Feed aggregator

Bugtraq: Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

Security Focus Latest Security Advisories - February 12, 2018 - 9:00am
Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
Categories:

[SECURITY] [DSA 4110-1] exim4 security update

BugTraq Latest Security Advisories - February 12, 2018 - 4:43am

Posted by Salvatore Bonaccorso on Feb 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4110-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 10, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2018-6789
Debian Bug :...
Categories:

Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

BugTraq Latest Security Advisories - February 12, 2018 - 4:40am

Posted by Stefan Kanthak on Feb 12

Hi @ll,

since about two or three years now, Microsoft offers Skype as
optional update on Windows/Microsoft Update.

JFTR: for Microsoft's euphemistic use of "update" see
<http://seclists.org/fulldisclosure/2018/Feb/17>

Once installed, Skype uses its own proprietary update mechanism
instead of Windows/Microsoft Update: Skype periodically runs
"%ProgramFiles%\Skype\Updater\Updater.exe"
under the SYSTEM...
Categories:

KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability

BugTraq Latest Security Advisories - February 12, 2018 - 4:37am

Posted by KoreLogic Disclosures on Feb 12

KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability

Title: NetEx HyperIP Local File Inclusion Vulnerability
Advisory ID: KL-001-2018-005
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt

1. Vulnerability Details

Affected Vendor: NetEx
Affected Product: HyperIP
Affected Version: 6.1.0
Platform: Embedded Linux
CWE Classification: CWE-73:...
Categories:

[SECURITY] [DSA 4111-1] libreoffice security update

BugTraq Latest Security Advisories - February 12, 2018 - 4:30am

Posted by Moritz Muehlenhoff on Feb 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4111-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 11, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2018-6871

Mikhail...
Categories:

[SECURITY] [DSA 4109-1] ruby-omniauth security update

BugTraq Latest Security Advisories - February 12, 2018 - 4:30am

Posted by Luciano Bello on Feb 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4109-1 security () debian org
https://www.debian.org/security/
February 09, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-omniauth
CVE ID : CVE-2017-18076
Debian Bug...
Categories:

KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability

BugTraq Latest Security Advisories - February 12, 2018 - 4:29am

Posted by KoreLogic Disclosures on Feb 12

KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability

Title: NetEx HyperIP Privilege Escalation Vulnerability
Advisory ID: KL-001-2018-004
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-004.txt

1. Vulnerability Details

Affected Vendor: NetEx
Affected Product: HyperIP
Affected Version: 6.1.0
Platform: Embedded Linux
CWE Classification: CWE-592:...
Categories:

KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution

BugTraq Latest Security Advisories - February 12, 2018 - 4:14am

Posted by KoreLogic Disclosures on Feb 12

KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution

Title: NetEx HyperIP Post-Auth Command Execution
Advisory ID: KL-001-2018-003
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-003.txt

1. Vulnerability Details

Affected Vendor: NetEx
Affected Product: HyperIP
Affected Version: 6.1.0
Platform: Embedded Linux
CWE Classification: CWE-78: Improper...
Categories:

KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass

BugTraq Latest Security Advisories - February 12, 2018 - 4:06am

Posted by KoreLogic Disclosures on Feb 12

KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass

Title: Trend Micro IMSVA Management Portal Authentication Bypass
Advisory ID: KL-001-2018-006
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-006.txt

1. Vulnerability Details

Affected Vendor: Trend Micro
Affected Product: InterScan Mail Security Virtual Apppliance
Affected Version: 9.1.0.1600...
Categories:

KL-001-2018-002 : NetEx HyperIP Authentication Bypass

BugTraq Latest Security Advisories - February 12, 2018 - 4:04am

Posted by KoreLogic Disclosures on Feb 12

KL-001-2018-002 : NetEx HyperIP Authentication Bypass

Title: NetEx HyperIP Authentication Bypass
Advisory ID: KL-001-2018-002
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-002.txt

1. Vulnerability Details

Affected Vendor: NetEx
Affected Product: HyperIP
Affected Version: 6.1.0
Platform: Embedded Linux
CWE Classification: CWE-592: Authentication Bypass Issues...
Categories:

Bugtraq: [SECURITY] [DSA 4108-1] mailman security update

Security Focus Latest Security Advisories - February 12, 2018 - 4:00am
[SECURITY] [DSA 4108-1] mailman security update
Categories:

Bugtraq: Advisory - Fisheye and Crucible - CVE-2017-16861

Security Focus Latest Security Advisories - February 12, 2018 - 4:00am
Advisory - Fisheye and Crucible - CVE-2017-16861
Categories:

Bugtraq: [SECURITY] [DSA 4105-2] mpv security update

Security Focus Latest Security Advisories - February 12, 2018 - 4:00am
[SECURITY] [DSA 4105-2] mpv security update
Categories:

Bugtraq: SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro

Security Focus Latest Security Advisories - February 12, 2018 - 4:00am
SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro
Categories:

4.15.3: stable

Linux Kernel Updates - February 12, 2018 - 1:07am
Version:4.15.3 (stable) Released:2018-02-12 Source:linux-4.15.3.tar.xz PGP Signature:linux-4.15.3.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.15.3

Vuln: Kaspersky Secure Mail Gateway Multiple Security Vulnerabilities

Security Focus Latest Security Advisories - February 12, 2018 - 12:00am
Kaspersky Secure Mail Gateway Multiple Security Vulnerabilities
Categories:

next-20180212: linux-next

Linux Kernel Updates - February 11, 2018 - 9:44pm
Version:next-20180212 (linux-next) Released:2018-02-12

4.16-rc1: mainline

Linux Kernel Updates - February 11, 2018 - 6:04pm
Version:4.16-rc1 (mainline) Released:2018-02-11 Source:linux-4.16-rc1.tar.gz Patch:full

[SECURITY] [DSA 4108-1] mailman security update

BugTraq Latest Security Advisories - February 9, 2018 - 6:29am

Posted by Thijs Kinkhorst on Feb 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4108-1 security () debian org
https://www.debian.org/security/ Thijs Kinkhorst
February 09, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mailman
CVE ID : CVE-2018-5950
Debian Bug :...
Categories: