BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 6 min ago

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009

December 14, 2018 - 12:42am

Posted by Michael Catanzaro on Dec 13

------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009
------------------------------------------------------------------------

Date reported : December 13, 2018
Advisory ID : WSA-2018-0009
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0009.html
WPE WebKit Advisory URL :...
Categories:

[SECURITY] [DSA 4354-1] firefox-esr security update

December 12, 2018 - 11:19pm

Posted by Moritz Muehlenhoff on Dec 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4354-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 12, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2018-12405 CVE-2018-17466...
Categories:

[security bulletin] MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access

December 12, 2018 - 11:15pm

Posted by security-alert on Dec 12

Note: the current version of the following document is available here:
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03298201

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03298201
Version: 1

MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote
Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-12-12
Last...
Categories:

[security bulletin] MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities

December 12, 2018 - 11:12pm

Posted by security-alert on Dec 12

Note: the current version of the following document is available here:
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03302206

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03302206
Version: 1

MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-12-12
Last Updated: 2018-12-12...
Categories:

[slackware-security] mozilla-firefox (SSA:2018-345-01)

December 12, 2018 - 7:53am

Posted by Slackware Security Team on Dec 12

[slackware-security] mozilla-firefox (SSA:2018-345-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-60.4.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

Zoho ManageEngine OpManager 12.3 before Build 123237 has XSS via the domainController API.

December 11, 2018 - 12:39pm

Posted by Murat Aydemir on Dec 11

I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 before Build 123237 has XSS via the
domainController API.

II. CVE REFERENCE
-------------------------
CVE-2018-19921

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
20/11/18 Vulnerability discovered
20/11/18 Vendor contacted
06/12/2018 OPManager replay that they fixed

V. CREDIT
-------------------------
Murat...
Categories:

[SECURITY] [DSA 4353-1] php7.0 security update

December 11, 2018 - 12:36pm

Posted by Moritz Muehlenhoff on Dec 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4353-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.0
CVE ID : CVE-2018-14851 CVE-2018-14883...
Categories:

[slackware-security] php (SSA:2018-341-01)

December 9, 2018 - 10:26pm

Posted by Slackware Security Team on Dec 09

[slackware-security] php (SSA:2018-341-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
Several security bugs have been fixed in this release:
Segfault when using convert.quoted-printable-encode filter.
Null pointer dereference in imap_mail.
imap_open allows to run arbitrary shell commands via...
Categories:

[SECURITY] [DSA 4352-1] chromium-browser security update

December 9, 2018 - 10:23pm

Posted by Michael Gilbert on Dec 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4352-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
December 07, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2018-17480...
Categories:

[SECURITY] [DSA 4351-1] libphp-phpmailer security update

December 9, 2018 - 10:20pm

Posted by Salvatore Bonaccorso on Dec 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4351-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
December 07, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libphp-phpmailer
CVE ID : CVE-2018-19296
Debian Bug...
Categories: