BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 10 min ago

Secunia Research: Microsoft Windows Heap-based Buffer Overflow Vulnerabilities

1 hour 32 min ago

Posted by Secunia Research on May 23

======================================================================

Secunia Research 2016/05/22

Microsoft Windows Heap-based Buffer Overflow Vulnerabilities

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of...
Categories:

HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)

May 22, 2017 - 1:51pm

Posted by HPE Product Security Response Team on May 22

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03744en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03744en_us
Version: 1

HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible....
Categories:

CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

May 22, 2017 - 4:56am

Posted by hyp3rlinx on May 22

[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt
[+] ISR: ApparitionSec

Vendor:
====================
www.secure-bytes.com

Product:
=====================
Secure Auditor - v3.0

Secure Auditor suite is a unified digital risk management solution for conducting automated audits on Windows, Oracle
and SQL...
Categories:

CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution

May 22, 2017 - 4:48am

Posted by hyp3rlinx on May 22

[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/PEGASUS-MAILTO-LINK-REMOTE-CODE-EXECUTION.txt
[+] ISR: APPARITIONSEC

Vendor:
=============
www.pmail.com

Product:
===========================
Pegasus "winpm-32.exe"
v4.72 build 572

Pegasus Mail: Pegasus Mail is a free, standards-based electronic mail client suitable for use by single or...
Categories:

CVE-2017-9046 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection

May 22, 2017 - 4:41am

Posted by hyp3rlinx on May 22

[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt
[+] ISR: ApparitionSec

Vendor:
================
www.mantisbt.org

Product:
=========
Mantis Bug Tracker
1.3.10 / v2.3.0

MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL
databases....
Categories:

May 2017 - SourceTree - Critical Security Advisory

May 22, 2017 - 4:33am

Posted by Atlassian on May 22

This email refers to the advisory found at
https://confluence.atlassian.com/x/jW2xNQ .

CVE ID:

* CVE-2017-8768.

Product: SourceTree.

Affected SourceTree product versions:

* SourceTree for Mac 1.4.0 <= version < 2.5.1
* SourceTree for Windows 0.8.4b <= version < 2.0.20.1

Fixed SourceTree product versions:

* Versions of SourceTree for Mac equal to and above 2.5.1 contain a
fix for this issue.
* Versions of SourceTree for Windows...
Categories:

CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

May 22, 2017 - 4:26am

Posted by hyp3rlinx on May 22

[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt
[+] ISR: ApparitionSec

Vendor:
====================
www.secure-bytes.com

Product:
=====================
Secure Auditor - v3.0

Secure Auditor suite is a unified digital risk management solution for conducting automated audits on Windows, Oracle
and SQL...
Categories:

[SECURITY] [DSA 3858-1] openjdk-7 security update

May 22, 2017 - 4:19am

Posted by Moritz Muehlenhoff on May 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3858-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 19, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-7
CVE ID : CVE-2017-3509 CVE-2017-3511...
Categories:

[SECURITY] CVE-2017-5657: Apache Archiva CSRF vulnerability for REST endpoints

May 22, 2017 - 4:05am

Posted by Martin on May 22

CVE-2017-5657: Apache Archiva CSRF vulnerabilities for various REST endpoints

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Archiva 2.0.0 - 2.2.1
The unsupported versions 1.x are also affected.

Several REST service endpoints of Apache Archiva are not protected against
Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same
browser as the archiva site, may send HTML response...
Categories:

[security bulletin] HPESBGN03748 rev.1 - HPE Cloud Optimizer, Remote Disclosure of Information

May 19, 2017 - 9:18am

Posted by security-alert on May 19

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03748en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03748en_us
Version: 1

HPESBGN03748 rev.1 - HPE Cloud Optimizer, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-05-18
Last Updated:...
Categories:

[SECURITY] [DSA 3856-1] deluge security update

May 19, 2017 - 9:08am

Posted by Moritz Muehlenhoff on May 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3856-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 18, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : deluge
CVE ID : CVE-2017-7178 CVE-2017-9031

Two...
Categories:

PingID (MFA) - Reflected Cross-Site Scripting

May 17, 2017 - 3:59am

Posted by Advisories on May 17

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: PingID (MFA) [1]
# Vendor: Ping Identity Corporation
# CSNC ID: CSNC-2017-013
# Subject: Reflected Cross-Site Scripting
# Risk: High
# Effect: Remotely exploitable
# Author: Stephan Sekula...
Categories:

[slackware-security] kdelibs (SSA:2017-136-02)

May 17, 2017 - 3:46am

Posted by Slackware Security Team on May 17

[slackware-security] kdelibs (SSA:2017-136-02)

New kdelibs packages are available for Slackware 13.37, 14.0, 14.1, 14.2,
and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/kdelibs-4.14.32-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue with KAuth that can lead to gaining
root from an unprivileged account.
For more information,...
Categories:

[SYSS-2017-010] HP Wireless Mouse: Spoofing Attack (CWE-345)

May 16, 2017 - 9:31am

Posted by Micha Borrmann on May 16

Advisory ID: SYSS-2017-010
Product: Wireless Mouse (part of Wireless Desktop Set ERK-321A, which is shipped together with HP Elite Slice)
Manufacturer: HP
Affected Version(s): MORFGIUO
Tested Version(s): MORFGIUO
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Mouse Spoofing Attack
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2017-03-02
Solution Date: -
Public Disclosure:...
Categories: