Mail Thread Index

• Date Index

• [slackware-security] libpng (SSA:2016-365-01), Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2016-365-02), Slackware Security Team
• [slackware-security] seamonkey (SSA:2016-365-03), Slackware Security Team
• Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability, Pedro Santos
• [SECURITY] [DSA 3750-1] libphp-phpmailer security update, Thijs Kinkhorst
• 0-day: QNAP NAS Devices suffer of heap overflow, bashis
• [SECURITY] [DSA 3750-2] libphp-phpmailer regression update, Thijs Kinkhorst
• [security bulletin] HPSBGN03688 rev.1 - HPE Operations Orchestration, Remote Code Execution, security-alert
• ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities, EMC Product Security Response Center
• [SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure, Mark Thomas
• [SECURITY] [DSA 3753-1] libvncserver security update, Sebastien Delafond
• QuickBooks 2017 Admin Credentials Disclosure, info
• Directadmin ControlPanel 1.50.1 Cross-Site-Scripting Vulnerability, iedb . team
• ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability, EMC Product Security Response Center
  • <Possible follow-ups>
  • ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability, EMC Product Security Response Center
  • ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability, EMC Product Security Response Center
• Directadmin ControlPanel 1.50.1 denial of service Vulnerability, iedb . team
• FreeBSD Security Advisory FreeBSD-SA-17:01.openssh, FreeBSD Security Advisories
• Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability, Vulnerability Lab
• BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability, Vulnerability Lab
• Bit Defender #39 - Auth Token Bypass Vulnerability, Vulnerability Lab
• Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability, Vulnerability Lab
• Re: [oss-security] Docker 1.12.6 - Security Advisory, Andreas Stieger
• [SECURITY] [DSA 3757-1] icedove security update, Moritz Muehlenhoff
• IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced, Andrea Barisani
• Multiple Vulnerabilities in cPanel, Open Security
• [SECURITY] [DSA 3758-1] bind9 security update, Florian Weimer
• CA20170109-01: Security Notice for CA Service Desk Manager, Kotas, Kevin J
• [slackware-security] gnutls (SSA:2017-011-02), Slackware Security Team
• [slackware-security] bind (SSA:2017-011-01), Slackware Security Team
• CVE-2017-5350: Unexpected SystemUI FC driven by arbitrary application, unlimitsec
• [SECURITY] [DSA 3760-1] ikiwiki security update, Moritz Muehlenhoff
• ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers), Fernando Gont
• [security bulletin] HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 3764-1] pdns security update, Salvatore Bonaccorso
• [security bulletin] HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities, security-alert
• [security bulletin] HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click Jacking, security-alert
• [SECURITY] [DSA 3765-1] icoutils security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3743-2] python-bottle regression update, Sebastien Delafond
• [SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue, Joe Witt
• ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability, EMC Product Security Response Center
• ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability, EMC Product Security Response Center
• [security bulletin] HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities, security-alert
• [RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection, Julien Ahrens
• Novel Contributions to the Field - How I broke MySQL's codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day, lem . nikolas
• Novel Contributions to the field - How I broke MySQL's code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day, Nicholas Lemonias.
• [SECURITY] [DSA 3767-1] mysql-5.5 security update, Salvatore Bonaccorso
• NTOPNG Web Interface v2.4 CSRF Token Bypass, hyp3rlinx
• Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution, Stefan Kanthak
• [SECURITY] [DSA 3769-1] libphp-swiftmailer security update, Sebastien Delafond
• [SECURITY] [DSA 3770-1] mariadb-10.0 security update, Salvatore Bonaccorso
• Microsoft Remote Desktop Client for Mac Remote Code Execution - Update, Filippo Cavallarin
• ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability, EMC Product Security Response Center
• ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability, EMC Product Security Response Center
• APPLE-SA-2017-01-23-1 iOS 10.2.1, Apple Product Security
• APPLE-SA-2017-01-23-3 watchOS 3.1.3, Apple Product Security
• APPLE-SA-2017-01-23-4 tvOS 10.1.1, Apple Product Security
• APPLE-SA-2017-01-23-5 Safari 10.0.3, Apple Product Security
• APPLE-SA-2017-01-23-2 macOS 10.12.3, Apple Product Security
• APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1, Apple Product Security
• APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5, Apple Product Security
• [slackware-security] mozilla-firefox (SSA:2017-023-01), Slackware Security Team
• [ERPSCAN-17-005] Oracle PeopleSoft - XSS vulnerability CVE-2017-3300, ERPScan inc
• CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS, ERPScan inc
• [security bulletin] HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information, security-alert
• Cisco Security Advisory: Cisco WebEx Browser Extension Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBHF03441 rev.2 - HPE iLO 3, iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities, security-alert
• [security bulletin] HPSBHF03695 rev.1 - HPE Ethernet Adaptors, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBST03642 rev.3 - HPE StoreVirtual Products running LeftHand OS using OpenSSL and OpenSSH, Remote Arbitrary Code Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access, security-alert
• OpenCart 2.3.0.2 CSRF - User Account Takeover, Open Security
• ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability, EMC Product Security Response Center
• Cisco Security Advisory: Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability, Summer of Pwnage
• [SECURITY] [DSA 3771-1] firefox-esr security update, Moritz Muehlenhoff
• PEAR HTTP_Upload v1.0.0b3 Arbitrary File Upload, hyp3rlinx
• ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability, EMC Product Security Response Center
• ESA-2016-132: EMC RecoverPoint Multiple Vulnerabilities, EMC Product Security Response Center
• ESA-2016-160: EMC Data Domain DD OS Command Injection Vulnerability, EMC Product Security Response Center
• ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities, EMC Product Security Response Center
• [SECURITY] [DSA 3772-1] libxpm security update, Salvatore Bonaccorso
• CA20170126-01: Security Notice for CA Common Services casrvc, Kotas, Kevin J
• [slackware-security] mozilla-thunderbird (SSA:2017-026-01), Slackware Security Team
• Secunia Research: Oracle Outside In VSDX Use-After-Free Vulnerability, Secunia Research
• ESA-2016-037: EMC PowerPath Management Appliance Information Disclosure Vulnerability, EMC Product Security Response Center
• ESA-2016-154: RSA BSAFE® Crypto-J Multiple Security Vulnerabilities, EMC Product Security Response Center
• ESA-2016-133: EMC Data Protection Advisor Path Traversal Vulnerability, EMC Product Security Response Center
• [SECURITY] [DSA 3773-1] openssl security update, Moritz Muehlenhoff
• CVE-2017-3160: Gradle Distribution URL used by Cordova-Android does not use https by default, bowserj
• Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin, Summer of Pwnage
• Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin, Summer of Pwnage
• secuvera-SA-2017-01: Privilege escalation in an OPSI Managed Client environment ("rise of the machines"), sbieber
• Secunia Research: libarchive "lha_read_file_header_1()" Out-Of-Bounds Memory Access Denial of Service Vulnerability, Secunia Research
• [security bulletin] HPESBMU03701 rev.1 - HPE Smart Storage Administrator, Remote Arbitrary Code Execution, security-alert
• [REVIVE-SA-2017-001] Revive Adserver - Multiple vulnerabilities, Matteo Beccati
• ESA-2016-094: RSA BSAFE Micro Edition Suite Multiple Vulnerabilities, EMC Product Security Response Center