BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 44 min 46 sec ago

[security bulletin] HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Local Denial of Service (DoS)

July 21, 2017 - 1:15am

Posted by security-alert on Jul 20

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03766en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03766en_us
Version: 1

HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5
Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification
and Local Denial of Service (DoS)

NOTICE: The information in...
Categories:

File Upload in Integration Gateway (PSIGW)

July 20, 2017 - 10:58am

Posted by ERPScan inc on Jul 20

1. ADVISORY INFORMATION
Title: File Upload in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-039]
Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-integration-gateway-psigw-peoplesoft/
Risk: High
Date published: 18.07.2017
Vendor contacted: Oracle

2. VULNERABILITY INFORMATION
Class: File Upload
Impact: Remote command execution on the server
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2017-10061...
Categories:

Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)

July 20, 2017 - 10:46am

Posted by ERPScan inc on Jul 20

1. ADVISORY INFORMATION
Title: Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)
Advisory ID: [ERPSCAN-17-037]
Advisory URL: https://erpscan.com/advisories/erpscan-17-037-multiple-xss-vulnerabilities-testservlet-peoplesoft/
Risk: Medium
Date published: 18.07.2017
Vendor contacted: Oracle

2. VULNERABILITY INFORMATION
Class: XSS [CWE-79]
Impact: Modify displayed content from a Web site, steal authentication
information of a...
Categories:

Directory Traversal vulnerability in Integration Gateway (PSIGW)

July 20, 2017 - 10:35am

Posted by ERPScan inc on Jul 20

1. ADVISORY INFORMATION
Title: Directory Traversal vulnerability in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-038]
Advisory URL: https://erpscan.com/advisories/erpscan-17-038-directory-traversal-vulnerability-integration-gateway-psigw/
Risk: High
Date published: 18.07.2017
Vendor contacted: Oracle

2. VULNERABILITY INFORMATION
Class: Directory Traversal
Impact: Read, delete, rewrite file from the system
Remotely Exploitable: Yes
CVE...
Categories:

APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2

July 20, 2017 - 2:19am

Posted by Apple Product Security on Jul 20

APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2

iCloud for Windows 6.2.2 is now available and addresses the
following:

libxml2
Available for: Windows 7 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-7010: Apple
CVE-2017-7013: found by OSS-Fuzz

WebKit
Available for: Windows 7 and later
Impact:...
Categories:

APPLE-SA-2017-07-19-5 Safari 10.1.2

July 20, 2017 - 2:08am

Posted by Apple Product Security on Jul 20

APPLE-SA-2017-07-19-5 Safari 10.1.2

Safari 10.1.2 is now available and addresses the following:

Safari
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may lead to an
infinite number of print dialogs
Description: An issue existed where a malicious or compromised
website could show infinite print dialogs and make users believe
their browser was locked. The...
Categories:

APPLE-SA-2017-07-19-2 macOS 10.12.6

July 20, 2017 - 1:56am

Posted by Apple Product Security on Jul 19

APPLE-SA-2017-07-19-2 macOS 10.12.6

macOS 10.12.6 is now available and addresses the following:

afclip
Available for: macOS Sierra 10.12.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-7016: riusksk (泉哥) of Tencent Security Platform
Department

afclip
Available for: macOS Sierra 10.12.5
Impact:...
Categories:

APPLE-SA-2017-07-19-3 watchOS 3.2.2

July 20, 2017 - 1:44am

Posted by Apple Product Security on Jul 19

APPLE-SA-2017-07-19-3 watchOS 3.2.2

watchOS 3.2.2 is now available and addresses the following:

Contacts
Available for: All Apple Watch models
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-7062: Shashank (@cyberboyIndia)

IOUSBFamily
Available for: All Apple Watch models
Impact: An...
Categories:

APPLE-SA-2017-07-19-1 iOS 10.3.3

July 20, 2017 - 1:32am

Posted by Apple Product Security on Jul 19

APPLE-SA-2017-07-19-1 iOS 10.3.3

iOS 10.3.3 is now available and addresses the following:

Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-7062: Shashank (@cyberboyIndia)

CoreAudio...
Categories:

APPLE-SA-2017-07-19-6 iTunes 12.6.2

July 20, 2017 - 1:18am

Posted by Apple Product Security on Jul 19

APPLE-SA-2017-07-19-6 iTunes 12.6.2

iTunes 12.6.2 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An access issue was addressed with additional
restrictions.
CVE-2017-7053: an anonymous researcher working with Trend Micro's
Zero Day Initiative

libxml2
Available for: Windows 7 and later
Impact: Parsing...
Categories:

APPLE-SA-2017-07-19-4 tvOS 10.2.2

July 20, 2017 - 1:04am

Posted by Apple Product Security on Jul 19

APPLE-SA-2017-07-19-4 tvOS 10.2.2

tvOS 10.2.2 is now available and addresses the following:

Contacts
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-7062: Shashank (@cyberboyIndia)

CoreAudio
Available for: Apple TV (4th generation)
Impact:...
Categories:

[SECURITY] [DSA 3914-1] imagemagick security update

July 18, 2017 - 7:38pm

Posted by Moritz Muehlenhoff on Jul 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3914-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 18, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : imagemagick
CVE ID : CVE-2017-9439 CVE-2017-9440...
Categories: