Feed aggregator

Bugtraq: Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks

Security Focus Latest Security Advisories - October 16, 2017 - 4:00am
Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks
Categories:

SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++

BugTraq Latest Security Advisories - October 16, 2017 - 2:50am

Posted by SEC Consult Vulnerability Lab on Oct 16

SEC Consult Vulnerability Lab Security Advisory < 20171016-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus VisiBroker C++
vulnerable version: 8.5 SP2
fixed version: 8.5 SP4 HF3
CVE number: CVE-2017-9281, CVE-2017-9282, CVE-2017-9283
impact: High
homepage:...
Categories:

Bugtraq: Multiple vulnerabilities in OpenText Documentum Content Server

Security Focus Latest Security Advisories - October 16, 2017 - 2:00am
Multiple vulnerabilities in OpenText Documentum Content Server
Categories:

Bugtraq: [SECURITY] [DSA 3995-1] libxfont security update

Security Focus Latest Security Advisories - October 16, 2017 - 2:00am
[SECURITY] [DSA 3995-1] libxfont security update
Categories:

Bugtraq: [SECURITY] [DSA 3994-1] nautilus security update

Security Focus Latest Security Advisories - October 16, 2017 - 2:00am
[SECURITY] [DSA 3994-1] nautilus security update
Categories:

Bugtraq: [SECURITY] [DSA 3993-1] tor security update

Security Focus Latest Security Advisories - October 16, 2017 - 2:00am
[SECURITY] [DSA 3993-1] tor security update
Categories:

[security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege

BugTraq Latest Security Advisories - October 16, 2017 - 1:51am

Posted by swpmb . cyber-psrt on Oct 15

Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/km/KM02987868

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM02987868
Version: 1

MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-10-13
Last Updated: 2017-10-13

Potential Security Impact: Local:...
Categories:

Advisory X41-2017-010: Command Execution in Shadowsocks-libev

BugTraq Latest Security Advisories - October 16, 2017 - 1:43am

Posted by X41 D-Sec GmbH Advisories on Oct 15

X41 D-Sec GmbH Security Advisory: X41-2017-010

Command Execution in Shadowsocks-libev
======================================

Overview
--------
Severity Rating: High
Confirmed Affected Versions: 3.1.0
Confirmed Patched Versions: N/A
Vendor: Shadowsocks
Vendor URL: https://github.com/shadowsocks/shadowsocks-libev
Vector: Local
Credit: X41 D-Sec GmbH, Niklas Abel
Status: Public
CVE: not yet assigned
Advisory-URL:...
Categories:

Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks

BugTraq Latest Security Advisories - October 16, 2017 - 1:37am

Posted by X41 D-Sec GmbH Advisories on Oct 15

X41 D-Sec GmbH Security Advisory: X41-2017-008

Multiple Vulnerabilities in Shadowsocks
=======================================

Overview
--------
Confirmed Affected Versions: Latest commit 2ab8c6b on Sep 6
Confirmed Patched Versions: N/A
Vendor: Shadowsocks
Vendor URL: https://github.com/shadowsocks/shadowsocks/tree/master
Vector: Network
Credit: X41 D-Sec GmbH, Niklas Abel
Status: Public
Advisory-URL:...
Categories:

[RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure

BugTraq Latest Security Advisories - October 16, 2017 - 1:30am

Posted by Julien Ahrens on Oct 15

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AlienVault USM
Vendor URL: https://www.alienvault.com
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2017-09-22
Date published: 2017-10-13
CVSSv3 Score: 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVE: CVE-2017-14956

2. CREDITS
==========
This vulnerability was discovered and researched...
Categories:

Vuln: Adobe Flash Player CVE-2017-11292 Type Confusion Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - October 15, 2017 - 11:00pm
Adobe Flash Player CVE-2017-11292 Type Confusion Remote Code Execution Vulnerability
Categories:

Vuln: AlienVault USM CVE-2017-14956 Cross Site Request Forgery Vulnerability

Security Focus Latest Security Advisories - October 15, 2017 - 11:00pm
AlienVault USM CVE-2017-14956 Cross Site Request Forgery Vulnerability
Categories:

4.14-rc5: mainline

Linux Kernel Updates - October 15, 2017 - 8:01pm
Version:4.14-rc5 (mainline) Released:2017-10-16 Source:linux-4.14-rc5.tar.gz Patch:full (incremental)

4.13.7: stable

Linux Kernel Updates - October 14, 2017 - 8:38am
Version:4.13.7 (stable) Released:2017-10-14 Source:linux-4.13.7.tar.xz PGP Signature:linux-4.13.7.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.13.7

next-20171013: linux-next

Linux Kernel Updates - October 13, 2017 - 4:06pm
Version:next-20171013 (linux-next) Released:2017-10-13

Multiple vulnerabilities in OpenText Documentum Content Server

BugTraq Latest Security Advisories - October 13, 2017 - 9:56am

Posted by Andrey B. Panfilov on Oct 13

CVE Identifier: CVE-2017-15012
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
Description:

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
does not properly validate input of PUT_FILE RPC-command which allows any
authenticated user to hijack arbitrary file from...
Categories:

next-20171012: linux-next

Linux Kernel Updates - October 12, 2017 - 9:43pm
Version:next-20171012 (linux-next) Released:2017-10-13

4.9.56: longterm

Linux Kernel Updates - October 12, 2017 - 2:24pm
Version:4.9.56 (longterm) Released:2017-10-12 Source:linux-4.9.56.tar.xz PGP Signature:linux-4.9.56.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.9.56

3.16.49: longterm

Linux Kernel Updates - October 12, 2017 - 9:28am
Version:3.16.49 (longterm) Released:2017-10-12 Source:linux-3.16.49.tar.xz PGP Signature:linux-3.16.49.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-3.16.49

3.2.94: longterm

Linux Kernel Updates - October 12, 2017 - 9:27am
Version:3.2.94 (longterm) Released:2017-10-12 Source:linux-3.2.94.tar.xz PGP Signature:linux-3.2.94.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-3.2.94