BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 41 min ago

[security bulletin] HPESBGN03773 rev.1 - HPE Application Performance Management (BSM), Remote Code Execution

5 hours 5 min ago

Posted by swpmb . cyber-psrt on Sep 26

Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/km/KM02960811

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM02960811
Version: 1

HPESBGN03773 rev.1 - HPE Application Performance Management (BSM), Remote
Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-09-25
Last Updated: 2017-09-25

Potential Security...
Categories:

Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities (apparitionsec / hyp3rlinx)

September 25, 2017 - 12:07pm

Posted by apparitionsec on Sep 25

[+] SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391
[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MAKO-WEB-SERVER-MULTIPLE-UNAUTHENTICATED-VULNERABILIITIES-SECURITEAM.txt
[+] ISR: ApparitionSec

Vulnerabilities Summary
The following advisory describe three (3) vulnerabilities found in Mako Server’s tutorial page.

The...
Categories:

Kaltura - Remote Code Execution and Cross-Site Scripting

September 25, 2017 - 3:06am

Posted by robin . verton on Sep 25

Telekom Security
security.telekom.com

Advisory: Kaltura - Remote Code Execution and Cross-Site Scripting
Release Date: 2017/09/12
Author: Robin Verton (robin.verton () telekom de)
CVE: CVE-2017-14141, CVE-2017-14142, CVE-2017-14143

Application: Kaltura <= 13.1.0
Risk: Critical
Vendor Status: Kaltura 13.2.0 was released to fix this vulnerabilities.

Overview:...
Categories:

[slackware-security] libxml2 (SSA:2017-266-01)

September 25, 2017 - 2:52am

Posted by Slackware Security Team on Sep 25

[slackware-security] libxml2 (SSA:2017-266-01)

New libxml2 packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libxml2-2.9.5-i586-1_slack14.2.txz: Upgraded.
This release fixes some security issues:
Detect infinite recursion in parameter entities (Nick Wellnhofer),
Fix handling of parameter-entity...
Categories:

[SECURITY] [DSA 3983-1] samba security update

September 25, 2017 - 2:38am

Posted by Moritz Muehlenhoff on Sep 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3983-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 22, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : samba
CVE ID : CVE-2017-12150 CVE-2017-12151...
Categories:

APPLE-SA-2017-09-19-1 iOS 11

September 20, 2017 - 2:20am

Posted by Apple Product Security on Sep 20

APPLE-SA-2017-09-19-1 iOS 11

iOS 11 is now available and addresses the following:

Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
erase a device during Exchange account setup
Description: A validation issue existed in AutoDiscover V1. This
issue was addressed through requiring TLS.
CVE-2017-7088: Ilya Nesterov, Maxim...
Categories: