Feed aggregator

ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability

BugTraq Latest Security Advisories - March 20, 2017 - 2:37pm

Posted by EMC Product Security Response Center on Mar 20

ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability

EMC Identifier: ESA-2017-010
CVE Identifier: CVE-2016-6650
Severity Rating: CVSS v3 Base Score: CVSS v3 Score: 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).

Affected products:

•EMC RecoverPoint versions prior to 5.0

•EMC RecoverPoint for Virtual Machines versions prior to 5.0

Summary:
EMC RecoverPoint update contains a fix for a SSL Stripping Vulnerability that may potentially be...
Categories:

[SECURITY] [DSA 3796-2] sitesummary regression update

BugTraq Latest Security Advisories - March 20, 2017 - 1:16pm

Posted by Sebastien Delafond on Mar 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3796-2 security () debian org
https://www.debian.org/security/ Sebastien Delafond
March 20, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : sitesummary
Debian Bug : 852623

DSA-3796-1 for apache2...
Categories:

[security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access

BugTraq Latest Security Advisories - March 20, 2017 - 1:05pm

Posted by security-alert on Mar 20

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05121842

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05121842
Version: 2

HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access
Restriction Bypass, Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

Bugtraq: [SECURITY] [DSA 3812-1] ioquake3 security update

Security Focus Latest Security Advisories - March 20, 2017 - 1:00pm
[SECURITY] [DSA 3812-1] ioquake3 security update
Categories:

Bugtraq: [SECURITY] [DSA 3811-1] wireshark security update

Security Focus Latest Security Advisories - March 20, 2017 - 1:00pm
[SECURITY] [DSA 3811-1] wireshark security update
Categories:

CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service

BugTraq Latest Security Advisories - March 20, 2017 - 9:03am

Posted by hyp3rlinx on Mar 20

[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SERVICE.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.extraputty.com

Product:
======================
ExtraPuTTY - v029_RC2
hash: d7212fb5bc4144ef895618187f532773

Also Vulnerable: v0.30 r15
hash: eac63550f837a98d5d52d0a19d938b91

ExtraPuTTY is a fork from 0.67...
Categories:

[SECURITY] [DSA 3813-1] r-base security update

BugTraq Latest Security Advisories - March 20, 2017 - 8:53am

Posted by Moritz Muehlenhoff on Mar 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3813-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 19, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : r-base
CVE ID : CVE-2016-8714

Cory Duplantis...
Categories:

[SECURITY] [DSA 3812-1] ioquake3 security update

BugTraq Latest Security Advisories - March 20, 2017 - 8:44am

Posted by Moritz Muehlenhoff on Mar 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3812-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ioquake3
CVE ID : CVE-2017-6903

It was discovered...
Categories:

[SECURITY] [DSA 3811-1] wireshark security update

BugTraq Latest Security Advisories - March 20, 2017 - 8:34am

Posted by Moritz Muehlenhoff on Mar 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3811-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2017-5596 CVE-2017-5597...
Categories:

Cisco Security Advisory: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability

BugTraq Latest Security Advisories - March 20, 2017 - 8:23am

Posted by psirt on Mar 20

Cisco Security Advisory: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20170317-cmp

Revision: 1.0

For Public Release: 2017 March 17 16:00 GMT

Last Updated: 2017 March 17 16:00 GMT

CVE ID(s): CVE-2017-3881

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A...
Categories:

Bugtraq: MS Internet Information Services XSS / HTML Injection vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 7:00am
MS Internet Information Services XSS / HTML Injection vulnerability
Categories:

Bugtraq: CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure

Security Focus Latest Security Advisories - March 20, 2017 - 7:00am
CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure
Categories:

Bugtraq: SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products

Security Focus Latest Security Advisories - March 20, 2017 - 7:00am
SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products
Categories:

Bugtraq: CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability

Security Focus Latest Security Advisories - March 20, 2017 - 7:00am
CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability
Categories:

next-20170320: linux-next

Linux Kernel Updates - March 20, 2017 - 12:49am
Version:next-20170320 (linux-next) Released:2017-03-20

Vuln: IBM Algorithmics One-Algo Risk Application CVE-2017-1155 Unauthorized Access Vulnerability

Security Focus Latest Security Advisories - March 19, 2017 - 11:00pm
IBM Algorithmics One-Algo Risk Application CVE-2017-1155 Unauthorized Access Vulnerability
Categories:

Vuln: Red Hat CloudForms Management App CVE-2017-2653 Security Bypass Vulnerability

Security Focus Latest Security Advisories - March 19, 2017 - 11:00pm
Red Hat CloudForms Management App CVE-2017-2653 Security Bypass Vulnerability
Categories:

Vuln: Microsoft Windows Local Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - March 19, 2017 - 11:00pm
Microsoft Windows Local Privilege Escalation Vulnerability
Categories:

Vuln: Wordpress Anyone Plugin 'by-email.php' Session Management Security Bypass Vulnerability

Security Focus Latest Security Advisories - March 19, 2017 - 11:00pm
Wordpress Anyone Plugin 'by-email.php' Session Management Security Bypass Vulnerability
Categories:

Vuln: IBM Cognos Business Intelligence CVE-2016-8960 Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - March 19, 2017 - 11:00pm
IBM Cognos Business Intelligence CVE-2016-8960 Privilege Escalation Vulnerability
Categories: