BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 25 min ago

[SECURITY] [DSA 3767-1] mysql-5.5 security update

January 20, 2017 - 1:20am

Posted by Salvatore Bonaccorso on Jan 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3767-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 19, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mysql-5.5
CVE ID : CVE-2017-3238 CVE-2017-3243...
Categories:

Novel Contributions to the field - How I broke MySQL's code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day

January 19, 2017 - 2:45am

Posted by Nicholas Lemonias. on Jan 18

************************************************************************************
*
*
* Copyright (c) 2017, Advanced Information Security Corp / Oracle Inc. *
*
*
*
*
************************************************************************************

ABSTRACT
===========

This industry-led...
Categories:

Novel Contributions to the Field - How I broke MySQL's codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day

January 19, 2017 - 2:37am

Posted by lem . nikolas on Jan 18

**************************************************
(c) 2017 Advanced Information Security Corporation and Oracle Inc.

**************************************************

Author: Nicholas Lemonias
Date: 17/01/2017

MySQL Remote 0day / Remote Buffer Overflows in 'NDBAPI' Cluster

Full report with technical details can be obtained from:

https://www.docdroid.net/hwLnQVr/cve-2016-5541.pdf.html

(References)

[1] Oracle Critical...
Categories:

[RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection

January 19, 2017 - 2:29am

Posted by Julien Ahrens on Jan 18

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Mattermost
Vendor URL: www.mattermost.org
Type: Cross-site Scripting [CWE-79]
Date found: 02/12/2016
Date published: 16/01/2017
CVSSv3 Score: 4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
CVE: -

2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE...
Categories:

[security bulletin] HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities

January 19, 2017 - 2:19am

Posted by security-alert on Jan 18

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05376917

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05376917
Version: 1

HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple
Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-01-18
Last...
Categories:

ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability

January 18, 2017 - 10:59am

Posted by EMC Product Security Response Center on Jan 18

----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability

EMC Identifier: ESA-2016-161

CVE Identifier: CVE-2016-9870

Severity Rating: CVSS v3 Base Score: 6.0 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

Affected products:
• EMC Isilon OneFS 8.0.0.0
• EMC Isilon OneFS 7.2.1.0 - 7.2.1.2
• EMC Isilon OneFS 7.2.0.x
• EMC Isilon OneFS 7.1.1.0 - 7.1.1.10
• EMC Isilon...
Categories:

ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability

January 18, 2017 - 10:49am

Posted by EMC Product Security Response Center on Jan 18

ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2016-143
CVE Identifier: CVE-2016-8213
Severity Rating: CVSS v3 Base Score: 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)

Affected products:
• EMC Documentum Webtop –
o Version 6.8, prior to P18
o Version 6.8.1, prior to P06
• EMC Documentum TaskSpace version 6.7SP3, prior to P02
• EMC Documentum Capital...
Categories:

[SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue

January 16, 2017 - 2:32pm

Posted by Joe Witt on Jan 16

CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
Apache NiFi 1.0.0
Apache NiFi 1.1.0

Description: There is a cross-site scripting vulnerability in
connection details dialog when accessed by an authorized user. The
user supplied text was not be properly handled when added to the DOM.

Mitigation:
1.0.0 users should upgrade to 1.0.1 or 1.1.1....
Categories:

[SECURITY] [DSA 3743-2] python-bottle regression update

January 16, 2017 - 3:51am

Posted by Sebastien Delafond on Jan 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3743-2 security () debian org
https://www.debian.org/security/ Sebastien Delafond
January 15, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-bottle
Debian Bug : 850176

The update for...
Categories:

[SECURITY] [DSA 3765-1] icoutils security update

January 16, 2017 - 3:45am

Posted by Salvatore Bonaccorso on Jan 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3765-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 14, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icoutils
CVE ID : CVE-2017-5331 CVE-2017-5332...
Categories:

[security bulletin] HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click Jacking

January 16, 2017 - 3:36am

Posted by security-alert on Jan 16

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05370100

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05370100
Version: 1

HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click
Jacking

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-01-13
Last Updated:...
Categories:

[security bulletin] HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities

January 16, 2017 - 3:26am

Posted by security-alert on Jan 16

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05333297

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05333297
Version: 2

HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface,
Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[SECURITY] [DSA 3764-1] pdns security update

January 16, 2017 - 3:16am

Posted by Salvatore Bonaccorso on Jan 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3764-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : pdns
CVE ID : CVE-2016-2120 CVE-2016-7068...
Categories: