Feed aggregator

Vuln: Oracle Java SE and JRockit CVE-2017-3533 Remote Security Vulnerability

Security Focus Latest Security Advisories - June 19, 2017 - 11:00pm
Oracle Java SE and JRockit CVE-2017-3533 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2017-3539 Remote Security Vulnerability

Security Focus Latest Security Advisories - June 19, 2017 - 11:00pm
Oracle Java SE CVE-2017-3539 Remote Security Vulnerability
Categories:

Vuln: Xen Page Transfer 'xen/arch/x86/mm.c' Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - June 19, 2017 - 11:00pm
Xen Page Transfer 'xen/arch/x86/mm.c' Privilege Escalation Vulnerability
Categories:

Vuln: Oracle Solaris CVE-2017-3629 Local Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - June 19, 2017 - 11:00pm
Oracle Solaris CVE-2017-3629 Local Privilege Escalation Vulnerability
Categories:

Vuln: Linux Kernel CVE-2017-1000365 Local Security Bypass Vulnerability

Security Focus Latest Security Advisories - June 19, 2017 - 11:00pm
Linux Kernel CVE-2017-1000365 Local Security Bypass Vulnerability
Categories:

Vuln: Symantec Web Gateway CVE-2016-9096 Multiple Cross Site Scripting Vulnerabilities

Security Focus Latest Security Advisories - June 19, 2017 - 11:00pm
Symantec Web Gateway CVE-2016-9096 Multiple Cross Site Scripting Vulnerabilities
Categories:

Vuln: Multiple I-O DATA Network Camera Products CVE-2017-2223 Cross Site Request Forgery Vulnerability

Security Focus Latest Security Advisories - June 19, 2017 - 11:00pm
Multiple I-O DATA Network Camera Products CVE-2017-2223 Cross Site Request Forgery Vulnerability
Categories:

Vuln: GnuTLS CVE-2017-7507 NULL Pointer Dereference Denial of Service Vulnerability

Security Focus Latest Security Advisories - June 19, 2017 - 11:00pm
GnuTLS CVE-2017-7507 NULL Pointer Dereference Denial of Service Vulnerability
Categories:

Vuln: SAP Business Objects DS Open Redirection Vulnerability

Security Focus Latest Security Advisories - June 19, 2017 - 11:00pm
SAP Business Objects DS Open Redirection Vulnerability
Categories:

CVE-2017-7659: mod_http2 null pointer dereference

BugTraq Latest Security Advisories - June 19, 2017 - 2:46pm

Posted by Jim Jagielski on Jun 19

CVE-2017-7659: mod_http2 null pointer dereference

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.24 (unreleased)
httpd 2.4.25

Description:
A maliciously constructed HTTP/2 request could cause mod_http2 to
dereference a NULL pointer and crash the server process.

Mitigation:
2.4.25 users of mod_http2 should upgrade to 2.4.26.

Credit:
The Apache HTTP Server security team would like to thank Robert...
Categories:

[SECURITY] [DSA 3886-1] linux security update

BugTraq Latest Security Advisories - June 19, 2017 - 1:01pm

Posted by Salvatore Bonaccorso on Jun 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3886-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 19, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2017-0605 CVE-2017-7487...
Categories:

Bugtraq: Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting

Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting
Categories:

[SECURITY] [DSA 3887-1] glibc security update

BugTraq Latest Security Advisories - June 19, 2017 - 12:50pm

Posted by Moritz Muehlenhoff on Jun 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3887-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 19, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : glibc
CVE ID : CVE-2017-1000366

The Qualys...
Categories:

[security bulletin] HPESBGN03758 rev.2 - HPE UCMDB, Remote Code Execution

BugTraq Latest Security Advisories - June 19, 2017 - 12:30pm

Posted by HPE Product Security Response Team on Jun 19

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03758en_us
Version: 2

HPESBGN03758 rev.2 - HPE UCMDB, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-06-14
Last Updated: 2017-06-13

Potential...
Categories:

Bugtraq: Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting

Security Focus Latest Security Advisories - June 19, 2017 - 11:00am
Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting
Categories:

Bugtraq: Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting

Security Focus Latest Security Advisories - June 19, 2017 - 11:00am
Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting
Categories:

Bugtraq: ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station

Security Focus Latest Security Advisories - June 19, 2017 - 11:00am
ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station
Categories:

4.12-rc6: mainline

Linux Kernel Updates - June 19, 2017 - 9:19am
Version:4.12-rc6 (mainline) Released:2017-06-19 Source:linux-4.12-rc6.tar.gz Patch:full (incremental)

Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting

BugTraq Latest Security Advisories - June 19, 2017 - 8:04am

Posted by ghasseminia on Jun 19

# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version: 9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia
# CVE ID: CVE-2016-6201

# PROOF OF CONCEPT

Vulnerable URL:
/WorkArea/content.aspx?id=0&action=ViewContentByCategory&LangType=1033&ContType=zjgsa&SubType=0

# VULNERABLE PARAMETERS:
- ContType

# SAMPLE...
Categories:

Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting

BugTraq Latest Security Advisories - June 19, 2017 - 7:48am

Posted by ghasseminia on Jun 19

# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version: 9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia
# CVE ID: CVE-2016-6133

# PROOF OF CONCEPT

Vulnerable URL:
/WorkArea/SelectUserGroup.aspx?action=Report&rptStatus

# VULNERABLE PARAMETERS:
- rptStatus

# SAMPLE PAYLOAD
-...
Categories: