Feed aggregator

Vuln: IBM DB2 CVE-2017-1452 Local Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - October 14, 2018 - 11:00pm
IBM DB2 CVE-2017-1452 Local Privilege Escalation Vulnerability
Categories:

Vuln: IBM DB2 CVE-2018-1448 Local Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - October 14, 2018 - 11:00pm
IBM DB2 CVE-2018-1448 Local Privilege Escalation Vulnerability
Categories:

Vuln: IBM DB2 CVE-2018-1428 Local Information Disclosure Vulnerability

Security Focus Latest Security Advisories - October 14, 2018 - 11:00pm
IBM DB2 CVE-2018-1428 Local Information Disclosure Vulnerability
Categories:

Vuln: IBM DB2 CVE-2017-1677 Local Arbitrary Code Execution Vulnerability

Security Focus Latest Security Advisories - October 14, 2018 - 11:00pm
IBM DB2 CVE-2017-1677 Local Arbitrary Code Execution Vulnerability
Categories:

Vuln: OpenSSL CVE-2017-3732 Information Disclosure Vulnerability

Security Focus Latest Security Advisories - October 14, 2018 - 11:00pm
OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
Categories:

4.18.14: stable

Linux Kernel Updates - October 13, 2018 - 2:33am
Version:4.18.14 (stable) Released:2018-10-13 Source:linux-4.18.14.tar.xz PGP Signature:linux-4.18.14.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.18.14

4.14.76: longterm

Linux Kernel Updates - October 13, 2018 - 2:27am
Version:4.14.76 (longterm) Released:2018-10-13 Source:linux-4.14.76.tar.xz PGP Signature:linux-4.14.76.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.14.76

4.9.133: longterm

Linux Kernel Updates - October 13, 2018 - 2:18am
Version:4.9.133 (longterm) Released:2018-10-13 Source:linux-4.9.133.tar.xz PGP Signature:linux-4.9.133.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.9.133

4.4.161: longterm

Linux Kernel Updates - October 13, 2018 - 2:11am
Version:4.4.161 (longterm) Released:2018-10-13 Source:linux-4.4.161.tar.xz PGP Signature:linux-4.4.161.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.4.161

3.18.124: longterm

Linux Kernel Updates - October 13, 2018 - 2:09am
Version:3.18.124 (EOL) (longterm) Released:2018-10-13 Source:linux-3.18.124.tar.xz PGP Signature:linux-3.18.124.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-3.18.124

next-20181012: linux-next

Linux Kernel Updates - October 12, 2018 - 2:39am
Version:next-20181012 (linux-next) Released:2018-10-12

SEC Consult SA-20181009-0 :: Remote Code Execution via XMeye P2P Cloud in Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices (CVE-2018-17915, CVE-2018-17917, CVE-2018-17919)

BugTraq Latest Security Advisories - October 9, 2018 - 9:15am

Posted by SEC Consult Vulnerability Lab on Oct 09

SEC Consult also published a blog post regarding the identified security issues
with further background information:

Blog: https://r.sec-consult.com/xmeye

SEC Consult Vulnerability Lab Security Advisory < 20181009-0 >
=======================================================================
title: Remote Code Execution via XMeye P2P Cloud
product: Xiongmai IP Cameras, NVRs and DVRs
incl. 3rd...
Categories:

Responsive Filemanager 9.8.1 Reflected Cross Site Scripting (XSS)

BugTraq Latest Security Advisories - October 9, 2018 - 8:18am

Posted by yavuz atlas on Oct 09

I. VULNERABILITY
-------------------------
Responsive Filemanager 9.8.1 Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-18062

III. VENDOR
-------------------------
https://www.responsivefilemanager.com

IV. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-18062

V. CREDIT
-------------------------
Yavuz Atlas of Biznet Bilisim...
Categories:

Responsive Filemanager 9.8.1 Authentication Bypass

BugTraq Latest Security Advisories - October 9, 2018 - 8:15am

Posted by yavuz atlas on Oct 09

I. VULNERABILITY
-------------------------
Responsive Filemanager 9.8.1 Authentication Bypass

II. CVE REFERENCE
-------------------------
CVE-2018-18061

III. VENDOR
-------------------------
https://www.responsivefilemanager.com

IV. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-18061

V. CREDIT
-------------------------
Yavuz Atlas of Biznet Bilisim
http://www.biznet.com.tr/biznet-guvenlik-duyurulari...
Categories:

CVE Request: Sitepress Multilingual CMS Plugin Unauthenticated Stored XSS

BugTraq Latest Security Advisories - October 9, 2018 - 4:48am

Posted by Rahul Pratap Singh on Oct 09

## FULL DISCLOSURE

#Product : Sitepress Multilingual CMS Plugin
#Exploit Author : Rahul Pratap Singh
#Version : 3.6.3 and Below
#Home page Link : https://wpml.org/
#Website: https://0x62626262.wordpress.com
#Date : 08/10/2018

Unauthenticated Stored XSS Vulnerability:

—————————————-
Description:
—————————————-
“locale_file_name_en” parameter is not sanitized that leads to stored XSS....
Categories:

[SECURITY] [DSA 4313-1] linux security update

BugTraq Latest Security Advisories - October 9, 2018 - 4:44am

Posted by Salvatore Bonaccorso on Oct 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4313-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
October 08, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2018-15471 CVE-2018-18021...
Categories:

APPLE-SA-2018-10-08-2 iCloud for Windows 7.7

BugTraq Latest Security Advisories - October 9, 2018 - 4:43am

Posted by Apple Product Security on Oct 09

APPLE-SA-2018-10-08-2 iCloud for Windows 7.7

iCloud for Windows 7.7 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz

WebKit
Available for: Windows 7 and later
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin...
Categories:

APPLE-SA-2018-10-08-1 iOS 12.0.1

BugTraq Latest Security Advisories - October 9, 2018 - 4:39am

Posted by Apple Product Security on Oct 09

APPLE-SA-2018-10-08-1 iOS 12.0.1

iOS 12.0.1 is now available and addresses the following:

VoiceOver
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A local attacker may be able to view photos and contacts from
the lock screen
Description: A lock screen issue allowed access to photos and
contacts on a locked device. This issue was addressed by restricting
options offered on a locked device....
Categories:

[SECURITY] [DSA 4312-1] tinc security update

BugTraq Latest Security Advisories - October 9, 2018 - 4:36am

Posted by Salvatore Bonaccorso on Oct 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4312-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
October 08, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tinc
CVE ID : CVE-2018-16738 CVE-2018-16758...
Categories:

[UPDATE][CVE-2018-11797] DoS vulnerability in Apache PDFBox parser

BugTraq Latest Security Advisories - October 7, 2018 - 9:57pm

Posted by Andreas Lehmkuehler on Oct 07

[CVE-2018-11797] DoS vulnerability in Apache PDFBox parser

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox <= 1.8.15
Apache PDFBox <= 2.0.11
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
A carefully crafted PDF file can trigger an extremely long
running computation when parsing the page tree.

Mitigation:
Upgrade to Apache PDFBox 1.8.16 respectively 2.0.12...
Categories: