Mail Index

• Thread Index

• Zoho ManageEngine OpManager 12.3 allows Stored XSS
  • From: Hakan Bayır
• Zoho ManageEngine OpManager 12.3 allows Self XSS Vulnerability
  • From: Hakan Bayır
• OpenText Brava! Enterprise and Brava! Server Components Sensitive Data Exposure
  • From: luke . bailiff
• October 2018 Sourcetree Advisory
  • From: Anton Black
• [slackware-security] curl (SSA:2018-304-01)
  • From: Slackware Security Team
• Disclose Vulnerability
  • From: alphan yavaş
• [SECURITY] [DSA 4330-1] chromium-browser security update
  • From: Michael Gilbert
• [SECURITY] [DSA 4331-1] curl security update
  • From: Alessandro Ghedini
• [SECURITY] [DSA 4332-1] ruby2.3 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4333-1] icecast2 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4334-1] mupdf security update
  • From: Moritz Muehlenhoff
• Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
  • From: Hakan Bayır
• KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities
  • From: KoreLogic Disclosures
• [slackware-security] mariadb (SSA:2018-309-01)
  • From: Slackware Security Team
• [security bulletin] MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution
  • From: cyber-psrt
• [SECURITY] [DSA 4335-1] nginx security update
  • From: Moritz Muehlenhoff
• WP User Manager v2.0.8 - Time-Based SQL Injection
  • From: Socket_0x03
• NEW VMSA-2018-0027 VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage
  • From: VMware Security Response Center
• PeepSo v1.11.2 - Time-Based SQL Injection
  • From: Socket_0x03
• PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members
  • From: Socket_0x03
• [SECURITY] [DSA 4336-1] ghostscript security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4338-1] qemu security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4337-1] thunderbird security update
  • From: Moritz Muehlenhoff
• [slackware-security] libtiff (SSA:2018-316-01)
  • From: Slackware Security Team
• [security bulletin] MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of data
  • From: cyber-psrt
• [security bulletin] MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of information
  • From: cyber-psrt
• [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information
  • From: cyber-psrt
• [SECURITY] [DSA 4339-1] ceph security update
  • From: Moritz Muehlenhoff
• Custom Frontend Login Registration Form (WP Plugin) - Multiple XSS Vulnerabilities
  • From: Socket_0x03
• AST-2018-010:
  • From: Asterisk Security Team
• AST-2018-010: Remote crash vulnerability DNS SRV and NAPTR lookups
  • From: Asterisk Security Team
• Remote Code Execution Vulnerability in ELBA5 Electronic Banking
  • From: Florian Bogner
• [CVE-2018-3635] Executable installers are vulnerable^WEVIL (case 59): arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver
  • From: Stefan Kanthak
• D-LINK Central WifiManager CWM-100 FTP Server PORT Bounce Scan CVE-2018-15516
  • From: apparitionsec
• D-LINK Central WifiManager CWM-100 Trojan File SYSTEM Privilege Escalation CVE-2018-15515
  • From: apparitionsec
• D-LINK Central WifiManager CWM-100 Server Side Request Forgery CVE-2018-15517
  • From: apparitionsec
• [SECURITY] [DSA 4340-1] chromium-browser security update
  • From: Michael Gilbert
• Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
  • From: Murat Aydemir
• [SECURITY] [DSA 4341-1] mariadb-10.1 security update
  • From: Salvatore Bonaccorso
• Escalation of privilege with Intel Rapid Storage User Interface
  • From: Stefan Kanthak
• ACM CCS 2019 - Call for Papers
  • From: m.manulis
• SEC Consult SA-20181114-0 :: Denial of Service in Microsoft Skype for Business
  • From: SEC Consult Vulnerability Lab
• SEC Consult SA-20181116-0 :: Multiple critical vulnerabilities in Miss Marple Enterprise Edition
  • From: SEC Consult Vulnerability Lab
• SEC Consult SA-20181121-0 :: Signature Bypass / Authentication Bypass in Governikus Autent SDK
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4339-2] ceph regression update
  • From: Salvatore Bonaccorso
• WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008
  • From: Michael Catanzaro
• [slackware-security] openssl (SSA:2018-325-01)
  • From: Slackware Security Team
• Cory Support v1.0 - Time-Based SQL Injection in Signin
  • From: Socket_0x03
• [SECURITY] [DSA 4343-1] liblivemedia security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4344-1] roundcube security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4345-1] samba security update
  • From: Salvatore Bonaccorso
• Avahi 0.7 missing link-local checks in Legacy Unicast Responses cause information disclosure and makes DDoS with mDNS traffic reflection possible
  • From: Krzysztof Burghardt
• [CORE-2018-0011] - Cisco WebEx Meetings Elevation of Privilege Vulnerability
  • From: advisories
• FreeBSD Security Advisory FreeBSD-SA-18:13.nfs
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 4346-1] ghostscript security update
  • From: Salvatore Bonaccorso
• [slackware-security] samba (SSA:2018-333-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4347-1] perl security update
  • From: Salvatore Bonaccorso