Feed aggregator

CVE-2018-11101: Signal-desktop HTML tag injection variant 2

BugTraq Latest Security Advisories - May 16, 2018 - 9:27pm

Posted by Alfredo Ortega on May 16

Title: Signal-desktop HTML tag injection variant 2

Date Published: 2018-05-16

Last Update: 2018-05-16

CVE Name: CVE-2018-11101

Class: Code injection

Remotely Exploitable: Yes

Locally Exploitable: No

Vendors contacted: Signal.org

Vulnerability Description:

Signal-desktop is the standalone desktop version of the secure
Signal messenger. This software is vulnerable to remote code execution
from a malicious contact, by sending a specially...
Categories:

SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager

BugTraq Latest Security Advisories - May 16, 2018 - 9:18pm

Posted by SEC Consult Vulnerability Lab on May 16

SEC Consult Vulnerability Lab Security Advisory < 20180516-0 >
=======================================================================
title: XXE & XSS vulnerabilities
product: RSA Authentication Manager
vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P1
fixed version: 8.3 P1 and later
CVE number: CVE-2018-1247
impact: High
homepage: https://www.rsa.com...
Categories:

Bugtraq: CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery
Categories:

Bugtraq: CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking
Categories:

Bugtraq: Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet

Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet
Categories:

4.16.9: stable

Linux Kernel Updates - May 16, 2018 - 3:12am
Version:4.16.9 (stable) Released:2018-05-16 Source:linux-4.16.9.tar.xz PGP Signature:linux-4.16.9.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.16.9

4.14.41: longterm

Linux Kernel Updates - May 16, 2018 - 3:10am
Version:4.14.41 (longterm) Released:2018-05-16 Source:linux-4.14.41.tar.xz PGP Signature:linux-4.14.41.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.14.41

4.9.100: longterm

Linux Kernel Updates - May 16, 2018 - 3:08am
Version:4.9.100 (longterm) Released:2018-05-16 Source:linux-4.9.100.tar.xz PGP Signature:linux-4.9.100.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.9.100

4.4.132: longterm

Linux Kernel Updates - May 16, 2018 - 3:06am
Version:4.4.132 (longterm) Released:2018-05-16 Source:linux-4.4.132.tar.xz PGP Signature:linux-4.4.132.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.4.132

3.18.109: longterm

Linux Kernel Updates - May 16, 2018 - 3:05am
Version:3.18.109 (EOL) (longterm) Released:2018-05-16 Source:linux-3.18.109.tar.xz PGP Signature:linux-3.18.109.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-3.18.109

next-20180516: linux-next

Linux Kernel Updates - May 16, 2018 - 2:59am
Version:next-20180516 (linux-next) Released:2018-05-16

[SECURITY] [DSA 4201-1] xen security update

BugTraq Latest Security Advisories - May 15, 2018 - 11:04pm

Posted by Moritz Muehlenhoff on May 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4201-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 15, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2018-8897 CVE-2018-10471...
Categories:

Bugtraq: CVE-2018-10994: HTML tag injection in Signal-desktop

CVE-2018-10994: HTML tag injection in Signal-desktop
Categories:

Vuln: Symantec IntelligenceCenter CVE-2017-18268 Information Disclosure Vulnerability

Symantec IntelligenceCenter CVE-2017-18268 Information Disclosure Vulnerability
Categories:

Vuln: Symantec SSLV CVE-2017-15533 Information Disclosure Vulnerability

Symantec SSLV CVE-2017-15533 Information Disclosure Vulnerability
Categories:

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery

BugTraq Latest Security Advisories - May 15, 2018 - 5:12am

Posted by Advisories on May 15

################################################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
################################################################################
#
# Product: totemomail Encryption Gateway
# Vendor: totemo AG
# CSNC ID: CSNC-2018-003
# CVE ID: CVE-2018-6563
# Subject: Cross-Site Request Forgery
# Risk: High
# Effect: Remotely...
Categories:

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking

BugTraq Latest Security Advisories - May 15, 2018 - 5:11am

Posted by Advisories on May 15

################################################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
################################################################################
#
# Product: totemomail Encryption Gateway
# Vendor: totemo AG
# CSNC ID: CSNC-2018-002
# CVE ID: CVE-2018-6562
# Subject: JSONP hijacking
# Risk: High
# Effect: Remotely exploitable
#...
Categories:

Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet

BugTraq Latest Security Advisories - May 15, 2018 - 5:00am

Posted by SEC Consult Vulnerability Lab on May 15

The following CVE numbers have been assigned now:
XSS issue: CVE-2018-11090
Arbitrary File Upload: CVE-2018-11091
Categories: