BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 57 min 58 sec ago

SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products

1 hour 39 min ago

Posted by SEC Consult Vulnerability Lab on Oct 18

SEC Consult Vulnerability Lab Security Advisory < 20171018-1 >
=======================================================================
title: Multiple vulnerabilities
product: Linksys E series, see "Vulnerable / tested versions"
vulnerable version: see "Vulnerable / tested versions"
fixed version: no public fix, see solution/timeline
CVE number: -
impact: high...
Categories:

[security bulletin] HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data

1 hour 50 min ago

Posted by security-alert on Oct 18

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03789en_us
Version: 2

HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module
v2.0 Option, Unauthorized Access to Data

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[SECURITY] [DSA 3999-1] wpa security update

October 16, 2017 - 5:23am

Posted by Yves-Alexis Perez on Oct 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3999-1 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
October 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wpa
CVE ID : CVE-2017-13077 CVE-2017-13078...
Categories:

SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++

October 16, 2017 - 2:50am

Posted by SEC Consult Vulnerability Lab on Oct 16

SEC Consult Vulnerability Lab Security Advisory < 20171016-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus VisiBroker C++
vulnerable version: 8.5 SP2
fixed version: 8.5 SP4 HF3
CVE number: CVE-2017-9281, CVE-2017-9282, CVE-2017-9283
impact: High
homepage:...
Categories:

[security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege

October 16, 2017 - 1:51am

Posted by swpmb . cyber-psrt on Oct 15

Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/km/KM02987868

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM02987868
Version: 1

MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-10-13
Last Updated: 2017-10-13

Potential Security Impact: Local:...
Categories:

Advisory X41-2017-010: Command Execution in Shadowsocks-libev

October 16, 2017 - 1:43am

Posted by X41 D-Sec GmbH Advisories on Oct 15

X41 D-Sec GmbH Security Advisory: X41-2017-010

Command Execution in Shadowsocks-libev
======================================

Overview
--------
Severity Rating: High
Confirmed Affected Versions: 3.1.0
Confirmed Patched Versions: N/A
Vendor: Shadowsocks
Vendor URL: https://github.com/shadowsocks/shadowsocks-libev
Vector: Local
Credit: X41 D-Sec GmbH, Niklas Abel
Status: Public
CVE: not yet assigned
Advisory-URL:...
Categories:

Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks

October 16, 2017 - 1:37am

Posted by X41 D-Sec GmbH Advisories on Oct 15

X41 D-Sec GmbH Security Advisory: X41-2017-008

Multiple Vulnerabilities in Shadowsocks
=======================================

Overview
--------
Confirmed Affected Versions: Latest commit 2ab8c6b on Sep 6
Confirmed Patched Versions: N/A
Vendor: Shadowsocks
Vendor URL: https://github.com/shadowsocks/shadowsocks/tree/master
Vector: Network
Credit: X41 D-Sec GmbH, Niklas Abel
Status: Public
Advisory-URL:...
Categories:

[RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure

October 16, 2017 - 1:30am

Posted by Julien Ahrens on Oct 15

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AlienVault USM
Vendor URL: https://www.alienvault.com
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2017-09-22
Date published: 2017-10-13
CVSSv3 Score: 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVE: CVE-2017-14956

2. CREDITS
==========
This vulnerability was discovered and researched...
Categories:

Multiple vulnerabilities in OpenText Documentum Content Server

October 13, 2017 - 9:56am

Posted by Andrey B. Panfilov on Oct 13

CVE Identifier: CVE-2017-15012
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
Description:

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
does not properly validate input of PUT_FILE RPC-command which allows any
authenticated user to hijack arbitrary file from...
Categories: