Feed aggregator

APPLE-SA-2018-02-19-3 tvOS 11.2.6

BugTraq Latest Security Advisories - February 19, 2018 - 11:28pm

Posted by Apple Product Security on Feb 19

APPLE-SA-2018-02-19-3 tvOS 11.2.6

tvOS 11.2.6 is now available and addresses the following:

CoreText
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4124: an anonymous researcher

Installation note:

Apple TV will periodically check for software updates....
Categories:

APPLE-SA-2018-02-19-4 watchOS 4.2.3

BugTraq Latest Security Advisories - February 19, 2018 - 11:22pm

Posted by Apple Product Security on Feb 19

APPLE-SA-2018-02-19-4 watchOS 4.2.3

watchOS 4.2.3 is now available and addresses the following:

CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4124: an anonymous researcher

Installation note:

Instructions on how to update your Apple Watch software are
available at...
Categories:

[SECURITY] [DSA 4119-1] libav security update

BugTraq Latest Security Advisories - February 19, 2018 - 11:12pm

Posted by Moritz Muehlenhoff on Feb 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4119-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 19, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libav
CVE ID : CVE-2017-16803

Several security...
Categories:

Bugtraq: Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)

Security Focus Latest Security Advisories - February 19, 2018 - 11:00pm
Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)
Categories:

Bugtraq: Kentico CMS version 9 through 11 - Arbitrary Code Execution

Security Focus Latest Security Advisories - February 19, 2018 - 11:00pm
Kentico CMS version 9 through 11 - Arbitrary Code Execution
Categories:

Bugtraq: [SECURITY] [DSA 4118-1] tomcat-native security update

Security Focus Latest Security Advisories - February 19, 2018 - 11:00pm
[SECURITY] [DSA 4118-1] tomcat-native security update
Categories:

Bugtraq: [SECURITY] [DSA 4117-1] gcc-4.9 security update

Security Focus Latest Security Advisories - February 19, 2018 - 11:00pm
[SECURITY] [DSA 4117-1] gcc-4.9 security update
Categories:

next-20180220: linux-next

Linux Kernel Updates - February 19, 2018 - 9:42pm
Version:next-20180220 (linux-next) Released:2018-02-20

Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)

BugTraq Latest Security Advisories - February 19, 2018 - 3:50am

Posted by displaymyname on Feb 19

# Exploit Title: Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)
# Date: 18-02-2018
# Software Link: https://www.kentico.com
# Exploit Author: Keerati T.
# CVE: CVE-2018-7205
# Category: webapps

1. Description

Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Marketing platform that allows you to create
cutting-edge websites and optimize your digital customers’ experiences fully across multiple...
Categories:

[SECURITY] [DSA 4117-1] gcc-4.9 security update

BugTraq Latest Security Advisories - February 19, 2018 - 3:44am

Posted by Moritz Muehlenhoff on Feb 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4117-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 17, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gcc-4.9
CVE ID : not applicable

This update...
Categories:

Kentico CMS version 9 through 11 - Arbitrary Code Execution

BugTraq Latest Security Advisories - February 19, 2018 - 3:42am

Posted by displaymyname on Feb 19

# Exploit Title: Kentico CMS version 9 through 11 - Arbitrary Code Execution
# Date: 17-02-2018
# Software Link: https://www.kentico.com
# Exploit Author: Keerati T.
# CVE: CVE-2018-7046
# Category: webapps

1. Description

Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Marketing platform that allows you to create
cutting-edge websites and optimize your digital customers’ experiences fully across multiple channels....
Categories:

[SECURITY] [DSA 4118-1] tomcat-native security update

BugTraq Latest Security Advisories - February 19, 2018 - 3:41am

Posted by Salvatore Bonaccorso on Feb 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4118-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 17, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tomcat-native
CVE ID : CVE-2017-15698

Jonas...
Categories:

[SECURITY] [DSA 4116-1] plasma-workspace security update

BugTraq Latest Security Advisories - February 19, 2018 - 3:37am

Posted by Moritz Muehlenhoff on Feb 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4116-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : plasma-workspace
CVE ID : CVE-2018-6791

Krzysztof...
Categories:

Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12

BugTraq Latest Security Advisories - February 19, 2018 - 3:16am

Posted by dkl on Feb 19

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issue has been discovered
in Bugzilla:

* A CSRF vulnerability in report.cgi would allow a third-party site
to extract confidential information from a bug the victim had access to.

All affected installations are encouraged to upgrade as soon as
possible.

Vulnerability Details
=====================

Class:...
Categories:

Bugtraq: [slackware-security] irssi (SSA:2018-046-01)

Security Focus Latest Security Advisories - February 19, 2018 - 3:00am
[slackware-security] irssi (SSA:2018-046-01)
Categories:

Bugtraq: [SECURITY] [DSA 4115-1] quagga security update

Security Focus Latest Security Advisories - February 19, 2018 - 3:00am
[SECURITY] [DSA 4115-1] quagga security update
Categories:

Bugtraq: Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

Security Focus Latest Security Advisories - February 19, 2018 - 3:00am
Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
Categories:

Bugtraq: Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload

Security Focus Latest Security Advisories - February 19, 2018 - 3:00am
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload
Categories:

Vuln: Google Chrome CVE-2018-6056 Remote Security Vulnerability

Security Focus Latest Security Advisories - February 19, 2018 - 12:00am
Google Chrome CVE-2018-6056 Remote Security Vulnerability
Categories:

Vuln: Microsoft Windows Kernel CVE-2018-0810 Local Information Disclosure Vulnerability

Security Focus Latest Security Advisories - February 19, 2018 - 12:00am
Microsoft Windows Kernel CVE-2018-0810 Local Information Disclosure Vulnerability
Categories: