version: 1
MFSBGN03807 rev.1 - HP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4199-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 10, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] mariadb (SSA:2018-130-01)
New mariadb packages are available for Slackware 14.1 and 14.2 to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158629
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03158629
Version: 2
MFSBGN03802 -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158613
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03158613
Version: 1
MFSBGN03805 - HP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] mozilla-firefox (SSA:2018-129-01)
New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] wget (SSA:2018-129-02)
New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4197-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158061
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03158061
Version: 1
MFSBGN03804 - HP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4198-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158014
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03158014
Version: 1
MFSBGN03806 rev.1 - HP
#
# t2'18 - Call For Papers (Helsinki, Finland) - October 25 - 26, 2018
#
Join us for the 15th anniversary celebrations on Oct 25-26! CFP and ticket
sales are now open.
To truly appreciate the full spectrum of cyber, one simply needs to visit
Helsinki. Sooner or later you need a break from the
Hi @ll,
during installation of Microsoft Office 2003 and newer versions
as well as single components of Microsoft Office products, the
executable of the "Office Source Engine", ose.exe, is copied as
"%TEMP%\ose0.exe" and then executed with elevated privileges.
%TEMP% is writable by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4196-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 08, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-18:06.debugreg Security Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-05-08-1 Additional information for
APPLE-SA-2018-04-24-2 Security Update 2018-001
Security Update 2018-001 addresses the following:
Crash Reporter
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to gain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4195-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 08, 2018
WebKitGTK+ Security Advisory WSA-2018-0004
Date reported : May 07, 2018
Advisory ID: WSA-2018-0004
Advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4193-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 05, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4192-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 04, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] python (SSA:2018-124-01)
New python packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for
Ubuntu 14.04
Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 is
now available and addresses the following:
Swift for Ubuntu
Available for: Ubuntu 14.04
Not impacted: Ubuntu 16.04
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] seamonkey (SSA:2018-123-01)
New seamonkey packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Changelog:
2018-05-03: VMSA-2018-0007.3 Updated in conjunction with the release of
vSphere Data Protection (VDP) 6.1.5 on 2018-05-03.
-BEGIN PGP SIGNATURE-
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4191-1 secur...@debian.org
https://www.debian.org/security/ Sebastien Delafond
May 03, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4190-1 secur...@debian.org
https://www.debian.org/security/ Sebastien Delafond
May 03, 2018
We have published an accompanying blog post to this technical advisory with
further information:
Blog:
https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/
Demo video: https://www.youtube.com/watch?v=YK7_1NozAwQ
SEC Consult Vulnerability Lab Security Advisory <
While I was working on diagnostic device for some of my clients I found
command injections in MSTAR Set-Top box products. Diagnostic device is
not specialy target this vendor but we used it in development phase and
for testing.
Vulnerable functionality is in automatic USB upgrade process. It is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4189-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 02, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
CA20180501-01: Security Notice for CA Spectrum
Issued: May 1st, 2018
Last Updated: May 1st, 2018
CA Technologies Support is alerting customers to a potential risk
with CA Spectrum. A vulnerability exists that can allow an
unauthenticated remote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4188-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 01, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4187-1 secur...@debian.org
https://www.debian.org/security/Ben Hutchings
May 01, 2018
Telekom Security
security.telekom.com
Advisory: Trovebox - Authentication Bypass, SQLi, SSRF
Release Date: 2018/04/30
Author: Robin Verton (robin.ver...@telekom.de)
CVE: requested
Application: Trovebox <= 4.0.0-rc6
CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability
Severity: Critical
Vendor: The Apache Software Foundation
Versions Affected:
All the Apache Hadoop versions from 2.2.0 to 2.7.3
Description:
A user who can escalate to yarn user can possibly run arbitrary commands as
root user.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] libwmf (SSA:2018-120-01)
New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] mozilla-firefox (SSA:2018-120-02)
New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
This email refers to the advisory found at
https://confluence.atlassian.com/x/ERyUO .
CVE ID:
* CVE-2018-5226.
Product: Sourcetree for Windows.
Affected Sourcetree for Windows product versions:
version < 2.5.5.0
Fixed Sourcetree for Windows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4186-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4184-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4183-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4185-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4181-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4182-1 secur...@debian.org
https://www.debian.org/security/ Michael Gilbert
April 28, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] openvpn (SSA:2018-116-01)
New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
FINAL CALL!!
The Call for Papers for the HITB GSEC 2018 Singapore is now open!
Call for Papers: https://gsec.hitb.org/call-for-papers/
Event Website: https://gsec.hitb.org/sg2018/
HITB GSEC is a three-day security conference where attendees
get to vote on the final agenda of talks. Attendees
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4180-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 25, 2018
==
Secunia Research 2018/04/25
Oracle Outside In Technology Use-After-Free Vulnerability
==
Table of Contents
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-04-24-2 Security Update 2018-001
Security Update 2018-001 is now available and addresses the
following:
Crash Reporter
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to gain elevated privileges
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-04-24-1 iOS 11.3.1
iOS 11.3.1 is now available and addresses the following:
Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and
iPod touch 6th generation
Impact: An application may be able to gain elevated
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4,
and 13605.1.33.1.4)
Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4)
is now available and addresses the following:
WebKit
Available for: OS X El Capitan
SEC Consult Vulnerability Lab Security Advisory < 20180424-0 >
===
title: Reflected Cross-Site Scripting
product: Zyxel ZyWALL: see "Vulnerable / tested version"
vulnerable version: ZLD 4.30 and before
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4179-1 secur...@debian.org
https://www.debian.org/security/Ben Hutchings
April 24, 2018
SEC Consult Vulnerability Lab Security Advisory < 20180423-0 >
===
title: Multiple Stored XSS Vulnerabilities
product: WSO2 Carbon, WSO2 Dashboard Server
vulnerable version: WSO2 Identity Server 5.3.0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4176-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 20, 2018
Seagate Media Server path traversal vulnerability
Yorick Koster, September 2017
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4175-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 18, 2018
Hello All,
We have published an initial document describing the origin and impact
of the vulnerabilities discovered in ST chipsets along some rationale
indicating why it's worth to dig further into this case:
http://www.security-explorations.com/materials/se-2011-01-st-impact.pdf
This
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4178-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4177-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2018
Seagate Media Server stored Cross-Site Scripting vulnerability
Yorick Koster, September 2017
1201 - 1300 of 45408 matches
Mail list logo