[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.

2018-01-22 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03805en_us Version: 7

[SECURITY] [DSA 4094-1] smarty3 security update

2018-01-22 Thread Luciano Bello
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-4094-1 secur...@debian.org https://www.debian.org/security/ January 22, 2018

CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities

2018-01-22 Thread Vulnerability Lab
Document Title: === CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1833 Release Date: = 2018-01-22 Vulnerability Laboratory ID (VL-ID):

Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security)

2018-01-22 Thread apparitionsec
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-JDEVELOPER-DIRECTORY-TRAVERSAL.txt [+] ISR: apparition security Vendor: = www.oracle.com Product: ===

Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability

2018-01-22 Thread Vulnerability Lab
Document Title: === Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id=2056 MSRC ID: 0001010174 Release Date: = 2018-01-20 Vulnerability Laboratory ID

[SECURITY] [DSA 4093-1] openocd security update

2018-01-22 Thread luciano
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-4093-1 secur...@debian.org https://www.debian.org/security/ January 21, 2018

Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities

2018-01-22 Thread Vulnerability Lab
Document Title: === Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1922 Shopware Security Tracking ID: SW-19834 Security Update:

CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities

2018-01-22 Thread Vulnerability Lab
Document Title: === CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1835 Release Date: = 2018-01-17 Vulnerability Laboratory ID (VL-ID):

CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities

2018-01-22 Thread Vulnerability Lab
Document Title: === CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1836 Release Date: = 2018-01-19 Vulnerability Laboratory ID (VL-ID):

Photo Vault v1.2 iOS - Insecure Authentication Vulnerability

2018-01-22 Thread Vulnerability Lab
Document Title: === Photo Vault v1.2 iOS - Insecure Authentication Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id=2110 Release Date: = 2018-01-16 Vulnerability Laboratory ID (VL-ID):

CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability

2018-01-22 Thread Jason Lowe
CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability Severity: Severe Vendor: The Apache Software Foundation Versions Affected: Hadoop 0.23.0 to 0.23.11 Hadoop 2.0.0-alpha to 2.8.2 Hadoop 3.0.0-alpha to 3.0.0-beta1 Users affected: Users running the MapReduce job