BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 39 min ago

[SECURITY] [DSA 4180-1] drupal7 security update

April 25, 2018 - 10:50pm

Posted by Salvatore Bonaccorso on Apr 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-4180-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 25, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : CVE-2018-7602
Debian Bug :...
Categories:

Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability

April 25, 2018 - 10:45pm

Posted by Secunia Research on Apr 25

======================================================================

Secunia Research 2018/04/25

Oracle Outside In Technology Use-After-Free Vulnerability

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of...
Categories:

APPLE-SA-2018-04-24-2 Security Update 2018-001

April 25, 2018 - 2:03am

Posted by Apple Product Security on Apr 25

APPLE-SA-2018-04-24-2 Security Update 2018-001

Security Update 2018-001 is now available and addresses the
following:

Crash Reporter
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
error handling.
CVE-2018-4206: Ian Beer of Google Project Zero

LinkPresentation
Available for: macOS High Sierra 10.13.4
Impact: Processing a...
Categories:

APPLE-SA-2018-04-24-1 iOS 11.3.1

April 25, 2018 - 2:02am

Posted by Apple Product Security on Apr 25

APPLE-SA-2018-04-24-1 iOS 11.3.1

iOS 11.3.1 is now available and addresses the following:

Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and
iPod touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
error handling.
CVE-2018-4206: Ian Beer of Google Project Zero

LinkPresentation
Available for: iPhone 5s and later, iPad Air...
Categories:

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4)

April 25, 2018 - 1:56am

Posted by Apple Product Security on Apr 24

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4,
and 13605.1.33.1.4)

Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4)
is now available and addresses the following:

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with...
Categories:

[SECURITY] [DSA 4179-1] linux-tools security update

April 24, 2018 - 10:36am

Posted by Salvatore Bonaccorso on Apr 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-4179-1 security () debian org
https://www.debian.org/security/ Ben Hutchings
April 24, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux-tools

This update doesn't fix a vulnerability...
Categories:

SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products

April 24, 2018 - 10:32am

Posted by SEC Consult Vulnerability Lab on Apr 24

SEC Consult Vulnerability Lab Security Advisory < 20180424-0 >
=======================================================================
title: Reflected Cross-Site Scripting
product: Zyxel ZyWALL: see "Vulnerable / tested version"
vulnerable version: ZLD 4.30 and before
fixed version: ZLD 4.31
CVE number: -
impact: Medium
homepage: https://www.zyxel.com...
Categories:

SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server

April 24, 2018 - 7:16am

Posted by SEC Consult Vulnerability Lab on Apr 24

SEC Consult Vulnerability Lab Security Advisory < 20180423-0 >
=======================================================================
title: Multiple Stored XSS Vulnerabilities
product: WSO2 Carbon, WSO2 Dashboard Server
vulnerable version: WSO2 Identity Server 5.3.0
fixed version: WSO2 Identity Server 5.5.0
CVE number: CVE-2018-8716
impact: high
homepage:...
Categories:

[SECURITY] [DSA 4176-1] mysql-5.5 security update

April 23, 2018 - 3:30am

Posted by Salvatore Bonaccorso on Apr 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-4176-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 20, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mysql-5.5
CVE ID : CVE-2018-2755 CVE-2018-2761...
Categories:

Seagate Media Server path traversal vulnerability

April 23, 2018 - 3:29am

Posted by Summer of Pwnage on Apr 23

------------------------------------------------------------------------
Seagate Media Server path traversal vulnerability
------------------------------------------------------------------------
Yorick Koster, September 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Seagate Personal Cloud is a consumer-grade Network-Attached Storage...
Categories:

[SECURITY] [DSA 4175-1] freeplane security update

April 23, 2018 - 3:26am

Posted by Salvatore Bonaccorso on Apr 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-4175-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 18, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : freeplane
CVE ID : CVE-2018-1000069
Debian Bug...
Categories:

[SECURITY] [DSA 4178-1] libreoffice security update

April 23, 2018 - 3:25am

Posted by Moritz Muehlenhoff on Apr 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-4178-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2018-10119 CVE-2018-10120...
Categories:

[SE-2011-01] The origin and impact of vulnerabilities in ST chipsets

April 23, 2018 - 3:17am

Posted by Security Explorations on Apr 23

Hello All,

We have published an initial document describing the origin and impact
of the vulnerabilities discovered in ST chipsets along some rationale
indicating why it's worth to dig further into this case:

http://www.security-explorations.com/materials/se-2011-01-st-impact.pdf

This document is a work in progress. As such, it will be updated once
new information is acquired regarding the impact of the issues found.

ST vulnerabilities...
Categories:

[SECURITY] [DSA 4177-1] libsdl2-image security update

April 23, 2018 - 3:12am

Posted by Moritz Muehlenhoff on Apr 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-4177-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libsdl2-image
CVE ID : CVE-2017-2887...
Categories:

Seagate Media Server stored Cross-Site Scripting vulnerability

April 20, 2018 - 12:07am

Posted by Summer of Pwnage on Apr 19

------------------------------------------------------------------------
Seagate Media Server stored Cross-Site Scripting vulnerability
------------------------------------------------------------------------
Yorick Koster, September 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Seagate Personal Cloud is a consumer-grade...
Categories: