BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 45 min 44 sec ago

AST-2018-010: Remote crash vulnerability DNS SRV and NAPTR lookups

18 hours 28 min ago

Posted by Asterisk Security Team on Nov 15

Asterisk Project Security Advisory - AST-2018-010

Product Asterisk
Summary Remote crash vulnerability DNS SRV and NAPTR lookups
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...
Categories:

AST-2018-010:

18 hours 31 min ago

Posted by Asterisk Security Team on Nov 15

Asterisk Project Security Advisory - AST-2018-010

Product Asterisk
Remote crash vulnerability DNS SRV and NAPTR lookups
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...
Categories:

Custom Frontend Login Registration Form (WP Plugin) - Multiple XSS Vulnerabilities

November 14, 2018 - 4:03am

Posted by Socket_0x03 on Nov 14

========================================================================================
Custom Frontend Login Registration Form v1.01 (WP Plugin) - Multiple XSS Vulnerabilities
========================================================================================
Categories:

[SECURITY] [DSA 4339-1] ceph security update

November 14, 2018 - 4:00am

Posted by Moritz Muehlenhoff on Nov 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4339-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 13, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ceph
CVE ID : CVE-2017-7519 CVE-2018-1086...
Categories:

[security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information

November 13, 2018 - 8:53am

Posted by cyber-psrt on Nov 13

Note: the current version of the following document is available here:
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03286178
Version: 1

MFSBGN03831 rev. - Service Management Automation, remote disclosure of
information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-11-12
Last Updated:...
Categories:

[security bulletin] MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of information

November 13, 2018 - 8:52am

Posted by cyber-psrt on Nov 13

Note: the current version of the following document is available here:
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286177

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03286177
Version: 1

MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-11-12
Last Updated:...
Categories:

[security bulletin] MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of data

November 13, 2018 - 8:46am

Posted by cyber-psrt on Nov 13

Note: the current version of the following document is available here:
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286176

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03286176
Version: 1

MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of
data

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-11-12
Last Updated:...
Categories:

[slackware-security] libtiff (SSA:2018-316-01)

November 13, 2018 - 8:43am

Posted by Slackware Security Team on Nov 13

[slackware-security] libtiff (SSA:2018-316-01)

New libtiff packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libtiff-4.0.10-i586-1_slack14.2.txz: Upgraded.
This update fixes some denial of service security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456...
Categories:

[SECURITY] [DSA 4338-1] qemu security update

November 12, 2018 - 1:34am

Posted by Moritz Muehlenhoff on Nov 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4338-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 11, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu
CVE ID : CVE-2018-10839 CVE-2018-17962...
Categories:

[SECURITY] [DSA 4337-1] thunderbird security update

November 12, 2018 - 1:33am

Posted by Moritz Muehlenhoff on Nov 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4337-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 10, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2018-12389 CVE-2018-12390...
Categories:

[SECURITY] [DSA 4336-1] ghostscript security update

November 12, 2018 - 1:28am

Posted by Salvatore Bonaccorso on Nov 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4336-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
November 10, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2018-11645 CVE-2018-17961...
Categories:

PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members

November 12, 2018 - 1:26am

Posted by Socket_0x03 on Nov 11

===================================================================================
PeepSo v1.11.2 (WordPress Plugin) - Cross-Site Scripting Vulnerability in “Members"
===================================================================================
Categories:

PeepSo v1.11.2 - Time-Based SQL Injection

November 12, 2018 - 1:22am

Posted by Socket_0x03 on Nov 11

============================================================
PeepSo v1.11.2 (WordPress Plugin) - Time-Based SQL Injection
============================================================
Categories:

NEW VMSA-2018-0027 VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage

November 12, 2018 - 1:19am

Posted by VMware Security Response Center on Nov 11

-----------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2018-0027
Severity: Critical
Synopsis: VMware ESXi, Workstation, and Fusion updates address
uninitialized stack memory usage
Issue date: 2018-11-09
Updated on: 2018-11-09 (Initial Advisory)
CVE number: CVE-2018-6981, CVE-2018-6982

1. Summary

VMware ESXi, Workstation, and...
Categories:

WP User Manager v2.0.8 - Time-Based SQL Injection

November 12, 2018 - 1:17am

Posted by Socket_0x03 on Nov 11

====================================================================
WP User Manager v2.0.8 (WordPress Plugin) - Time-Based SQL Injection
====================================================================
Categories:

[SECURITY] [DSA 4335-1] nginx security update

November 12, 2018 - 1:14am

Posted by Moritz Muehlenhoff on Nov 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4335-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 08, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nginx
CVE ID : CVE-2018-16843 CVE-2018-16844...
Categories: