BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 12 min ago

APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3

January 27, 2015 - 5:34pm

Posted by Apple Product Security on Jan 27

APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3

Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 are now available and
address the following:

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10.1
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit....
Categories:

APPLE-SA-2015-01-27-2 iOS 8.1.3

January 27, 2015 - 5:26pm

Posted by Apple Product Security on Jan 27

APPLE-SA-2015-01-27-2 iOS 8.1.3

iOS 8.1.3 is now available and addresses the following:

AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID...
Categories:

APPLE-SA-2015-01-27-1 Apple TV 7.0.3

January 27, 2015 - 5:18pm

Posted by Apple Product Security on Jan 27

APPLE-SA-2015-01-27-1 Apple TV 7.0.3

Apple TV 7.0.3 is now available and addresses the following:

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team

Apple TV...
Categories:

Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow

January 27, 2015 - 12:11pm

Posted by Qualys Security Advisory on Jan 27

Qualys Security Advisory CVE-2015-0235

GHOST: glibc gethostbyname buffer overflow

--[ Contents ]----------------------------------------------------------------

1 - Summary
2 - Analysis
3 - Mitigating factors
4 - Case studies
5 - Exploitation
6 - Acknowledgments

--[ 1 - Summary ]-------------------------------------------------------------

During a code audit performed internally at Qualys, we discovered a
buffer overflow in the...
Categories:

[SECURITY] [DSA 3142-1] eglibc security update

January 27, 2015 - 10:52am

Posted by Florian Weimer on Jan 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3142-1 security () debian org
http://www.debian.org/security/ Florian Weimer
January 27, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : eglibc
CVE ID : CVE-2012-6656 CVE-2014-6040...
Categories:

[SECURITY] [DSA 3141-1] wireshark security update

January 27, 2015 - 10:45am

Posted by Moritz Muehlenhoff on Jan 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3141-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2015-0562 CVE-2015-0564...
Categories:

[SYSS-2014-010] FancyFon FAMOC - SQL Injection

January 27, 2015 - 10:35am

Posted by matthias . deeg on Jan 27

Advisory ID: SYSS-2014-010
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution Date: 2015-01-23
Public Disclosure: 2015-01-23
CVE Reference: Not yet assigned
Authors of Advisory: Matthias Deeg (SySS GmbH)
Sebastian Nerz (SySS GmbH)...
Categories:

[SECURITY] [DSA 3140-1] xen security update

January 27, 2015 - 10:28am

Posted by Moritz Muehlenhoff on Jan 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3140-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2014-8594 CVE-2014-8595...
Categories:

[SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt

January 27, 2015 - 10:21am

Posted by matthias . deeg on Jan 27

Advisory ID: SYSS-2014-013
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: Use of a One-Way Hash without a Salt (CWE-759)
Risk Level: Low
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution Date: 2015-01-23
Public Disclosure: 2015-01-23
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)...
Categories:

[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting

January 27, 2015 - 10:12am

Posted by matthias . deeg on Jan 27

Advisory ID: SYSS-2014-011
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution Date: 2015-01-23
Public Disclosure: 2015-01-23
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...
Categories:

[SYSS-2014-012] FancyFon FAMOC - Session Fixation

January 27, 2015 - 10:03am

Posted by matthias . deeg on Jan 27

Advisory ID: SYSS-2014-012
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: Session Fixation (CWE-384)
Risk Level: Low
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution Date: 2015-01-23
Public Disclosure: 2015-01-23
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...
Categories:

CVE-2015-0223: anonymous access to qpidd cannot be prevented

January 27, 2015 - 4:17am

Posted by Gordon Sim on Jan 27

Apache Software Foundation - Security Advisory

anonymous access to qpidd cannot be prevented

CVE-2015-0223 CVS: 5.8

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version 0.30

Description:

An attacker can gain access to qpidd as an anonymous user, even if the
ANONYMOUS mechanism is disallowed.

Solution:

A patch is available (...
Categories:

CVE-2015-0224: qpidd can be crashed by unauthenticated user

January 27, 2015 - 4:10am

Posted by Gordon Sim on Jan 27

Apache Software Foundation - Security Advisory

qpidd can be crashed by unauthenticated user

CVE-2015-0224 CVS: 7.8

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version 0.30

Description:

In CVE-2015-0203 it was announced that certain unexpected protocol
sequences cause the broker process to crash due to insufficient
checking, but that authentication...
Categories:

[CORE-2015-0002] - Android WiFi-Direct Denial of Service

January 27, 2015 - 4:02am

Posted by CORE Advisories Team on Jan 27

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Android WiFi-Direct Denial of Service

1. *Advisory Information*

Title: Android WiFi-Direct Denial of Service
Advisory ID: CORE-2015-0002
Advisory URL:
http://www.coresecurity.com/advisories/android-wifi-direct-denial-service
Date published: 2015-01-26
Date of last update: 2015-01-26
Vendors contacted: Android Security Team
Release mode: User release

2. *Vulnerability...
Categories:

WebKitGTK+ Security Advisory WSA-2015-0001

January 27, 2015 - 3:52am

Posted by Carlos Alberto Lopez Perez on Jan 27

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0001
------------------------------------------------------------------------

Date reported : January 26, 2015
Advisory ID : WSA-2015-0001
Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html
Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8.
CVE identifiers :...
Categories:

Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability

January 23, 2015 - 3:56am

Posted by Rewterz - Research Group on Jan 23

================================================================================
[REWTERZ-20140103] - Rewterz - Security Advisory
================================================================================

Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability
Product: ServiceDesk Plus (http://www.manageengine.com/)
Affected Version: 9.0 (Other versions could also be affected)
Fixed Version: 9.0 Build 9031...
Categories:

REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability

January 23, 2015 - 3:48am

Posted by Rewterz - Research Group on Jan 23

================================================================================
[REWTERZ-20140102] - Rewterz - Security Advisory
================================================================================

Title: ManageEngine ServiceDesk Plus User Enumeration Vulnerability
Product: ServiceDesk Plus (http://www.manageengine.com/)
Affected Version: 9.0 (Other versions could also be affected)
Fixed Version: 9.0 Build 9031
Vulnerability Impact:...
Categories:

REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability

January 23, 2015 - 3:41am

Posted by Rewterz - Research Group on Jan 23

================================================================================

[REWTERZ-20140101] - Rewterz - Security Advisory

================================================================================

Title: ManageEngine ServiceDesk SQL Injection Vulnerability
Product: ServiceDesk Plus (http://www.manageengine.com/)
Affected Version: 9.0 (Other versions could also be affected)
Fixed Version: 9.0 Build 9031
Vulnerability Impact: High...
Categories:

[HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days

January 23, 2015 - 3:32am

Posted by Hafez Kamal on Jan 23

Hi guys - Happy New Year!

Just a reminder that the first selection round for submissions to HITB
Security Conference 2015 in Amsterdam is closing at the end of January!
That's T - 10 days and counting!!!

===

Date: 26th - 29th May 2015
Venue: De Beurs van Berlage
Event Website: http://conference.hitb.org/hitbsecconf2015ams/

---

HITBSecConf is a deep-knowledge, highly technical conference and we're
looking for material which is new,...
Categories: