BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 56 min 27 sec ago

[SECURITY] [DSA 3788-2] tomcat8 regression update

February 22, 2017 - 2:11pm

Posted by Salvatore Bonaccorso on Feb 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3788-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 22, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tomcat8

The update for tomcat8 issued as DSA-3788-1 caused...
Categories:

[security bulletin] HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

February 22, 2017 - 12:32am

Posted by security-alert on Feb 21

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05398322
Version: 1

HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX
running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive
Information

NOTICE: The information in this Security Bulletin should be acted...
Categories:

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

February 21, 2017 - 2:13pm

Posted by Apple Product Security on Feb 21

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

Logic Pro X 10.3.1 is now available and addresses the following:

Projects
Available for: OS X Yosemite v10.10 or later (64 bit)
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2374: Tyler Bohan of Cisco Talos

Installation note:

Logic Pro X may be obtained...
Categories:

PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability

February 20, 2017 - 5:25am

Posted by Vulnerability Lab on Feb 20

Document Title:
===============
PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2029

Release Date:
=============
2017-01-30

Vulnerability Laboratory ID (VL-ID):
====================================
2029

Common Vulnerability Scoring System:
====================================
5.9

Product & Service Introduction:...
Categories:

[SECURITY] [DSA 3790-1] spice security update

February 17, 2017 - 12:25am

Posted by Salvatore Bonaccorso on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3790-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : spice
CVE ID : CVE-2016-9577 CVE-2016-9578
Debian...
Categories:

[SYSS-2017-004] Simplessus Files: Path Traversal

February 16, 2017 - 4:21am

Posted by adrian . vollmer on Feb 16

Advisory ID: SYSS-2017-004
Product: Simplessus Files
Manufacturer: Simplessus
Affected Version(s): 3.7.7
Tested Version(s): 3.7.7
Vulnerability Type: Path Traversal (CWE-22)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: January 25, 2017
Solution Date: January 25, 2017
Public Disclosure: February 16, 2017
CVE Reference: Not yet assigned
Author of Advisory: Dr. Adrian Vollmer, SySS GmbH...
Categories:

[SYSS-2017-001] Simplessus Files: SQL Injection

February 16, 2017 - 4:12am

Posted by adrian . vollmer on Feb 16

Advisory ID: SYSS-2017-001
Product: Simplessus Files
Manufacturer: Simplessus
Affected Version(s): 3.7.7
Tested Version(s): 3.7.7
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Open
Manufacturer Notification: January 25, 2017
Solution Date: January 25, 2017
Public Disclosure: February 16, 2017
CVE Reference: Not yet assigned
Author of Advisory: Dr. Adrian Vollmer, SySS GmbH...
Categories:

KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability

February 16, 2017 - 12:57am

Posted by KoreLogic Disclosures on Feb 15

KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability

Title: Trendmicro InterScan Remote Root Access Vulnerability
Advisory ID: KL-001-2017-003
Publication Date: 2017.02.15
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-003.txt

1. Vulnerability Details

Affected Vendor: Trendmicro
Affected Product: InterScan Web Security Virtual Appliance
Affected Version: OS Version...
Categories:

KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write

February 16, 2017 - 12:47am

Posted by KoreLogic Disclosures on Feb 15

KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write

Title: Trendmicro InterScan Arbitrary File Write
Advisory ID: KL-001-2017-001
Publication Date: 2017.02.15
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-001.txt

1. Vulnerability Details

Affected Vendor: Trendmicro
Affected Product: InterScan Web Security Virtual Appliance
Affected Version: OS Version 3.5.1321.el6.x86_64; Application...
Categories: