Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

102 messages starting Jan 11 17 and ending Jan 11 17
Date index | Thread index | Author index

Andrea Barisani

IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced Andrea Barisani (Jan 11)

Andreas Stieger

Re: [oss-security] Docker 1.12.6 - Security Advisory Andreas Stieger (Jan 11)

Apple Product Security

APPLE-SA-2017-01-23-4 tvOS 10.1.1 Apple Product Security (Jan 23)
APPLE-SA-2017-01-23-5 Safari 10.0.3 Apple Product Security (Jan 23)
APPLE-SA-2017-01-23-1 iOS 10.2.1 Apple Product Security (Jan 23)
APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5 Apple Product Security (Jan 23)
APPLE-SA-2017-01-23-2 macOS 10.12.3 Apple Product Security (Jan 23)
APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1 Apple Product Security (Jan 23)
APPLE-SA-2017-01-23-3 watchOS 3.1.3 Apple Product Security (Jan 23)

bashis

0-day: QNAP NAS Devices suffer of heap overflow bashis (Jan 02)

bowserj

CVE-2017-3160: Gradle Distribution URL used by Cordova-Android does not use https by default bowserj (Jan 29)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jan 25)
Cisco Security Advisory: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Jan 25)
Cisco Security Advisory: Cisco WebEx Browser Extension Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Jan 24)
Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jan 25)

EMC Product Security Response Center

ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability EMC Product Security Response Center (Jan 25)
ESA-2017-007: EMC Documentum eRoom Unverified Password Change Vulnerability EMC Product Security Response Center (Jan 31)
ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability EMC Product Security Response Center (Jan 18)
ESA-2016-133: EMC Data Protection Advisor Path Traversal Vulnerability EMC Product Security Response Center (Jan 27)
ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities EMC Product Security Response Center (Jan 26)
ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability EMC Product Security Response Center (Jan 26)
ESA-2016-094: RSA BSAFE Micro Edition Suite Multiple Vulnerabilities EMC Product Security Response Center (Jan 31)
ESA-2016-037: EMC PowerPath Management Appliance Information Disclosure Vulnerability EMC Product Security Response Center (Jan 27)
ESA-2016-132: EMC RecoverPoint Multiple Vulnerabilities EMC Product Security Response Center (Jan 26)
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability EMC Product Security Response Center (Jan 10)
ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability EMC Product Security Response Center (Jan 23)
ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability EMC Product Security Response Center (Jan 23)
ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities EMC Product Security Response Center (Jan 05)
ESA-2016-154: RSA BSAFE® Crypto-J Multiple Security Vulnerabilities EMC Product Security Response Center (Jan 27)
ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability EMC Product Security Response Center (Jan 18)
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability EMC Product Security Response Center (Jan 10)
ESA-2016-160: EMC Data Domain DD OS Command Injection Vulnerability EMC Product Security Response Center (Jan 26)
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability EMC Product Security Response Center (Jan 10)

ERPScan inc

[ERPSCAN-17-005] Oracle PeopleSoft - XSS vulnerability CVE-2017-3300 ERPScan inc (Jan 24)
CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS ERPScan inc (Jan 24)

Fernando Gont

ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers) Fernando Gont (Jan 12)

Filippo Cavallarin

Microsoft Remote Desktop Client for Mac Remote Code Execution - Update Filippo Cavallarin (Jan 23)

Florian Weimer

[SECURITY] [DSA 3758-1] bind9 security update Florian Weimer (Jan 11)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-17:01.openssh FreeBSD Security Advisories (Jan 10)

hyp3rlinx

NTOPNG Web Interface v2.4 CSRF Token Bypass hyp3rlinx (Jan 22)
PEAR HTTP_Upload v1.0.0b3 Arbitrary File Upload hyp3rlinx (Jan 25)

iedb . team

Directadmin ControlPanel 1.50.1 denial of service Vulnerability iedb . team (Jan 10)
Directadmin ControlPanel 1.50.1 Cross-Site-Scripting Vulnerability iedb . team (Jan 10)

info

QuickBooks 2017 Admin Credentials Disclosure info (Jan 06)

Joe Witt

[SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue Joe Witt (Jan 16)

Julien Ahrens

[RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection Julien Ahrens (Jan 18)

Kotas, Kevin J

CA20170126-01: Security Notice for CA Common Services casrvc Kotas, Kevin J (Jan 26)
CA20170109-01: Security Notice for CA Service Desk Manager Kotas, Kevin J (Jan 11)

lem . nikolas

Novel Contributions to the Field - How I broke MySQL's codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day lem . nikolas (Jan 18)

Mark Thomas

[SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure Mark Thomas (Jan 05)

Matteo Beccati

[REVIVE-SA-2017-001] Revive Adserver - Multiple vulnerabilities Matteo Beccati (Jan 31)

Moritz Muehlenhoff

[SECURITY] [DSA 3757-1] icedove security update Moritz Muehlenhoff (Jan 11)
[SECURITY] [DSA 3773-1] openssl security update Moritz Muehlenhoff (Jan 29)
[SECURITY] [DSA 3771-1] firefox-esr security update Moritz Muehlenhoff (Jan 25)
[SECURITY] [DSA 3760-1] ikiwiki security update Moritz Muehlenhoff (Jan 12)

Nicholas Lemonias.

Novel Contributions to the field - How I broke MySQL's code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day Nicholas Lemonias. (Jan 18)

Open Security

Multiple Vulnerabilities in cPanel Open Security (Jan 11)
OpenCart 2.3.0.2 CSRF - User Account Takeover Open Security (Jan 25)

Pedro Santos

Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability Pedro Santos (Jan 02)

Salvatore Bonaccorso

[SECURITY] [DSA 3767-1] mysql-5.5 security update Salvatore Bonaccorso (Jan 19)
[SECURITY] [DSA 3765-1] icoutils security update Salvatore Bonaccorso (Jan 16)
[SECURITY] [DSA 3770-1] mariadb-10.0 security update Salvatore Bonaccorso (Jan 22)
[SECURITY] [DSA 3778-1] ruby-archive-tar-minitar security update Salvatore Bonaccorso (Jan 31)
[SECURITY] [DSA 3764-1] pdns security update Salvatore Bonaccorso (Jan 16)
[SECURITY] [DSA 3772-1] libxpm security update Salvatore Bonaccorso (Jan 26)

sbieber

secuvera-SA-2017-01: Privilege escalation in an OPSI Managed Client environment ("rise of the machines") sbieber (Jan 30)

Sebastien Delafond

[SECURITY] [DSA 3743-2] python-bottle regression update Sebastien Delafond (Jan 16)
[SECURITY] [DSA 3753-1] libvncserver security update Sebastien Delafond (Jan 05)
[SECURITY] [DSA 3769-1] libphp-swiftmailer security update Sebastien Delafond (Jan 22)

Secunia Research

Secunia Research: libarchive "lha_read_file_header_1()" Out-Of-Bounds Memory Access Denial of Service Vulnerability Secunia Research (Jan 30)
Secunia Research: Oracle Outside In VSDX Use-After-Free Vulnerability Secunia Research (Jan 27)

security-alert

[security bulletin] HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click Jacking security-alert (Jan 16)
[security bulletin] HPSBHF03441 rev.2 - HPE iLO 3, iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities security-alert (Jan 24)
[security bulletin] HPSBGN03688 rev.1 - HPE Operations Orchestration, Remote Code Execution security-alert (Jan 03)
[security bulletin] HPSBHF03695 rev.1 - HPE Ethernet Adaptors, Remote Denial of Service (DoS) security-alert (Jan 24)
[security bulletin] HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information security-alert (Jan 24)
[security bulletin] HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities security-alert (Jan 18)
[security bulletin] HPSBST03642 rev.3 - HPE StoreVirtual Products running LeftHand OS using OpenSSL and OpenSSH, Remote Arbitrary Code Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access security-alert (Jan 24)
[security bulletin] HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information security-alert (Jan 12)
[security bulletin] HPESBHF03700 rev.1 - HPE iMC PLAT, Remote Disclosure of Information, Denial of Service (DoS) security-alert (Jan 31)
[security bulletin] HPESBGN03696 rev.1 - HPE Helion Eucalyptus, Remote Escalation of Privilege security-alert (Jan 31)
[security bulletin] HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities security-alert (Jan 16)
[security bulletin] HPSBHF03693 rev.1 - HPE iMC PLAT Network Products running Microsoft SQL Server, Remote Elevation of Privilege security-alert (Jan 31)
[security bulletin] HPESBMU03701 rev.1 - HPE Smart Storage Administrator, Remote Arbitrary Code Execution security-alert (Jan 30)

Slackware Security Team

[slackware-security] libpng (SSA:2016-365-01) Slackware Security Team (Jan 01)
[slackware-security] mozilla-firefox (SSA:2017-023-01) Slackware Security Team (Jan 23)
[slackware-security] seamonkey (SSA:2016-365-03) Slackware Security Team (Jan 02)
[slackware-security] mozilla-thunderbird (SSA:2017-026-01) Slackware Security Team (Jan 26)
[slackware-security] bind (SSA:2017-011-01) Slackware Security Team (Jan 12)
[slackware-security] gnutls (SSA:2017-011-02) Slackware Security Team (Jan 12)
[slackware-security] mozilla-thunderbird (SSA:2016-365-02) Slackware Security Team (Jan 02)

Stefan Kanthak

Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution Stefan Kanthak (Jan 22)

Summer of Pwnage

Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin Summer of Pwnage (Jan 29)
Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin Summer of Pwnage (Jan 29)
Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Jan 25)

Thijs Kinkhorst

[SECURITY] [DSA 3750-1] libphp-phpmailer security update Thijs Kinkhorst (Jan 02)
[SECURITY] [DSA 3750-2] libphp-phpmailer regression update Thijs Kinkhorst (Jan 03)

unlimitsec

CVE-2017-5350: Unexpected SystemUI FC driven by arbitrary application unlimitsec (Jan 12)

Vulnerability Lab

BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability Vulnerability Lab (Jan 11)
Bit Defender #39 - Auth Token Bypass Vulnerability Vulnerability Lab (Jan 11)
Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability Vulnerability Lab (Jan 11)
Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability Vulnerability Lab (Jan 11)

Previous period

Next period