BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 19 min 13 sec ago

Secunia Research: Oracle Outside In Denial of Service Vulnerability

November 21, 2017 - 10:37pm

Posted by Secunia Research on Nov 21

======================================================================

Secunia Research 2017/10/21

Oracle Outside In Denial of Service Vulnerability

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of...
Categories:

[SECURITY] [DSA 4045-1] vlc security update

November 21, 2017 - 10:32pm

Posted by Moritz Muehlenhoff on Nov 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-4045-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 21, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vlc
CVE ID : CVE-2017-9300 CVE-2017-10699

Several...
Categories:

CSNC-2017-029 MyTy Blind SQL Injection

November 21, 2017 - 10:26pm

Posted by Advisories on Nov 21

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: MyTy
# Vendor: Finlane GmbH
# CSNC ID: CSNC-2017-029
# CVE ID: -
# Subject: Blind SQL injection
# Risk: High
# Effect: Remotely exploitable
# Author: Nicolas Heiniger <nicolas.heiniger () compass-security...
Categories:

[security bulletin] HPESBHF03798 rev.1 - HPE Proliant Gen10 Servers, DL20 Gen9, ML30 Gen9 and Certain Apollo Servers Using Intel Server Platform Service (SPS) v4.0, Local Denial of Service and Execution of Arbitrary Code

November 21, 2017 - 10:21pm

Posted by security-alert on Nov 21

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03798en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03798en_us
Version: 1

HPESBHF03798 rev.1 - HPE Proliant Gen10 Servers, DL20 Gen9, ML30 Gen9 and
Certain Apollo Servers Using Intel Server Platform Service (SPS) v4.0, Local
Denial of Service and Execution of Arbitrary Code

NOTICE:...
Categories:

[SECURITY] [DSA 4044-1] swauth security update

November 21, 2017 - 10:15pm

Posted by Yves-Alexis Perez on Nov 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-4044-1 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
November 21, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : swauth
CVE ID : CVE-2017-16613
Debian Bug :...
Categories:

CSNC-2017-030 MyTy Reflected Cross-Site Scripting (XSS)

November 21, 2017 - 10:08pm

Posted by Advisories on Nov 21

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: MyTy
# Vendor: Finlane GmbH
# CSNC ID: CSNC-2017-030
# CVE ID: -
# Subject: Reflected Cross-Site Scripting (XSS)
# Risk: High
# Effect: Remotely exploitable
# Author: Nicolas Heiniger <nicolas.heiniger ()...
Categories:

FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat [REVISED]

November 21, 2017 - 8:33pm

Posted by FreeBSD Security Advisories on Nov 21

=============================================================================
FreeBSD-SA-17:10.kldstat Security Advisory
The FreeBSD Project

Topic: Information leak in kldstat(2)

Category: core
Module: kernel
Announced: 2017-11-15
Credits: Ilja van Sprundel
TJ Corley
Affects: All supported...
Categories:

[CVE-2017-15044] DocuWare FullText Search - Incorrect Access Control vulnerability

November 20, 2017 - 10:08pm

Posted by Graham Leggett on Nov 20

CVE-2017-15044: DocuWare FullText Search - Incorrect Access Control vulnerability

Severity: High

------------------------------------------

Vendor:

DocuWare Europe GmbH
Therese-Giehse-Platz 2 82110 Germering Germany

------------------------------------------

Description:

The default installation of DocuWare FullText Search server allows remote
users to connect to and download and or modify all searchable text from
the embedded Solr...
Categories:

[security bulletin] HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities

November 17, 2017 - 3:59am

Posted by security-alert on Nov 17

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03794en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbmu03794en_us
Version: 1

HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-11-15
Last Updated:...
Categories:

[security bulletin] HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities

November 17, 2017 - 3:53am

Posted by security-alert on Nov 17

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03795en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbmu03795en_us
Version: 1

HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-11-15...
Categories:

[SECURITY] [DSA 4037-1] jackson-databind security update

November 17, 2017 - 3:41am

Posted by Sebastien Delafond on Nov 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4037-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
November 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jackson-databind
CVE ID : CVE-2017-15095

It was...
Categories:

[SECURITY] [DSA 4039-1] opensaml2 security update

November 17, 2017 - 3:26am

Posted by Salvatore Bonaccorso on Nov 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4039-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
November 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : opensaml2
CVE ID : CVE-2017-16853
Debian Bug :...
Categories:

[security bulletin] HPESBHF03705 rev.4 - HPE Integrated Lights-Out 4, 3, 2 and Moonshot Remote Console Administrator (iLO 4 and MRCA) Remote Disclosure of Information

November 16, 2017 - 9:42pm

Posted by security-alert on Nov 16

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-HPESBHF03705en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: HPESBHF03705en_us
Version: 4

HPESBHF03705 rev.4 - HPE Integrated Lights-Out 4, 3, 2 and Moonshot Remote
Console Administrator (iLO 4 and MRCA) Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be...
Categories:

FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat

November 16, 2017 - 9:36pm

Posted by FreeBSD Security Advisories on Nov 16

=============================================================================
FreeBSD-SA-17:10.kldstat Security Advisory
The FreeBSD Project

Topic: Information leak in kldstat(2)

Category: core
Module: kernel
Announced: 2017-11-15
Credits: TJ Corley
Affects: All supported versions of FreeBSD.
Corrected:...
Categories:

FreeBSD Security Advisory FreeBSD-SA-17:09.shm

November 16, 2017 - 9:31pm

Posted by FreeBSD Security Advisories on Nov 16

=============================================================================
FreeBSD-SA-17:09.shm Security Advisory
The FreeBSD Project

Topic: POSIX shm allows jails to access global namespace

Category: core
Module: shm
Announced: 2017-11-15
Credits: Whitewinterwolf
Affects: FreeBSD 10.x
Corrected:...
Categories:

FreeBSD Security Advisory FreeBSD-SA-17:08.ptrace

November 16, 2017 - 9:25pm

Posted by FreeBSD Security Advisories on Nov 16

=============================================================================
FreeBSD-SA-17:08.ptrace Security Advisory
The FreeBSD Project

Topic: Kernel data leak via ptrace(PT_LWPINFO)

Category: core
Module: ptrace
Announced: 2017-11-15
Credits: John Baldwin
Affects: All supported versions of FreeBSD....
Categories:

[SECURITY] [DSA 4036-1] mediawiki security update

November 16, 2017 - 9:19pm

Posted by Moritz Muehlenhoff on Nov 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4036-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 15, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mediawiki
CVE ID : CVE-2017-8808 CVE-2017-8809...
Categories:

[SECURITY] [DSA 4035-1] firefox-esr security update

November 16, 2017 - 9:12pm

Posted by Moritz Muehlenhoff on Nov 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4035-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 15, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2017-7826 CVE-2017-7828...
Categories:

Call for papers - WorldCIST'18 - Naples, Italy - Extended deadline: November 26

November 16, 2017 - 9:05pm

Posted by Maria Lemos on Nov 16

* Proceedings by Springer

** Extended versions of best selected papers will be published in JCR/SCI/SSCI journals

---------------------------------------------------------------------------------------------------
WorldCist'18 - 6th World Conference on Information Systems and Technologies
Naples, Italy, 27 - 29 March 2018
http://www.worldcist.org/...
Categories:

CA20171114-01: Security Notice for CA Identity Governance

November 15, 2017 - 10:41pm

Posted by Kotas, Kevin J on Nov 15

CA20171114-01: Security Notice for CA Identity Governance

Issued: November 14, 2017
Last Updated: November 14, 2017

CA Technologies support is alerting customers to a potential risk
with CA Identity Governance. A vulnerability exists that can
potentially allow a malicious actor to conduct cross-site scripting
attacks. CA published a solution to resolve the issue.

The vulnerability, CVE-2017-9394, occurs due to insufficient input
validation...
Categories: