Feed aggregator

Bugtraq: Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

Security Focus Latest Security Advisories - February 15, 2018 - 9:00pm
Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
Categories:

Bugtraq: [SECURITY] [DSA 4113-1] libvorbis security update

Security Focus Latest Security Advisories - February 15, 2018 - 9:00pm
[SECURITY] [DSA 4113-1] libvorbis security update
Categories:

Bugtraq: [SECURITY] [DSA 4112-1] xen security update

Security Focus Latest Security Advisories - February 15, 2018 - 9:00pm
[SECURITY] [DSA 4112-1] xen security update
Categories:

[SECURITY] [DSA 4114-1] jackson-databind security update

BugTraq Latest Security Advisories - February 15, 2018 - 2:37am

Posted by Sebastien Delafond on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4114-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
February 15, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jackson-databind
CVE ID : CVE-2017-17485...
Categories:

[SECURITY] [DSA 4112-1] xen security update

BugTraq Latest Security Advisories - February 15, 2018 - 2:13am

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4112-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2017-17563 CVE-2017-17564...
Categories:

Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

BugTraq Latest Security Advisories - February 15, 2018 - 2:07am

Posted by Jeffrey Walton on Feb 14

Not sure if this is related, but:
https://winbuzzer.com/2018/02/14/microsoft-just-killed-skype-classic-response-unfixable-security-bug-xcxwbn/

Microsoft today squashed a bug that was found in Skype’s updater
process earlier this week. However, it seems the company’s method for
stopping the flaw is to kill off the Skype classic experience. If that
is the case, users of Skype on Windows 7 and Windows 8.1 could lose
access to the service.

As...
Categories:

[SECURITY] [DSA 4113-1] libvorbis security update

BugTraq Latest Security Advisories - February 15, 2018 - 2:05am

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4113-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libvorbis
CVE ID : CVE-2017-14632 CVE-2017-14633...
Categories:

NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security)

BugTraq Latest Security Advisories - February 15, 2018 - 2:03am

Posted by apparitionsec on Feb 14

[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt
[+] ISR: Apparition Security

[-_-] D1rty0tis

Vendor:
=============
www.nat32.com

Product:
=================
NAT32 Build (22284)

NAT32 is a versatile IP Router implemented as a WIN32 application.

Vulnerability Type:
===================
Remote Command Execution

CVE Reference:...
Categories:

Bugtraq: Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS

Security Focus Latest Security Advisories - February 15, 2018 - 1:00am
Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS
Categories:

Bugtraq: [security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification

Security Focus Latest Security Advisories - February 15, 2018 - 1:00am
[security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification
Categories:

Bugtraq: CSNC-2017-027 Microsoft Intune - App PIN Bypass

Security Focus Latest Security Advisories - February 15, 2018 - 1:00am
CSNC-2017-027 Microsoft Intune - App PIN Bypass
Categories:

Bugtraq: [SECURITY] [DSA 4111-2] libreoffice security update

Security Focus Latest Security Advisories - February 15, 2018 - 1:00am
[SECURITY] [DSA 4111-2] libreoffice security update
Categories:

Vuln: General Electric D60 Line Distance Relay Multiple Buffer Overflow Vulnerabilities

Security Focus Latest Security Advisories - February 15, 2018 - 12:00am
General Electric D60 Line Distance Relay Multiple Buffer Overflow Vulnerabilities
Categories:

Vuln: Nortek Linear eMerge E3 Series CVE-2017-5439 Remote Command Injection Vulnerability

Security Focus Latest Security Advisories - February 15, 2018 - 12:00am
Nortek Linear eMerge E3 Series CVE-2017-5439 Remote Command Injection Vulnerability
Categories:

Vuln: Cisco StarOS CVE-2018-0122 Local Arbitrary File Overwrite Vulnerability

Security Focus Latest Security Advisories - February 15, 2018 - 12:00am
Cisco StarOS CVE-2018-0122 Local Arbitrary File Overwrite Vulnerability
Categories:

next-20180215: linux-next

Linux Kernel Updates - February 14, 2018 - 10:32pm
Version:next-20180215 (linux-next) Released:2018-02-15

Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS

BugTraq Latest Security Advisories - February 14, 2018 - 7:29am

Posted by Stefan Kanthak on Feb 14

Hi @ll,

yesterdays "Security update deployment information: February 13, 2018"
<https://support.microsoft.com/en-us/help/20180213> links the following
MSKB articles for the security updates of Microsoft's Office products:
<https://support.microsoft.com/kb/4011715>
<https://support.microsoft.com/kb/4011200>
<https://support.microsoft.com/kb/3114874>
<https://support.microsoft.com/kb/4011707>
<...
Categories:

[security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification

BugTraq Latest Security Advisories - February 14, 2018 - 7:27am

Posted by cyber-psrt on Feb 14

Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03091103

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03091103
Version: 1

MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code
Execution or Remote Arbitrary File Modification

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

Bugtraq: [security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass

Security Focus Latest Security Advisories - February 14, 2018 - 6:00am
[security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass
Categories:

Bugtraq: CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security)

Security Focus Latest Security Advisories - February 14, 2018 - 6:00am
CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security)
Categories: