Databáze Hot News 2018 May - 2018 January February March April May June July August September October November December

30.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Microsoft Windows Use-After-Free Remote Code Execution Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104310

Google Chrome Prior to 67.0.3396.62 Multiple Security Vulnerabilities
2018-05-29
http://www.securityfocus.com/bid/104309

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

VideoLAN VLC 'input/demux_chained.c' Denial of Service Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104293

Linux Kernel 'kernel/compat.c' Local Information Disclosure Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104292

SANS News

The end of the lock icon

Threatpost

Fraudsters Claim To Hack Two Canadian Banks

SEVered Attack Extracts the Memory of AMD-Encrypted VMs

Sonic Tone Attacks Damage Hard Disk Drives, Crashes OS

Google Patches reCAPTCHA Bypass

Exploint

 

29.5.2018

Bugtraq

 

Malware

Win32/Agent.TDK

Phishing

 

Vulnerebility

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

VideoLAN VLC 'input/demux_chained.c' Denial of Service Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104293

Linux Kernel 'kernel/compat.c' Local Information Disclosure Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104292

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104228

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104232

SANS News

DNS is Changing. Are you Ready?

Threatpost

Singapore ISP Leaves 1,000 Routers Open to Attack

Exploint

 

28.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104228

SANS News

Do you hear Laurel or Yanny or is it On-Off Keying?

Threatpost

 

Exploint

 

27.5.2018

Bugtraq

[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4210-1] xen security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

Malware

Exp.CVE-2018-4990

Phishing

 

Vulnerebility

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104228

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104232

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
2018-05-24
http://www.securityfocus.com/bid/104256

SANS News

Quick analysis of malware created with NSIS

Threatpost

Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim

Pet Trackers Open to MITM Attacks, Interception

Alexa Eavesdropping Flub Re-Sparks Voice Assistant Privacy Debate

Attackers Cashing In On Cryptocurrency With Increased Scams

Exploint

 

25.5.2018

Bugtraq

[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4210-1] xen security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting 2018-05-24
Yavuz Atlas (yavuz atlas biznet com tr)

Android OS Didnt use FLAG_SECURE for Sensitive Settings [CVE-2017-13243] 2018-05-24
research nightwatchcybersecurity com

PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) 2018-05-23
reggie dodd30 gmail com

[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting 2018-05-23
cyber-psrt microfocus com

Malware

 

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104232

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
2018-05-24
http://www.securityfocus.com/bid/104256

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104167

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104263

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104252

SANS News

Antivirus Evasion? Easy as 1,2,3

"Blocked" Does Not Mean "Forget It"

Threatpost

Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4

Amazon Comes Under Fire for Facial Recognition Platform

James Comey: FBI Faces Deep Tech-Related Questions

VPNFilter Malware Infects 500k Routers Including Linksys, MikroTik, NETGEAR

Exploint

 

24.5.2018

Bugtraq

PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) 2018-05-23
reggie dodd30 gmail com

[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting 2018-05-23
cyber-psrt microfocus com

[CVE-2018-8013] Apache Batik information disclosure vulnerability 2018-05-23
Simon Steiner (simonsteiner1984 gmail com)

K2 smartforms runtime application - 4.6.11 SSRF 2018-05-22
fuming22 gmail com

[slackware-security] mozilla-thunderbird (SSA:2018-142-02) 2018-05-23
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4208-1] procps security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) 2018-05-23
Slackware Security Team (security slackware com)

[slackware-security] procps-ng (SSA:2018-142-03) 2018-05-23
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
2018-05-24
http://www.securityfocus.com/bid/104256

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104167

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104232

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104263

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104252

Multiple BMW Products Multiple Security Vulnerabilities
2018-05-22
http://www.securityfocus.com/bid/104258

SANS News

"Blocked" Does Not Mean "Forget It"

Threatpost

Amazon Comes Under Fire for Facial Recognition Platform

VPNFilter Malware Infects 500k Routers Including Linksys, MikroTik, NETGEAR

Six Vulnerabilities Found in Dell EMC’s Disaster Recovery System, One Critical

Comcast Patches Router Bug That Leaked Some Wi-Fi Passwords

Exploint

 

23.5.2018

Bugtraq

K2 smartforms runtime application - 4.6.11 SSRF 2018-05-22
fuming22 gmail com

[slackware-security] mozilla-thunderbird (SSA:2018-142-02) 2018-05-23
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4208-1] procps security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) 2018-05-23
Slackware Security Team (security slackware com)

[slackware-security] procps-ng (SSA:2018-142-03) 2018-05-23
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4207-1] packagekit security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4206-1] gitlab security update 2018-05-21
Moritz Muehlenhoff (jmm debian org)

Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

Malware

Win32/Agent.YEV

Win32/Filecoder.SynAck.A

Win32/Agent.ZNG

Phishing

 

Vulnerebility

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104167

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104232

Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
2018-05-21
http://www.securityfocus.com/bid/104239

VMware Workstation and Fusion CVE-2018-6963 Multiple Denial of Service Vulnerabilities
2018-05-21
http://www.securityfocus.com/bid/104237

VMware Fusion CVE-2018-6962 Local Security Bypass Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104235

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-21
http://www.securityfocus.com/bid/10422

SANS News

 

Threatpost

Intel Responds to Spectre-Like Flaw In CPUs

Track naughty and nice binaries with Google Santa

Exploint

 

22.5.2018

Bugtraq

[SECURITY] [DSA 4206-1] gitlab security update 2018-05-21
Moritz Muehlenhoff (jmm debian org)

Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for 2018-05-18
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4204-1] imagemagick security update 2018-05-18
Sebastien Delafond (seb debian org)

Malware

 

Phishing

 

Vulnerebility

VMware Workstation and Fusion CVE-2018-6963 Multiple Denial of Service Vulnerabilities
2018-05-21
http://www.securityfocus.com/bid/104237

VMware Fusion CVE-2018-6962 Local Security Bypass Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104235

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104232

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104228

OpenDaylight Controller 'SdniDataBase.java' SQL Injection Vulnerability
2018-05-19
http://www.securityfocus.com/bid/104238

ISC BIND CVE-2018-5737 Remote Denial of Service Vulnerability
2018-05-18
http://www.securityfocus.com/bid/104236

SANS News

Malware Distributed via .sylk Files

Threatpost

Intel Responds to Spectre-Like Flaw In CPUs

TeenSafe Tracking App Exposes Thousands of Private Records

Exploint

Superfood 1.0 - Multiple Vulnerabilities

21.5.2018

Bugtraq

Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for 2018-05-18
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

DASAN GPON home routers exploits in-the-wild

Something Wicked this way comes

Threatpost

 

Exploint

Superfood 1.0 - Multiple Vulnerabilities

mySCADA myPRO 7 - Hard-Coded Credentials

Superfood 1.0 - Multiple Vulnerabilities

Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection

19.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Malicious Powershell Targeting UK Bank Customers

Threatpost

Hurdles Remain After Senate Votes To Restore Net Neutrality

Latin American ‘Biñeros’ Bond Over Fraudulent Purchase Scheme

TeleGrab Malware Steals Telegram Desktop Messaging Sessions, Steam Credentials

Exploint

mySCADA myPRO 7 - Hard-Coded Credentials

Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection

Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution

D-Link DSL-3782 - Authentication Bypass

HPE iMC 7.3 - Remote Code Execution (Metasploit)

SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion

Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery

Cisco SA520W Security Appliance - Path Traversal

Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit)

DynoRoot DHCP - Client Command Injection

Microsoft Edge Chakra JIT - Bound Check Elimination Bug

18.5.2018

Bugtraq

MagniComp SysInfo Information Exposure [CVE-2018-7268] 2018-05-18
Harry Sintonen (bugtraq kyber fi)

[SECURITY] [DSA 4203-1] vlc security update 2018-05-17
Moritz Muehlenhoff (jmm debian org)

[slackware-security] curl (SSA:2018-136-01) 2018-05-17
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2018-136-02) 2018-05-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4202-1] curl security update 2018-05-16
Alessandro Ghedini (ghedo debian org)

Malware

 

Phishing

 

Vulnerebility

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104020

PHP CVE-2018-10545 Security Bypass Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104022

PHP Multiple Security Vulnerabilities
2018-05-17
http://www.securityfocus.com/bid/104019

Xen CVE-2018-10981 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104149

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104003

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104071

Xen CVE-2018-10982 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104150

Xen XSA-258 Information Disclosure Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104002

Cisco Meeting Server CVE-2018-0280 Denial of Service Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104209

Cisco Enterprise NFV Infrastructure Software CVE-2018-0324 Local Command Injection Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104208

cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104207

SANS News

Business Email Compromise incidents

Anatomy of a Redis mining worm

Threatpost

Fake Fortnite Apps for Android Spread Spyware, Cryptominers

‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies

Cisco Warns of Three Critical Bugs in Digital Network Architecture Platform

Exploint

Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request...

Microsoft Edge Chakra JIT - Bound Check Elimination Bug

17.5.2018

Bugtraq

[SECURITY] [DSA 4202-1] curl security update 2018-05-16
Alessandro Ghedini (ghedo debian org)

CVE-2018-11101: Signal-desktop HTML tag injection variant 2 2018-05-16
Alfredo Ortega (ortegaalfredo gmail com)

SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager 2018-05-16
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4201-1] xen security update 2018-05-15
Moritz Muehlenhoff (jmm debian org)

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking 2018-05-15
Advisories (advisories compass-security com)

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery 2018-05-15
Advisories (advisories compass-security com)

Malware

 

Phishing

 

Vulnerebility

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104020

PHP CVE-2018-10545 Security Bypass Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104022

PHP Multiple Security Vulnerabilities
2018-05-17
http://www.securityfocus.com/bid/104019

Xen CVE-2018-10981 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104149

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104003

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104071

Xen CVE-2018-10982 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104150

Xen XSA-258 Information Disclosure Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104002

Cisco DNA Center Software CVE-2018-0268 Authentication Bypass Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104192

Cisco DNA Center Software CVE-2018-0271 Authentication Bypass Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104191

Symantec IntelligenceCenter CVE-2017-18268 Information Disclosure Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104164

Symantec SSLV CVE-2017-15533 Information Disclosure Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104163

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104162

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104102

Advantech WebAccess ICSA-18-135-01 Multiple Security Vulnerabilities
2018-05-15
http://www.securityfocus.com/bid/104190

oVirt CVE-2018-1073 User Enumeration Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104189

oVirt Ansible Roles CVE-2018-1117 Local Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104186

VMware SD-WAN Edge CVE-2018-6961 Command Injection Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104185

Microsoft PowerPoint CVE-2018-8176 Remote Code Execution Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104184

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

SANS News

 

Threatpost

Critical Linux Flaw Opens the Door to Full Root Access

New Cryptominer Distributes XMRig in Aggressive Attacks

Exploint

Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)

Jenkins CLI - HTTP Java Deserialization (Metasploit)

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution

Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery

Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat...

Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery

SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site...

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution

Intelbras NCLOUD 300 1.0 - Authentication bypass

NodAPS 4.0 - SQL injection / Cross-Site Request Forgery

16.5.2018

Bugtraq

[SECURITY] [DSA 4201-1] xen security update 2018-05-15
Moritz Muehlenhoff (jmm debian org)

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking 2018-05-15
Advisories (advisories compass-security com)

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery 2018-05-15
Advisories (advisories compass-security com)

CVE-2018-10994: HTML tag injection in Signal-desktop 2018-05-14
Alfredo Ortega (ortegaalfredo gmail com)

[SECURITY] [DSA 4200-1] kwallet-pam security update 2018-05-14
Moritz Muehlenhoff (jmm debian org)

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com) (1 replies)

Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-15
SEC Consult Vulnerability Lab (research sec-consult com)

Vulnerabilities in IBMs Flashsystems and Storwize Products 2018-05-11
Sebastian Neuner (sneuner google com)

Malware

 

Phishing

 

Vulnerebility

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104162

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104102

Advantech WebAccess ICSA-18-135-01 Multiple Security Vulnerabilities
2018-05-15
http://www.securityfocus.com/bid/104190

oVirt CVE-2018-1073 User Enumeration Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104189

oVirt Ansible Roles CVE-2018-1117 Local Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104186

VMware SD-WAN Edge CVE-2018-6961 Command Injection Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104185

Microsoft PowerPoint CVE-2018-8176 Remote Code Execution Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104184

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104136

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104143

Atlassian Application Links CVE-2017-16860 Cross Site Scripting Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104188

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4965 Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104176

SANS News

EFAIL, a weakness in openPGP and S\MIME

Threatpost

Phishing Spy Campaign Targets Top Mideast Officials

Mexico’s Banking System Sees $18M Siphoned Off in Phantom Transactions

Adobe Doles Out Second Round of Higher Priority Patches

EFAIL Opens Up Encrypted Email to Prying Eyes

Exploint

Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation

WhatsApp 2.18.31 - Memory Corruption

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution

RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity...

WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery

Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery

Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting

Rockwell Scada System 27.011 - Cross-Site Scripting

VirtueMart 3.1.14 - Persistent Cross-Site Scripting

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery

Libuser - roothelper Privilege Escalation (Metasploit)

15.5.2018

Bugtraq

CVE-2018-10994: HTML tag injection in Signal-desktop 2018-05-14
Alfredo Ortega (ortegaalfredo gmail com)

[SECURITY] [DSA 4200-1] kwallet-pam security update 2018-05-14
Moritz Muehlenhoff (jmm debian org)

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104136

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104143

Adobe Acrobat and Reader CVE-2018-4950 Arbitrary Code Execution Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104174

Adobe Acrobat/Reader/Photoshop CC CVE-2018-4946 Remote Code Execution Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104171

Multiple Products S/MIME CVE-2017-17689 Man In The Middle Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104165

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104162

Pivotal Greenplum Command Center CVE-2018-1280 SQL Injection Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104153

OpenVPN CVE-2016-6329 Information Disclosure Vulnerability
2018-05-11
http://www.securityfocus.com/bid/92631

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

Rockwell Automation Arena CVE-2018-8843 Denial of Service Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104166

SANS News

Phishing emails for fake MyEtherWallet login page

Threatpost

GDPR Phishing Scam Targets Apple Accounts, Financial Data

Samsung Patches Six Critical Bugs in Flagship Handsets

Samsung Patches Six Critical Bugs in Flagship Handsets

Exploint

XATABoost 1.0.0 - SQL Injection

Monstra CMS 3.0.4 - Remote Code Execution

2345 Security Guard 3.7 - '2345NsProtect.sys' Denial of Service

Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)

14.5.2018

Bugtraq

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com)

Vulnerabilities in IBMs Flashsystems and Storwize Products 2018-05-11
Sebastian Neuner (sneuner google com)

[slackware-security] mariadb (SSA:2018-130-01) 2018-05-10
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104136

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104143

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104162

Pivotal Greenplum Command Center CVE-2018-1280 SQL Injection Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104153

OpenVPN CVE-2016-6329 Information Disclosure Vulnerability
2018-05-11
http://www.securityfocus.com/bid/92631

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

SANS News

Malspam pushing Trickbot malware on Friday 2018-05-11

Threatpost

 

Exploint

 

12.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Google Project Zero Calls Windows 10 Edge Defense ‘ACG’ Flawed

Vega Stealer Malware Takes Aim at Chrome, Firefox

Panda Banking Trojan Diversifies into Cryptocurrency, Porn, Other Targets

Exploint

Open-AudIT Community - 2.2.0 – Cross-Site Scripting

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting

EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection

2345 Security Guard 3.7 - '2345BdPcSafe.sys' Denial of Service

Microsoft Windows 2003 SP2 - 'RRAS' SMB Remote Code Execution

WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting

11.5.2018

Bugtraq

[slackware-security] mariadb (SSA:2018-130-01) 2018-05-10
Slackware Security Team (security slackware com)

[security bulletin] MFSBGN03807 rev.1 - HP Service Manager Software, SQL Injection 2018-05-10
cyber-psrt microfocus com

[SECURITY] [DSA 4199-1] firefox-esr security update 2018-05-10
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-05-10
cyber-psrt microfocus com

[security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information 2018-05-10
cyber-psrt microfocus com

[slackware-security] mozilla-firefox (SSA:2018-129-01) 2018-05-10
Slackware Security Team (security slackware com)

[slackware-security] wget (SSA:2018-129-02) 2018-05-10
Slackware Security Team (security slackware com)

Malware

Exp.CVE-2018-8137

Exp.CVE-2018-4944

Phishing

 

Vulnerebility

OpenVPN CVE-2016-6329 Information Disclosure Vulnerability
2018-05-11
http://www.securityfocus.com/bid/92631

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-10
http://www.securityfocus.com/bid/104143

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-05-09
http://www.securityfocus.com/bid/98369

Multiple Siemens Products CVE-2017-12741 Denial of Service Vulnerability
2018-05-09
http://www.securityfocus.com/bid/101964

SANS News

Reversed C2 traffic from China

Threatpost

GandCrab Ransomware Found Hiding on Legitimate Websites

PoS Malware ‘TreasureHunter’ Source Code Leaked

New Facebook-Spread Malware Triggers Credential Theft, Cryptomining

Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked

Exploint

Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

Dell Touchpad - 'ApMsgFwd.exe' Denial of Service

Open-AudIT Community - 2.2.0 – Cross-Site Scripting

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting

10.5.2018

Bugtraq

[slackware-security] mozilla-firefox (SSA:2018-129-01) 2018-05-10
Slackware Security Team (security slackware com)

[slackware-security] wget (SSA:2018-129-02) 2018-05-10
Slackware Security Team (security slackware com)

[security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information 2018-05-09
cyber-psrt microfocus com

[SECURITY] [DSA 4197-1] wavpack security updaze 2018-05-09
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4198-1] prosody security update 2018-05-09
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities 2018-05-09
cyber-psrt microfocus com

t2'18: Call For Papers 2018 (Helsinki, Finland) 2018-05-09
Tomi Tuominen (tomi tuominen t2 fi)

Malware

Win64/NukeSped.AQ

Win32/SdbMine.B

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-05-09
http://www.securityfocus.com/bid/98369

SANS News

Exfiltrating data from (very) isolated environments

Threatpost

Bugs in Logitech Harmony Hub Put Connected IoT Devices at ‘High Risk’

May Patch Tuesday Fixes Two Bugs Under Active Attack

Exploint

Dell Touchpad - 'ApMsgFwd.exe' Denial of Service

Linux/x86 - Read /etc/passwd Shellcode (62 bytes)

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

ModbusPal 1.6b - XML External Entity Injection

9.5.2018

Bugtraq

t2'18: Call For Papers 2018 (Helsinki, Finland) 2018-05-09
Tomi Tuominen (tomi tuominen t2 fi)

[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy 2018-05-08
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4196-1] linux security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)

FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg 2018-05-08
FreeBSD Security Advisories (security-advisories freebsd org)

APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-05-08
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4195-1] wget security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)

WebKitGTK+ Security Advisory WSA-2018-0004 2018-05-07
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4194-1] lucene-solr security update 2018-05-06
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4193-1] wordpress security update 2018-05-05
Salvatore Bonaccorso (carnil debian org)

CANADIAN JOB VACANCY!!! 2018-05-06
SUNCOR ENERGY (info suncor-recruitments com)

Malware

Exp.CVE-2018-0953

Exp.CVE-2018-8114

Exp.CVE-2018-8122

Exp.CVE-2018-8133

Exp.CVE-2018-8123

Exp.CVE-2018-8147

Exp.CVE-2018-8148

Exp.CVE-2018-0946

Exp.CVE-2018-0951

Exp.CVE-2018-8174

Exp.CVE-2018-8157

Exp.CVE-2018-8158

Exp.CVE-2018-8179

Exp.CVE-2018-0955

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-09
http://www.securityfocus.com/bid/104071

Apple iOS and macOS Multiple Security Vulnerabilities
2018-05-09
http://www.securityfocus.com/bid/103957

Microsoft Windows CVE-2017-11927 Information Disclosure Vulnerability
2018-05-08
http://www.securityfocus.com/bid/102095

Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/103998

Adobe Creative Cloud APSB18-12 Multiple Security Vulnerabilities
2018-05-08
http://www.securityfocus.com/bid/104103

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104102

Adobe Flash Player CVE-2018-4944 Type Confusion Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104101

Microsoft ChakraCore Scripting Engine CVE-2018-8177 Remote Memory Corruption Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104090

Microsoft Windows Kernel CVE-2018-8141 Local Information Disclosure Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104078

Microsoft Edge CVE-2018-8179 Remote Memory Corruption Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104077

Microsoft Internet Explorer and Edge CVE-2018-8178 Remote Memory Corruption Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104076

Microsoft .NET Framework Device Guard CVE-2018-1039 Local Security Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104072

Multiple Microsoft Azure IoT SDKs CVE-2018-8119 Man in the Middle Spoofing Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104070

Microsoft InfoPath CVE-2018-8173 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104069

Microsoft Windows Kernel Image CVE-2018-8170 Local Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104068

Microsoft SharePoint Server CVE-2018-8168 Remote Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104067

Microsoft Windows Device Guard CVE-2018-8132 Local Security Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104066

Microsoft Windows Device Guard CVE-2018-8129 Local Security Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104065

Microsoft Windows Device Guard CVE-2018-0958 Local Security Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104064

Microsoft Windows Common Log File System CVE-2018-8167 Local Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104063

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8166 Local Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104062

Microsoft .NET CVE-2018-0765 Denial Of Service Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104060

Microsoft Excel CVE-2018-8163 Information Disclosure Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104059

Microsoft Excel CVE-2018-8162 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104058

Microsoft Exchange Server CVE-2018-8159 Remote Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104056

Microsoft Exchange Server CVE-2018-8154 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104054

Microsoft Excel CVE-2018-8148 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104053

Microsoft Office CVE-2018-8161 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104052

Microsoft Outlook CVE-2018-8160 Information Disclosure Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104051

Microsoft Office CVE-2018-8158 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104049

SANS News

Nice Phishing Sample Delivering Trickbot

Threatpost

Georgia Governor Vetoes Controversial Hack-Back Bill

Sierra Wireless Patches Critical Vulns in Range of Wireless Routers

Exploint

Linux/x86 - Bind TCP Shell + fork() Shellcode (113 bytes)

GNU wget - Cookie Injection

2345 Security Guard 3.7 - Denial of Service

8.5.2018

Bugtraq

[SECURITY] [DSA 4195-1] wget security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)

WebKitGTK+ Security Advisory WSA-2018-0004 2018-05-07
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4194-1] lucene-solr security update 2018-05-06
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4193-1] wordpress security update 2018-05-05
Salvatore Bonaccorso (carnil debian org)

Malware

JS.Facexworm

Phishing

 

Vulnerebility

Adobe Creative Cloud APSB18-12 Multiple Security Vulnerabilities
2018-05-08
http://www.securityfocus.com/bid/104103

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104102

Adobe Flash Player CVE-2018-4944 Type Confusion Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104101

Linux Kernel CVE-2018-1108 Predictable Random Number Generator Weakness
2018-05-07
http://www.securityfocus.com/bid/104055

LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability
2018-05-07
http://www.securityfocus.com/bid/104089

SANS News

Adding Persistence Via Scheduled Tasks

Threatpost

Adobe Patches Critical Bugs In Flash Player, Creative Cloud

“Equi-Facts”: Equifax Clarifies the Numbers for Its Massive Breach

FBI: Cyber-Fraud Losses Rise to Reach $1.4B

Exploint

FTPShell Client 6.7 - Buffer Overflow

PlaySMS 1.4 - sendfromfile.php Authenticated "Filename" Field Code Execution (Metasploit)

PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit)

Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit)

7.5.2018

Bugtraq

WebKitGTK+ Security Advisory WSA-2018-0004 2018-05-07
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4194-1] lucene-solr security update 2018-05-06
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4193-1] wordpress security update 2018-05-05
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2018-1108 Predictable Random Number Generator Weakness
2018-05-07
http://www.securityfocus.com/bid/104055

LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability
2018-05-07
http://www.securityfocus.com/bid/104089

Linux Kernel 'fs/userfaultfd.c' Local Use After Free Memory Corruption Vulnerability
2018-05-05
http://www.securityfocus.com/bid/102516

Apple Swift CVE-2018-4220 Arbitrary Code Execution Vulnerability
2018-05-04
http://www.securityfocus.com/bid/104085

SANS News

Scans Attempting to use PowerShell to Download PHP Script

Adding Persistence Via Scheduled Tasks

Threatpost

Romanian Hackers Extradited to U.S. over $18M Vishing Scam

Variant of SynAck Malware Adopts Doppelgänging Technique

Asylo Open-Source Framework Tackles TEEs for Cloud

Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked

Exploint

WordPress Plugin User Role Editor < 4.25 - Privilege Escalation

CSP MySQL User Manager 2.3.1 - Authentication Bypass

DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH)

HWiNFO 5.82-3410 - Denial of Service

6.5.2018

Bugtraq

[slackware-security] seamonkey (SSA:2018-123-01) 2018-05-04
Slackware Security Team (security slackware com)

Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-05-04
VMware Security Response Center (security vmware com)

[SECURITY] [DSA 4191-1] redmine security update 2018-05-03
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4190-1] jackson-databind security update 2018-05-03
Sebastien Delafond (seb debian org)

Malware

 

Phishing

 

Vulnerebility

Multiple Devices Integrated GPUs CVE-2018-10229 Security Bypass Vulnerability
2018-05-04
http://www.securityfocus.com/bid/104084

Cisco Prime Service Catalog CVE-2018-0285 Denial of Service Vulnerability
2018-05-04
http://www.securityfocus.com/bid/104082

SANS News

Vulnerabilities on the Rise?

Threatpost

Report: Intel Facing New Spectre-Like Security Flaws

Pr0nbot is Back – and Evading Twitter Censors

Exploint

Google Chrome V8 - Object Allocation Size Integer Overflow

Windows WMI - Recieve Notification Exploit (Metasploit)

IceWarp Mail Server < 11.1.1 - Directory Traversal

WordPress Plugin WF Cookie Consent 1.1.3 - Cross-Site Scripting

4.5.2018

Bugtraq

[slackware-security] seamonkey (SSA:2018-123-01) 2018-05-04
Slackware Security Team (security slackware com)

Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-05-04
VMware Security Response Center (security vmware com)

[SECURITY] [DSA 4191-1] redmine security update 2018-05-03
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4190-1] jackson-databind security update 2018-05-03
Sebastien Delafond (seb debian org)

SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM) 2018-05-03
SEC Consult Vulnerability Lab (research sec-consult com)

Command injections via USB upgrade in MSTAR Set-Top box products 2018-05-03
IM (ivanm security-net biz)

Malware

Win32/SdbMine.A

Win32/SdbMine.C

Phishing

 

Vulnerebility

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-05-03
http://www.securityfocus.com/bid/103518

GNU glibc 'getanswer_r()' Function Infinite Loop Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/71670

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-02
http://www.securityfocus.com/bid/104020

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-05-02
http://www.securityfocus.com/bid/101274

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102009

Mozilla Firefox ESR Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/103384

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-05-02
http://www.securityfocus.com/bid/99263

SLF4J 'EventData' Constructor Remote Code Execution Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103737

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102518

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/103388

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101277

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100540

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102118

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102295

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103713

NTP CVE-2017-6462 Local Buffer Overflow Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97045

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101666

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102103

MIT Kerberos 5 CVE-2017-11368 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100291

MIT krb5 CVE-2017-7562 Authentication Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100511

Linux Kernel 'kernel/futex.c' Local Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103023

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101552

NTP CVE-2017-6464 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97050

NTP CVE-2017-6463 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97049

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102056

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102367

Linux Kernel 'net/netfilter/nfnetlink_cthelper.c' Local Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102117

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101288

SANS News

WebLogic Exploited in the Wild (Again)

Threatpost

MassMiner Takes a Kitchen-Sink Approach to Cryptomining

Phone Maker BLU Settles with FTC Over Unauthorized User Data Extraction

Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0

Exploint

GPON Routers - Authentication Bypass / Command Injection

Call of Duty Modern Warefare 2 - Buffer Overflow

TBK DVR4104 / DVR4216 - Credentials Leak

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service

3.5.2018

Bugtraq

Command injections via USB upgrade in MSTAR Set-Top box products 2018-05-03
IM (ivanm security-net biz)

[SECURITY] [DSA 4189-1] quassel security update 2018-05-02
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4187-1] linux security update 2018-05-01
Ben Hutchings (benh debian org)

CA20180501-01: Security Notice for CA Spectrum 2018-05-02
Kotas, Kevin J (Kevin Kotas ca com)

[SECURITY] [DSA 4188-1] linux security update 2018-05-01
Salvatore Bonaccorso (carnil debian org)

Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF 2018-05-01
robin verton telekom de

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability 2018-05-01
Akira Ajisaka (aajisaka apache org)

[slackware-security] mozilla-firefox (SSA:2018-120-02) 2018-05-01
Slackware Security Team (security slackware com)

Malware

Win32/Delf.BFP

Win32/Qadars.AZ

Phishing

 

Vulnerebility

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-05-03
http://www.securityfocus.com/bid/103518

GNU glibc 'getanswer_r()' Function Infinite Loop Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/71670

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-02
http://www.securityfocus.com/bid/104020

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-05-02
http://www.securityfocus.com/bid/101274

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102009

Mozilla Firefox ESR Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/103384

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-05-02
http://www.securityfocus.com/bid/99263

SLF4J 'EventData' Constructor Remote Code Execution Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103737

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102518

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/103388

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101277

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100540

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102118

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102295

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103713

NTP CVE-2017-6462 Local Buffer Overflow Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97045

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101666

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102103

MIT Kerberos 5 CVE-2017-11368 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100291

MIT krb5 CVE-2017-7562 Authentication Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100511

Linux Kernel 'kernel/futex.c' Local Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103023

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101552

NTP CVE-2017-6464 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97050

NTP CVE-2017-6463 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97049

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102056

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102367

Linux Kernel 'net/netfilter/nfnetlink_cthelper.c' Local Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102117

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101288

SANS News

 

Threatpost

Facebook Introduces ‘Clear History’ Option Amid Data Scandal

Schneider Electric Patches Critical RCE Vulnerability

Exploint

Windows - Local Privilege Escalation

GPON Routers - Authentication Bypass / Command Injection

Call of Duty Modern Warefare 2 - Buffer Overflow

TBK DVR4104 / DVR4216 - Credentials Leak

Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC)

Exim < 4.90.1 - 'base64d' Remote Code Execution

Metasploit Framework - 'msfd' Remote Code Execution (Metasploit)

Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit)

xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit)

Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery

Adobe Reader PDF - Client Side Request Injection

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH)

LibreOffice/Open Office - '.odt' Information Disclosure

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service

WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free

Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free

2.5.2018

Bugtraq

[SECURITY] [DSA 4187-1] linux security update 2018-05-01
Ben Hutchings (benh debian org)

CA20180501-01: Security Notice for CA Spectrum 2018-05-02
Kotas, Kevin J (Kevin Kotas ca com)

[SECURITY] [DSA 4188-1] linux security update 2018-05-01
Salvatore Bonaccorso (carnil debian org)

Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF 2018-05-01
robin verton telekom de

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability 2018-05-01
Akira Ajisaka (aajisaka apache org)

[slackware-security] mozilla-firefox (SSA:2018-120-02) 2018-05-01
Slackware Security Team (security slackware com)

[slackware-security] libwmf (SSA:2018-120-01) 2018-05-01
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Out of Bounds Write Remote Code Execution Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/103432

PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/101745

NTP CVE-2018-7185 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103339

NTP CVE-2018-7184 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103192

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103144

NTP CVE-2018-7182 Information Disclosure Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103191

PHP CVE-2018-5712 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-01
http://www.securityfocus.com/bid/104020

PHP CVE-2018-7584 Stack Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103204

Apache Tomcat CVE-2017-15706 Remote Security Weakness
2018-05-01
http://www.securityfocus.com/bid/103069

PHP 'gd_gif_in.c' Memory Corruption Vulnerability
2018-05-01
http://www.securityfocus.com/bid/99492

NTP CVE-2018-7170 Incomplete Fix Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103194

PHP CVE-2018-5712 Cross Site Scripting Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102742

NTP CVE-2018-7183 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103351

ISC DHCP CVE-2018-5733 Remote Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103188

Oracle MySQL Server CVE-2018-2562 Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102713

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/103388

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103506

TigerVNC CVE-2017-5581 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/95789

GIMP CVE-2017-17789 Heap Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102898

GIMP CVE-2017-17784 Heap Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102899

TigerVNC Multiple Security Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/97305

PHP CVE-2017-11143 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/99553

Quagga CVE-2016-1245 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/93775

Oracle MySQL Server CVE-2018-2696 Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102701

Quagga CVE-2018-5379 Remote Code Execution Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103105

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104003

Xen XSA-258 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104002

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102371

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102009

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102376

SANS News

Windows Commands Reference - An InfoSec Must Have

Threatpost

Samples of SiliVaccine Offer Rare Peek Inside North Korea’s Antivirus Software

Millions of Home Fiber Routers Vulnerable to Complete Takeover

Volkswagen Cars Open To Remote Hacking, Researchers Warn

Exploint

WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent...

1.5.2018

Bugtraq

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability 2018-05-01
Akira Ajisaka (aajisaka apache org)

[slackware-security] mozilla-firefox (SSA:2018-120-02) 2018-05-01
Slackware Security Team (security slackware com)

[slackware-security] libwmf (SSA:2018-120-01) 2018-05-01
Slackware Security Team (security slackware com)

Advisory - Sourcetree for Windows - CVE-2018-5226 2018-04-30
Atlassian (security atlassian com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Out of Bounds Write Remote Code Execution Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/103432

PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/101745

NTP CVE-2018-7185 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103339

NTP CVE-2018-7184 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103192

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103144

NTP CVE-2018-7182 Information Disclosure Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103191

PHP CVE-2018-5712 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-01
http://www.securityfocus.com/bid/104020

PHP CVE-2018-7584 Stack Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103204

Apache Tomcat CVE-2017-15706 Remote Security Weakness
2018-05-01
http://www.securityfocus.com/bid/103069

PHP 'gd_gif_in.c' Memory Corruption Vulnerability
2018-05-01
http://www.securityfocus.com/bid/99492

NTP CVE-2018-7170 Incomplete Fix Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103194

PHP CVE-2018-5712 Cross Site Scripting Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102742

NTP CVE-2018-7183 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103351

ISC DHCP CVE-2018-5733 Remote Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103188

Oracle MySQL Server CVE-2018-2562 Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102713

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/103388

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103506

TigerVNC CVE-2017-5581 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/95789

GIMP CVE-2017-17789 Heap Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102898

GIMP CVE-2017-17784 Heap Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102899

TigerVNC Multiple Security Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/97305

PHP CVE-2017-11143 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/99553

Quagga CVE-2016-1245 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/93775

Oracle MySQL Server CVE-2018-2696 Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102701

Quagga CVE-2018-5379 Remote Code Execution Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103105

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104003

Xen XSA-258 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104002

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102371

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102009

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102376

SANS News

Diving into a Simple Maldoc Generator

Threatpost

USB Sticks Can Trigger BSOD – Even on a Locked Device

Tens of Thousands of Malicious Apps Using Facebook APIs

Exploint

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)

Wordpress Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site...