[SECURITY] [DSA 4345-1] samba security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4345-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018

[SECURITY] [DSA 4344-1] roundcube security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4344-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2018

[SECURITY] [DSA 4343-1] liblivemedia security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4343-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 23, 2018

Cory Support v1.0 - Time-Based SQL Injection in Signin

Cory Support v1.0 - Time-Based SQL Injection in 'signin.php'

[slackware-security] openssl (SSA:2018-325-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] openssl (SSA:2018-325-01) New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008

WebKitGTK+ and WPE WebKit Security AdvisoryWSA-2018-0008 Date reported : November 21, 2018 Advisory ID :

[SECURITY] [DSA 4339-2] ceph regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4339-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2018

SEC Consult SA-20181121-0 :: Signature Bypass / Authentication Bypass in Governikus Autent SDK

An additional blog post has been published on this topic as well: English version: https://r.sec-consult.com/governikus German version: https://r.sec-consult.com/gov SEC Consult Vulnerability Lab Security Advisory < 20181121-0 >

SEC Consult SA-20181116-0 :: Multiple critical vulnerabilities in Miss Marple Enterprise Edition

SEC Consult Vulnerability Lab Security Advisory < 20181116-0 > === title: Multiple critical vulnerabilities product: Miss Marple Enterprise Edition vulnerable version: <2.0 fixed version: 2.0

SEC Consult SA-20181114-0 :: Denial of Service in Microsoft Skype for Business

SEC Consult Vulnerability Lab Security Advisory < 20181114-0 > === title: Denial of Service product: Microsoft Skype for Business 2016 / Lync 2013 vulnerable version: Microsoft Skype for Business 2015

[SECURITY] [DSA 4341-1] mariadb-10.1 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4341-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2018

ACM CCS 2019 - Call for Papers

= ACM CCS 2019 The 26th ACM Conference on Computer and Communications Security in London, UK, November 11-15, 2019 http://ccs2019.sigsac.org CALL FOR PAPERS = The

[SECURITY] [DSA 4340-1] chromium-browser security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4340-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert November 18, 2018

Escalation of privilege with Intel Rapid Storage User Interface

Hi @ll, this is the second part of Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver for Windows 10 and Windows Server 2016, version 16.0.2.1086 (Latest), released 2/21/2018, available from

Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.

I. VULNERABILITY - Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. II. CVE REFERENCE - CVE-2018-19288 III. VENDOR - https://www.manageengine.com IV. TIMELINE -

D-LINK Central WifiManager CWM-100 Server Side Request Forgery CVE-2018-15517

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SERVER-SIDE-REQUEST-FORGERY.txt [+] ISR: ApparitionSec ***Greetz: indoushka | Eduardo B.*** [Vendor]

D-LINK Central WifiManager CWM-100 Trojan File SYSTEM Privilege Escalation CVE-2018-15515

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SYSTEM-PRIVILEGE-ESCALATION.txt [+] ISR: ApparitionSec ***Greetz: indoushka | Eduardo B.*** [Vendor]

D-LINK Central WifiManager CWM-100 FTP Server PORT Bounce Scan CVE-2018-15516

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-FTP-SERVER-PORT-BOUNCE-SCAN.txt [+] ISR: ApparitionSec ***Greetz: indoushka | Eduardo B.*** [Vendor]

[CVE-2018-3635] Executable installers are vulnerable^WEVIL (case 59): arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver

Hi @ll, the executable installer of the Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver, version 15.9.0.1015 (LATEST for Windows 7), released 11/14/2017, available from via

Remote Code Execution Vulnerability in ELBA5 Electronic Banking

Remote Code Execution Vulnerability in ELBA5 Electronic Banking Metadata === Affected product: ELBA5 Network Installation (https://www.elba.at) CVSSv3 Score: 10.0

AST-2018-010: Remote crash vulnerability DNS SRV and NAPTR lookups

Asterisk Project Security Advisory - AST-2018-010 ProductAsterisk SummaryRemote crash vulnerability DNS SRV and NAPTR lookups Nature of Advisory Denial Of Service

AST-2018-010:

Asterisk Project Security Advisory - AST-2018-010 ProductAsterisk Remote crash vulnerability DNS SRV and NAPTR lookups Nature of Advisory Denial Of Service

Custom Frontend Login Registration Form (WP Plugin) - Multiple XSS Vulnerabilities

Custom Frontend Login Registration Form v1.01 (WP Plugin) - Multiple XSS Vulnerabilities

[SECURITY] [DSA 4339-1] ceph security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4339-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 13, 2018

[security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information

Note: the current version of the following document is available here: https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03286178 Version: 1 MFSBGN03831 rev. - Service Management Automation, remote

[security bulletin] MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of information

Note: the current version of the following document is available here: https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286177 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03286177 Version: 1 MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of

[security bulletin] MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of data

Note: the current version of the following document is available here: https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286176 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03286176 Version: 1 MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized

[slackware-security] libtiff (SSA:2018-316-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] libtiff (SSA:2018-316-01) New libtiff packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[SECURITY] [DSA 4338-1] qemu security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4338-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 11, 2018

[SECURITY] [DSA 4337-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4337-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 10, 2018

[SECURITY] [DSA 4336-1] ghostscript security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4336-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2018

PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members

=== PeepSo v1.11.2 (WordPress Plugin) - Cross-Site Scripting Vulnerability in “Members" ===

PeepSo v1.11.2 - Time-Based SQL Injection

PeepSo v1.11.2 (WordPress Plugin) - Time-Based SQL Injection

NEW VMSA-2018-0027 VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- VMware Security Advisory Advisory ID: VMSA-2018-0027 Severity:Critical Synopsis:VMware ESXi, Workstation, and Fusion updates address

WP User Manager v2.0.8 - Time-Based SQL Injection

WP User Manager v2.0.8 (WordPress Plugin) - Time-Based SQL Injection

[SECURITY] [DSA 4335-1] nginx security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4335-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2018

[security bulletin] MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution

Note: the current version of the following document is available here: https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03283416 Version: 1 MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized

[slackware-security] mariadb (SSA:2018-309-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mariadb (SSA:2018-309-01) New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities

KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities Title: Dell OpenManage Network Manager Multiple Vulnerabilities Advisory ID: KL-001-2018-009 Publication Date: 2018.11.05 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-009.txt 1.

Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.

I. VULNERABILITY - SQL Injection II. CVE REFERENCE - CVE-2018-18949 III. VENDOR - https://www.manageengine.com IV. TIMELINE - 09/10/18 Vulnerability discovered 09/10/18 Vendor contacted 02/11/2018

[SECURITY] [DSA 4334-1] mupdf security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4334-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 04, 2018

[SECURITY] [DSA 4333-1] icecast2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4333-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 04, 2018

[SECURITY] [DSA 4332-1] ruby2.3 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4332-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2018

[SECURITY] [DSA 4331-1] curl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4331-1 secur...@debian.org https://www.debian.org/security/ Alessandro Ghedini November 02, 2018

[SECURITY] [DSA 4330-1] chromium-browser security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4330-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert November 02, 2018

Disclose Vulnerability

I. VULNERABILITY - Cisco WebEx Meetings Server XML External Entity II. CVE REFERENCE - CVE-2018-18895 III. VENDOR - http://cisco.com IV. TIMELINE 18/09/2018 Vulnerability discovered 19/09/2018

[slackware-security] curl (SSA:2018-304-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] curl (SSA:2018-304-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

October 2018 Sourcetree Advisory

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This email refers to the advisory found at https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2018-10-31 . CVE ID: * CVE-2018-13396. * CVE-2018-13397. Product: Sourcetree. Affected Sourcetree product versions:

OpenText Brava! Enterprise and Brava! Server Components Sensitive Data Exposure

Vulnerable Application: Brava! Enterprise and Brava! Server Components Affected Versions: Brava! Enterprise and Brava! Server Components have this as the default configuration, from Brava! 7.5 to the latest Brava! 16.4 on Windows. Not Affected Versions: Linux installs do not automatically

Zoho ManageEngine OpManager 12.3 allows Self XSS Vulnerability

I. VULNERABILITY - Zoho ManageEngine OpManager 12.3 allows Self XSS Vulnerability II. CVE REFERENCE - CVE-2018-18716 III. VENDOR - https://www.manageengine.com IV. TIMELINE - 09/10/18 Vulnerability

Zoho ManageEngine OpManager 12.3 allows Stored XSS

I. VULNERABILITY - Zoho ManageEngine OpManager 12.3 allows stored XSS II. CVE REFERENCE - CVE-2018-18715 III. VENDOR - https://www.manageengine.com IV. TIMELINE - 09/10/18 Vulnerability discovered

APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update

APPLE-SA-2018-10-30-12 Additional information APPLE-SA-2018-10-08-2 iCloud for Windows 7.7

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-12 Additional information APPLE-SA-2018-10-08-2 iCloud for Windows 7.7 iCloud for Windows 7.7 addresses the following: CFNetwork Available for: Windows 7 and later Impact: An application may be able to execute arbitrary code

APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14 macOS Mojave 10.14 addresses the following: Bluetooth Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (21.5-inch, Late 2013),

APPLE-SA-2018-10-30-10 Additional information for APPLE-SA-2018-9-24-5 watchOS 5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-10 Additional information for APPLE-SA-2018-9-24-5 watchOS 5 watchOS 5 addresses the following: CFNetwork Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system

APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12 iOS 12 addresses the following: Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a

APPLE-SA-2018-10-30-11 Additional information for APPLE-SA-2018-9-24-6 tvOS 12

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-11 Additional information for APPLE-SA-2018-9-24-6 tvOS 12 tvOS 12 addresses the following: Auto Unlock Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to access local users

APPLE-SA-2018-10-30-13 Additional information for APPLE-SA-2018-9-24-2 iTunes 12.9 for Windows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-13 Additional information for APPLE-SA-2018-9-24-2 iTunes 12.9 for Windows iTunes 12.9 for Windows addresses the following: CFNetwork Available for: Windows 7 and later Impact: An application may be able to execute arbitrary

APPLE-SA-2018-10-30-6 iTunes 12.9.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-6 iTunes 12.9.1 iTunes 12.9.1 is now available and addresses the following: CoreCrypto Available for: Windows 7 and later Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly

APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the

APPLE-SA-2018-10-30-7 iCloud for Windows 7.8

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-7 iCloud for Windows 7.8 iCloud for Windows 7.8 is now available and addresses the following: CoreCrypto Available for: Windows 7 and later Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality

APPLE-SA-2018-10-30-5 tvOS 12.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-5 tvOS 12.1 tvOS 12.1 is now available and addresses the following: CoreCrypto Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to

APPLE-SA-2018-10-30-4 watchOS 5.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-4 watchOS 5.1 watchOS 5.1 is now available and addresses the following: AppleAVD Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption

APPLE-SA-2018-10-30-3 Safari 12.0.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-3 Safari 12.0.1 Safari 12.0.1 is now available and addresses the following: Safari Reader Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14 Impact: Enabling the Safari Reader feature on a

APPLE-SA-2018-10-30-1 iOS 12.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-10-30-1 iOS 12.1 iOS 12.1 is now available and addresses the following: AppleAVD Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing malicious video via FaceTime may lead to

[SECURITY] [DSA 4329-1] teeworlds security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4329-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2018

[SECURITY] [DSA 4321-2] graphicsmagick update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4321-2 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2018

[CORE-2018-0005] - ASRock Drivers Elevation of Privilege Vulnerabilities

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ ASRock Drivers Elevation of Privilege Vulnerabilities 1. *Advisory Information* Title: ASRock Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0005 Advisory URL:

[SECURITY] [DSA 4328-1] xorg-server security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4328-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2018

[SECURITY] [DSA 4327-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4327-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2018

[SECURITY] [DSA 4326-1] openjdk-8

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4326-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2018

[SECURITY] [DSA 4325-1] mosquitto security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4325-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond October 25, 2018

[SECURITY] [DSA 4324-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4324-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 24, 2018

[SYSS-2018-028] information leakage with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18566

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Advisory ID: SYSS-2018-028 Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Version(s): <= 5.8.0.12848 Tested Version(s): 5.4.0.10182, 5.8.0.12848 Vulnerability Type:

[SYSS-2018-027] missing X.509 validation with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18568

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Advisory ID: SYSS-2018-027 Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Version(s): <= 5.8.0.12848 Tested Version(s): 5.4.0.10182, 5.8.0.12848 Vulnerability Type:X.509

[SYSS-2018-026] missing X.509 validation with AudioCodes IP Phones (Skype for Business, on-premise) - CVE-2018-18567

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Advisory ID: SYSS-2018-026 Product: 440HD / 450HD IP Phone Manufacturer: AudioCodes Affected Version(s): <= 3.1.2.89 Tested Version(s): VC_3.1.1.43.1, VC_3.1.2.89 Vulnerability Type:

[security bulletin] MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability

Note: the current version of the following document is available here: https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03272900 Version: 1 MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0

[slackware-security] mozilla-firefox (SSA:2018-296-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-296-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

CA20181017-01: Security Notice for CA Identity Governance

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 CA20181017-01: Security Notice for CA Identity Governance Issued: October 17, 2018 Last Updated: October 17, 2018 CA Technologies Support is alerting customers to a low risk issue with CA Identity Governance. In a certain product configuration, an

Question Answer v1.2.30 (WordPress Plugin) - Multiple XSS Vulnerabilities

== Question Answer v1.2.30 (WordPress Plugin) - Multiple Cross-Site Scripting Vulnerabilities ==

SATE VI - Call for Participation

Dear Software Assurance Community, NIST is pleased to announce the kick off of the "Classic Track" of the 6th Static Analysis Tool Exposition, SATE VI! SATE is a non-competitive study of static analysis tool effectiveness, aiming at improving tools and increasing public awareness and

Zoho ManageEngine OpManager 12.3 allows Unrestricted Arbitrary File Upload

I. VULNERABILITY - Zoho ManageEngine OpManager 12.3 allows Unrestricted Arbitrary File Upload II. CVE REFERENCE - CVE-2018-18475 III. VENDOR - https://www.manageengine.com IV. TIMELINE - 19/09/18

Pie Register v3.0.17 (WordPress Plugin) - XSS Vulnerability in Forgot-Password

=== Pie Register v3.0.17 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Forgot-Password

SEC Consult SA-20181009-0 :: Remote Code Execution via XMeye P2P Cloud in Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices (CVE-2018-17915, CVE-2018-17917, CVE-2018-17919)

SEC Consult also published a blog post regarding the identified security issues with further background information: Blog: https://r.sec-consult.com/xmeye SEC Consult Vulnerability Lab Security Advisory < 20181009-0 > ===

Responsive Filemanager 9.8.1 Reflected Cross Site Scripting (XSS)

I. VULNERABILITY - Responsive Filemanager 9.8.1 Reflected Cross Site Scripting (XSS) II. CVE REFERENCE - CVE-2018-18062 III. VENDOR - https://www.responsivefilemanager.com IV. REFERENCES -

Responsive Filemanager 9.8.1 Authentication Bypass

I. VULNERABILITY - Responsive Filemanager 9.8.1 Authentication Bypass II. CVE REFERENCE - CVE-2018-18061 III. VENDOR - https://www.responsivefilemanager.com IV. REFERENCES -

[SECURITY] [DSA 4313-1] linux security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4313-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2018

CVE Request: Sitepress Multilingual CMS Plugin Unauthenticated Stored XSS

## FULL DISCLOSURE #Product : Sitepress Multilingual CMS Plugin #Exploit Author : Rahul Pratap Singh #Version : 3.6.3 and Below #Home page Link : https://wpml.org/ #Website: https://0x62626262.wordpress.com #Date : 08/10/2018 Unauthenticated Stored XSS Vulnerability: —- Description:

APPLE-SA-2018-10-08-2 iCloud for Windows 7.7

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-10-08-2 iCloud for Windows 7.7 iCloud for Windows 7.7 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption

APPLE-SA-2018-10-08-1 iOS 12.0.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-10-08-1 iOS 12.0.1 iOS 12.0.1 is now available and addresses the following: VoiceOver Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local attacker may be able to view photos and

[SECURITY] [DSA 4312-1] tinc security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4312-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2018

[UPDATE][CVE-2018-11797] DoS vulnerability in Apache PDFBox parser

[CVE-2018-11797] DoS vulnerability in Apache PDFBox parser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox <= 1.8.15 Apache PDFBox <= 2.0.11 Earlier, unsupported Apache PDFBox versions may be affected as well Description: A carefully crafted PDF

[SECURITY] [DSA 4311-1] git security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4311-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 05, 2018

[CVE-2018-11797] DoS vulnerability in Apache PDFBox parser

[CVE-2018-11797] DoS vulnerability in Apache PDFBox parser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox <= 1.8.15 Apache PDFBox <= 2.0.11 Earlier, unsupported Apache PDFBox versions may be affected as well Description: A carefully crafted PDF

Pie Register v3.0.15 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Login

= Pie Register v3.0.15 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Login =

[SECURITY] [DSA 4310-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4310-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 03, 2018

[slackware-security] mozilla-firefox (SSA:2018-276-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-276-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+

[SYSS-2018-024] Privilege Escalation in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17872)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Advisory ID: SYSS-2018-024 Product: Collaboration Compliance and Quality Management Platform Manufacturer: Verint Verba Affected Version(s): <= 9.1.1.5482 Tested Version(s): 9.1.1.5482

[SYSS-2018-023] Password leakage in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17871)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Advisory ID: SYSS-2018-023 Product: Collaboration Compliance and Quality Management Platform Manufacturer: Verint Verba Affected Version(s): <= 9.1.1.5482 Tested Version(s): 9.1.1.5482

[SECURITY] [DSA 4309-1] strongswan security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4309-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez October 01, 2018

<    4   5   6   7   8   9   10   11   12   13   >