< Back to JetLib.com

jetlib.sec » Bugtraq

« Expand/Collapse

Bugtraq

Skip to page: 1 2 3 ... 64

October 16, 2019
13:19
CVE-2019-5533 - VMware VeloCloud Authorization Bypass
» ‎ Bugtraq

Posted by Advisories on Oct 16
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: VeloCloud
# Vendor: VMware
# CVE ID: CVE-2019-5533
# CSNC ID: CSNC-2019-007
# Subject: Authorization Bypass
# Risk:...

Tags:
7:18
[SECURITY] [DSA 4509-3] apache2 security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Oct 16
-------------------------------------------------------------------------
Debian Security Advisory DSA-4509-3 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
October 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : apache2
CVE ID : CVE-2019-10092
Debian Bug :...

Tags:
7:14
[SECURITY] [DSA 4544-1] unbound security update
» ‎ Bugtraq

Posted by Sebastien Delafond on Oct 16
-------------------------------------------------------------------------
Debian Security Advisory DSA-4544-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
October 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : unbound
CVE ID : CVE-2019-16866
Debian Bug :...

Tags:
7:11
CVE-2019-3010 - Local privilege escalation on Solaris 11.x via xscreensaver
» ‎ Bugtraq

Posted by Marco Ivaldi on Oct 16
Dear Bugtraq,

Please find attached an advisory for the following vulnerability, fixed in Oracle's Critical Patch Update (CPU) of
October 2019:

"Exploitation of a design error vulnerability in xscreensaver, as distributed with Solaris 11.x, allows local attackers
to create (or append to) arbitrary files on the system, by abusing the -log command line switch introduced in version
5.06. This flaw can be leveraged to cause a denial of...

Tags:
October 15, 2019
0:27
[SECURITY] [DSA 4543-1] sudo security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Oct 15
-------------------------------------------------------------------------
Debian Security Advisory DSA-4543-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
October 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : sudo
CVE ID : CVE-2019-14287
Debian Bug :...

Tags:
0:23
[slackware-security] sudo (SSA:2019-287-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Oct 15
[slackware-security] sudo (SSA:2019-287-01)

New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/sudo-1.8.28-i586-1_slack14.2.txz: Upgraded.
Fixed a bug where an sudo user may be able to run a command as root when
the Runas specification explicitly disallows root access as long as the
ALL...

Tags:
October 14, 2019
9:10
SEC Consult SA-20191014-0 :: Reflected XSS vulnerability in OpenProject
» ‎ Bugtraq

Posted by SEC Consult Vulnerability Lab on Oct 14
SEC Consult Vulnerability Lab Security Advisory < 20191014-0 >
=======================================================================
title: Reflected XSS vulnerability
product: OpenProject
vulnerable version: <= 9.0.3, <=10.0.1
fixed version: 9.0.4, 10.0.2
CVE number: CVE-2019-17092
impact: medium
homepage: https://www.openproject.org
found: 2019-09-27...

Tags:
October 13, 2019
14:53
APPLE-SA-2019-10-11-1 Swift 5.1.1 for Ubuntu
» ‎ Bugtraq

Posted by Apple Product Security on Oct 13
APPLE-SA-2019-10-11-1 Swift 5.1.1 for Ubuntu

Swift 5.1.1 for Ubuntu is now available and addresses the following:

Foundation
Available for: Ubuntu 14.04, 16.04 and 18.04
Impact: Incorrect management of file descriptors in URLSession could
lead to inadvertent data disclosure
Description: This issue was addresses by updating incorrect
URLSession file descriptors management logic to match Swift 5.0.
CVE-2019-8790: Apple

Installation note:

Swift...

Tags:
14:49
[SECURITY] [DSA 4539-3] openssl regression update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Oct 13
-------------------------------------------------------------------------
Debian Security Advisory DSA-4539-3 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
October 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl
Debian Bug : 941987

The update for openssl...

Tags:
October 10, 2019
4:56
[SYSS-2019-033]: Microsoft Designer Bluetooth Desktop - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
» ‎ Bugtraq

Posted by matthias . deeg on Oct 10
Advisory ID: SYSS-2019-033
Product: Designer Bluetooth Desktop
Manufacturer: Microsoft
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cryptographic Key)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-07-31
Solution Date: -
Public Disclosure: 2019-10-10
CVE Reference: Not assigned yet
Author of Advisory: Matthias Deeg (SySS...

Tags:
4:53
[SYSS-2019-034]: Microsoft Surface Keyboard - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
» ‎ Bugtraq

Posted by matthias . deeg on Oct 10
Advisory ID: SYSS-2019-034
Product: Surface Keyboard
Manufacturer: Microsoft
Affected Version(s): WS2-00005
Tested Version(s): WS2-00005
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cryptographic Key)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-07-31
Solution Date: -
Public Disclosure: 2019-10-10
CVE Reference: Not assigned yet
Author of Advisory: Matthias Deeg (SySS...

Tags:
4:49
[SYSS-2019-035]: Microsoft Surface Mouse - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
» ‎ Bugtraq

Posted by matthias . deeg on Oct 10
Advisory ID: SYSS-2019-035
Product: Surface Mouse
Manufacturer: Microsoft
Affected Version(s): WS3-00002
Tested Version(s): WS3-00002
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cryptographic Key)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-07-31
Solution Date: -
Public Disclosure: 2019-10-10
CVE Reference: Not assigned yet
Author of Advisory: Matthias Deeg (SySS GmbH)...

Tags:
October 09, 2019
1:38
PBS Professional MoM Authentication Bypass (CVE-2019-15719)
» ‎ Bugtraq

Posted by john on Oct 09
===========================================================
PBS Professional MoM Authentication Bypass (CVE-2019-15719)
===========================================================

* Software: PBS Professional
* Affected Versions: All versions up to and including 19.2.3
* Vendor: Altair Engineering, Inc
* CVE Reference: CVE-2019-15719
* Severity: CVSS 9.0 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H]
* Author: John Fitzpatrick
* Date: 2019-10-08...

Tags:
October 08, 2019
5:44
[SECURITY] [DSA 4539-2] openssh regression update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Oct 08
-------------------------------------------------------------------------
Debian Security Advisory DSA-4539-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
October 07, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssh
Debian Bug : 941663

A change introduced in...

Tags:
5:41
APPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1
» ‎ Bugtraq

Posted by Apple Product Security on Oct 08
APPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1

iTunes for Windows 12.10.1 is now available and addresses the
following:

UIFoundation
Available for: Windows 7 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative

WebKit
Available for:...

Tags:
5:36
APPLE-SA-2019-10-07-3 iCloud for Windows 10.7
» ‎ Bugtraq

Posted by Apple Product Security on Oct 08
APPLE-SA-2019-10-07-3 iCloud for Windows 10.7

iCloud for Windows 10.7 is now available and addresses the following:

UIFoundation
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative...

Tags:
5:33
APPLE-SA-2019-10-07-1 macOS Catalina 10.15
» ‎ Bugtraq

Posted by Apple Product Security on Oct 08
APPLE-SA-2019-10-07-1 macOS Catalina 10.15

macOS Catalina 10.15 is now available and addresses the following:

AMD
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory...

Tags:
5:30
APPLE-SA-2019-10-07-4 iCloud for Windows 7.14
» ‎ Bugtraq

Posted by Apple Product Security on Oct 08
APPLE-SA-2019-10-07-4 iCloud for Windows 7.14

iCloud for Windows 7.14 is now available and addresses the following:

UIFoundation
Available for: Windows 7 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's
Zero Day Initiative

WebKit
Available for: Windows...

Tags:
October 07, 2019
3:11
[SECURITY] [DSA 4541-1] libapreq2 security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Oct 07
-------------------------------------------------------------------------
Debian Security Advisory DSA-4541-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
October 04, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libapreq2
CVE ID : CVE-2019-12412
Debian Bug :...

Tags:
3:07
[SECURITY] [DSA 4542-1] jackson-databind security update
» ‎ Bugtraq

Posted by Sebastien Delafond on Oct 07
-------------------------------------------------------------------------
Debian Security Advisory DSA-4542-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
October 06, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jackson-databind
CVE ID : CVE-2019-12384...

Tags:
3:03
CVE-2019-10181, CVE-2019-10182, CVE-2019-10185: IcedTea-Web vulnerabilities leading to RCE
» ‎ Bugtraq

Posted by Imre Rad on Oct 07
IcedTeaWeb is an open source implementation of JSR-56 that is better
known as Java Web Start.
It is currently maintained by RedHat and is included into the Windows
packages of OpenJDK by default.

"Three security issues were found in ITW, and have been discussed and
are going to be fixed.
Those are CVE-2019-10185 CVE-2019-10181 CVE-2019-10182"

The vulnerabilities described below could be exploited by man in the
middle attackers or...

Tags:
October 04, 2019
1:40
CA20190930-01: Security Notice for CA Network Flow Analysis
» ‎ Bugtraq

Posted by Kevin Kotas on Oct 04
CA20190930-01: Security Notice for CA Network Flow Analysis

Issued: September 30th, 2019

CA Technologies, a Broadcom Company, is alerting customers to a
potential risk with CA Network Flow Analysis. A vulnerability exists
that can allow a remote attacker to execute arbitrary commands. CA
published a solution to address the vulnerabilities and recommends
that all affected customers implement this solution.

The vulnerability, CVE-2019-13658,...

Tags:
October 03, 2019
1:55
[SECURITY] [DSA 4509-2] subversion update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Oct 03
-------------------------------------------------------------------------
Debian Security Advisory DSA-4509-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
October 2, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : subversion
Debian Bug : 936034

The security fixes for...

Tags:
October 02, 2019
3:05
[slackware-security] tcpdump (SSA:2019-274-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Oct 02
[slackware-security] tcpdump (SSA:2019-274-01)

New libpcap and tcpdump packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz: Upgraded.
This update is required for the new version of tcpdump.
patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz: Upgraded.
Fix buffer...

Tags:
October 01, 2019
22:46
[SECURITY] [DSA 4539-1] openssl security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Oct 01
-------------------------------------------------------------------------
Debian Security Advisory DSA-4539-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
October 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2019-1547 CVE-2019-1549...

Tags:
22:42
[SECURITY] [DSA 4540-1] openssl1.0 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Oct 01
-------------------------------------------------------------------------
Debian Security Advisory DSA-4540-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
October 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl1.0
CVE ID : CVE-2019-1547 CVE-2019-1563...

Tags:
September 29, 2019
21:10
APPLE-SA-2019-9-27-1 iOS 13.1.1 and iPadOS 13.1.1
» ‎ Bugtraq

Posted by Apple Product Security on Sep 29
APPLE-SA-2019-9-27-1 iOS 13.1.1 and iPadOS 13.1.1

iOS 13.1.1 and iPadOS 13.1.1 are now available and address the
following:

Sandbox
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Third party app extensions may not receive the correct
sandbox restrictions
Description: A logic issue applied the incorrect restrictions. This
issue was addressed by updating the logic to apply...

Tags:
21:06
[SECURITY] [DSA 4536-1] exim4 security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Sep 29
-------------------------------------------------------------------------
Debian Security Advisory DSA-4536-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2019-16928

A buffer overflow...

Tags:
21:05
[SECURITY] [DSA 4534-1] golang-1.11 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 29
-------------------------------------------------------------------------
Debian Security Advisory DSA-4534-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 27, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : golang-1.11
CVE ID : CVE-2019-16276

It was...

Tags:
21:04
[SECURITY] [DSA 4535-1] e2fsprogs security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Sep 29
-------------------------------------------------------------------------
Debian Security Advisory DSA-4535-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 27, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : e2fsprogs
CVE ID : CVE-2019-5094
Debian Bug :...

Tags:
20:59
[SECURITY] [DSA 4537-1] file-roller security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Sep 29
-------------------------------------------------------------------------
Debian Security Advisory DSA-4537-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : file-roller
CVE ID : CVE-2019-16680

It was...

Tags:
20:55
[SECURITY] [DSA 4538-1] wpa security update
» ‎ Bugtraq

Posted by Yves-Alexis Perez on Sep 29
-------------------------------------------------------------------------
Debian Security Advisory DSA-4538-1 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
September 29, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wpa
CVE ID : CVE-2019-13377 CVE-2019-16275
Debian...

Tags:
September 27, 2019
6:58
APPLE-SA-2019-9-26-3 iOS 13
» ‎ Bugtraq

Posted by Apple Product Security on Sep 27
APPLE-SA-2019-9-26-3 iOS 13

iOS 13 addresses the following:

Bluetooth
Available for: iPhone 6s and later
Impact: Notification previews may show on Bluetooth accessories even
when previews are disabled
Description: A logic issue existed with the display of notification
previews. This issue was addressed with improved validation.
CVE-2019-8711: Arjang of MARK ANTHONY GROUP INC., Cemil Ozkebapci
(@cemilozkebapci) of Garanti BBVA, Oguzhan Meral of...

Tags:
6:53
APPLE-SA-2019-9-26-1 iOS 12.4.2
» ‎ Bugtraq

Posted by Apple Product Security on Sep 27
APPLE-SA-2019-9-26-1 iOS 12.4.2

iOS 12.4.2 is now available and addresses the following:

Foundation
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air,
iPad mini 2, iPad mini 3, and iPad touch 6th generation
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8641: Samuel Groß and Natalie...

Tags:
6:48
APPLE-SA-2019-9-26-2 macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra
» ‎ Bugtraq

Posted by Apple Product Security on Sep 27
APPLE-SA-2019-9-26-2 macOS Mojave 10.14.6 Supplemental Update 2,
Security Update 2019-005 High Sierra, Security Update 2019-005
Sierra

macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005
High Sierra, Security Update 2019-005 Sierra are now available
and address the following:

Foundation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.6
Impact: A remote attacker may be able to cause unexpected...

Tags:
6:47
APPLE-SA-2019-9-26-4 Safari 13
» ‎ Bugtraq

Posted by Apple Product Security on Sep 27
APPLE-SA-2019-9-26-4 Safari 13

Safari 13 addresses the following:

WebKit Page Loading
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8674

Installation note:

Safari 13 may be obtained from the Mac App Store.

Information will also be posted to the...

Tags:
6:44
APPLE-SA-2019-9-26-5 watchOS 6
» ‎ Bugtraq

Posted by Apple Product Security on Sep 27
APPLE-SA-2019-9-26-5 watchOS 6

watchOS 6 addresses the following:

Foundation
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project
Zero

Installation note:

Instructions on how to update your...

Tags:
6:44
APPLE-SA-2019-9-26-6 tvOS 13
» ‎ Bugtraq

Posted by Apple Product Security on Sep 27
APPLE-SA-2019-9-26-6 tvOS 13

tvOS 13 addresses the following:

Keyboards
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to leak sensitive user information
Description: An authentication issue was addressed with improved
state management.
CVE-2019-8704: 王邦宇 (wAnyBug.Com) of SAINTSEC

Additional recognition

Keyboard
We would like to acknowledge an anonymous researcher for their
assistance.

Profiles
We would...

Tags:
6:41
APPLE-SA-2019-9-26-7 Xcode 11.0
» ‎ Bugtraq

Posted by Apple Product Security on Sep 27
APPLE-SA-2019-9-26-7 Xcode 11.0

Xcode 11.0 addresses the following:

IDE SCM
Available for: macOS Mojave 10.14.4 and later
Impact: Multiple issues in libssh2
Description: Multiple issues were addressed by updating to version
2.16.
CVE-2019-3855: Chris Coulson

ld64
Available for: macOS Mojave 10.14.4 and later
Impact: Compiling code without proper input validation could lead to
arbitrary code execution with user privilege
Description: Multiple...

Tags:
6:34
APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1
» ‎ Bugtraq

Posted by Apple Product Security on Sep 27
APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1

iOS 13.1 and iPadOS 13.1 address the following:

VoiceOver
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to an iOS device may be able to
access contacts from the lock screen
Description: The issue was addressed by restricting options offered
on a locked device.
CVE-2019-8775: videosdebarraquito...

Tags:
6:30
APPLE-SA-2019-9-26-9 Safari 13.0.1
» ‎ Bugtraq

Posted by Apple Product Security on Sep 27
APPLE-SA-2019-9-26-9 Safari 13.0.1

Safari 13.0.1 addresses the following:

Safari
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2019-8654: Juno Im (@junorouse) of Theori

Service Workers
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6
Impact:...

Tags:
September 26, 2019
0:58
[SECURITY] [DSA 4533-1] lemonldap-ng security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 26
-------------------------------------------------------------------------
Debian Security Advisory DSA-4533-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 25, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : lemonldap-ng
CVE ID : CVE-2019-15941

It was...

Tags:
0:54
[slackware-security] mozilla-thunderbird (SSA:2019-268-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Sep 26
[slackware-security] mozilla-thunderbird (SSA:2019-268-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-68.1.1-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Tags:
0:50
SEC Consult SA-20190926-0 :: Multiple SQL Injection vulnerabilities in eBrigade
» ‎ Bugtraq

Posted by SEC Consult Vulnerability Lab on Sep 26
SEC Consult Vulnerability Lab Security Advisory < 20190926-0 >
=======================================================================
title: Multiple SQL Injection vulnerabilities
product: eBrigade
vulnerable version: <5.0
fixed version: >=5.0
CVE number: CVE-2019-16743, CVE-2019-16744, CVE-2019-16745
impact: critical
homepage: https://ebrigade.net
found:...

Tags:
September 25, 2019
4:02
Bitbucket Server security advisory 2019-09-18
» ‎ Bugtraq

Posted by Atlassian on Sep 25
This email refers to the advisory found at
https://confluence.atlassian.com/x/Czc4Og .

CVE ID:

* CVE-2019-15000.

Product: Bitbucket Server and Bitbucket Data Center.

Affected Bitbucket Server and Bitbucket Data Center product versions:

version < 5.16.10
6.0.0 <= version < 6.0.10
6.1.0 <= version < 6.1.8
6.2.0 <= version < 6.2.6
6.3.0 <= version < 6.3.5
6.4.0 <= version < 6.4.3
6.5.0 <= version < 6.5.2...

Tags:
3:58
Jira Security Advisory - 2019-09-18 - CVE-2019-15001
» ‎ Bugtraq

Posted by Atlassian on Sep 25
This email refers to the advisory found at
https://confluence.atlassian.com/x/KkU4Og .

CVE ID:

* CVE-2019-15001.

Product: Jira Server and Data Center.

Affected Jira Server and Data Center product versions:

7.0.10 <= version < 7.6.16
7.7.0 <= version < 7.13.8
8.0.0 <= version < 8.1.3
8.2.0 <= version < 8.2.5
8.3.0 <= version < 8.3.4
8.4.0 <= version < 8.4.1

Fixed Jira Server and Data Center product...

Tags:
2:57
[SECURITY] [DSA 4531-1] linux security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Sep 25
-------------------------------------------------------------------------
Debian Security Advisory DSA-4531-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 25, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2019-14821 CVE-2019-14835...

Tags:
2:53
[SECURITY] [DSA 4532-1] spip security update
» ‎ Bugtraq

Posted by Sebastien Delafond on Sep 25
-------------------------------------------------------------------------
Debian Security Advisory DSA-4532-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
September 25, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : spip
CVE ID : CVE-2019-16391 CVE-2019-16392...

Tags:
September 23, 2019
0:58
Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994
» ‎ Bugtraq

Posted by Brian Adeloye on Sep 23
This email refers to the advisory found at
https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-09-18-976171274.html

CVE ID:

* CVE-2019-14994.

Product: Jira Service Desk Server and Data Center.

Affected Jira Service Desk Server and Data Center product versions:

version < 3.9.16
3.10.0 <= version < 3.16.8
4.0.0 <= version < 4.1.3
4.2.0 <= version < 4.2.5
4.3.0 <= version < 4.3.4
4.4.0 <=...

Tags:
0:54
[SECURITY] [DSA 4529-1] php7.0 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 23
-------------------------------------------------------------------------
Debian Security Advisory DSA-4529-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.0
CVE ID : CVE-2019-11034 CVE-2019-11035...

Tags:
0:50
[SECURITY] [DSA 4530-1] expat security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Sep 23
-------------------------------------------------------------------------
Debian Security Advisory DSA-4530-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 22, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : expat
CVE ID : CVE-2019-15903
Debian Bug :...

Tags:
September 20, 2019
1:16
[SECURITY] [DSA 4526-1] opendmarc security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Sep 20
-------------------------------------------------------------------------
Debian Security Advisory DSA-4526-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : opendmarc
CVE ID : CVE-2019-16378
Debian Bug :...

Tags:
1:13
[SECURITY] [DSA 4527-1] php7.3 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 20
-------------------------------------------------------------------------
Debian Security Advisory DSA-4527-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.3
CVE ID : CVE-2019-11036 CVE-2019-11039...

Tags:
1:09
[SECURITY] [DSA 4528-1] bird security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 20
-------------------------------------------------------------------------
Debian Security Advisory DSA-4528-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : bird
CVE ID : CVE-2019-16159

Daniel McCarney...

Tags:
September 18, 2019
23:49
[SECURITY] [DSA 4525-1] ibus security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Sep 18
-------------------------------------------------------------------------
Debian Security Advisory DSA-4525-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ibus
CVE ID : CVE-2019-14822
Debian Bug :...

Tags:
7:03
SEC Consult SA-20190918-0 :: Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF
» ‎ Bugtraq

Posted by SEC Consult Vulnerability Lab on Sep 18
SEC Consult Vulnerability Lab Security Advisory < 20190918-0 >
=======================================================================
title: Reflected Cross-Site Scripting (XSS)
product: Oracle Mojarra JSF included in Java EE 7
Eclipse Mojarra JSF
vulnerable version: 2.2 & 2.3
fixed version: https://github.com/javaserverfaces/mojarra/commits/MOJARRA_2_2X_ROLLING...

Tags:
September 17, 2019
0:22
[SECURITY] [DSA 4524-1] dino-im security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 17
-------------------------------------------------------------------------
Debian Security Advisory DSA-4524-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dino-im
CVE ID : CVE-2019-16235 CVE-2019-16236...

Tags:
0:19
[slackware-security] expat (SSA:2019-259-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Sep 17
[slackware-security] expat (SSA:2019-259-01)

New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/expat-2.2.8-i586-1_slack14.2.txz: Upgraded.
Fix heap overflow triggered by XML_GetCurrentLineNumber (or
XML_GetCurrentColumnNumber), and deny internal entities closing the doctype.
For more...

Tags:
September 16, 2019
0:26
[SECURITY] [DSA 4523-1] thunderbird security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 16
-------------------------------------------------------------------------
Debian Security Advisory DSA-4523-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-11739 CVE-2019-11740...

Tags:
0:24
[SECURITY] [DSA 4522-1] faad2 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 16
-------------------------------------------------------------------------
Debian Security Advisory DSA-4522-1 security () debian org
https://www.debian.org/security/ Hugo Lefeuvre
September 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : faad2
CVE ID : CVE-2018-19502 CVE-2018-19503...

Tags:
0:20
SEC Consult SA-20190912-0 :: Stored and reflected XSS vulnerabilities in LimeSurvey
» ‎ Bugtraq

Posted by SEC Consult Vulnerability Lab on Sep 16
SEC Consult Vulnerability Lab Security Advisory < 20190912-0 >
=======================================================================
title: Stored and reflected XSS vulnerabilities
product: LimeSurvey
vulnerable version: <= 3.17.13
fixed version: =>3.17.14
CVE number: CVE-2019-16172, CVE-2019-16173
impact: medium
homepage: https://www.limesurvey.org/...

Tags:
September 12, 2019
1:54
[slackware-security] mozilla-thunderbird (SSA:2019-254-02)
» ‎ Bugtraq

Posted by Slackware Security Team on Sep 12
[slackware-security] mozilla-thunderbird (SSA:2019-254-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-68.1.0-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Tags:
1:51
[slackware-security] openssl (SSA:2019-254-03)
» ‎ Bugtraq

Posted by Slackware Security Team on Sep 12
[slackware-security] openssl (SSA:2019-254-03)

New openssl packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2t-i586-1_slack14.2.txz: Upgraded.
This update fixes low severity security issues:
Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
Compute ECC cofactors if not...

Tags:
1:47
[slackware-security] curl (SSA:2019-254-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Sep 12
[slackware-security] curl (SSA:2019-254-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.66.0-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
FTP-KRB double-free
TFTP small blocksize heap buffer overflow
For more information, see:...

Tags:
September 10, 2019
9:01
[CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections
» ‎ Bugtraq

Posted by Info on Sep 10
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: SQL Injection [CWE-74]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVE: CVE-2019-12516

2. CREDITS
==========
This vulnerability was discovered and researched by...

Tags:
8:59
[CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS
» ‎ Bugtraq

Posted by Info on Sep 10
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: Cross-Site Scripting [CWE-79]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2019-12517

2. CREDITS
==========
This vulnerability was discovered and...

Tags:
8:58
[SECURITY] [DSA 4521-1] docker.io security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 10
-------------------------------------------------------------------------
Debian Security Advisory DSA-4521-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : docker.io
CVE ID : CVE-2019-13139 CVE-2019-13509...

Tags:
8:54
Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability
» ‎ Bugtraq

Posted by Vulnerability Lab on Sep 10
Document Title:
===============
Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor
& Command Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2183

Video: https://www.vulnerability-lab.com/get_content.php?id=2190

Vulnerability Magazine:...

Tags:
8:49
NtFileSins v2.1 Windows NTFS Privileged File Access Enumeration Tool
» ‎ Bugtraq

Posted by apparitionsec on Sep 10
from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2.1
# Fixed: save() logic to log report in case no Zone.Identifiers found.
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access...

Tags:
8:48
[SECURITY] [DSA 4520-1] trafficserver security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 10
-------------------------------------------------------------------------
Debian Security Advisory DSA-4520-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : trafficserver
CVE ID : CVE-2019-9512 CVE-2019-9514...

Tags:
8:41
[SECURITY] [DSA 4519-1] libreoffice security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 10
-------------------------------------------------------------------------
Debian Security Advisory DSA-4519-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9854

It was...

Tags:
8:36
NtFileSins / Windows NTFS Privileged File Access Enumeration Tool
» ‎ Bugtraq

Posted by apparitionsec on Sep 10
from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access Denied" error message,
# when a file exists or doesn't exist, when...

Tags:
8:32
[SECURITY] [DSA 4518-1] ghostscript security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Sep 10
-------------------------------------------------------------------------
Debian Security Advisory DSA-4518-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 07, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-14811 CVE-2019-14812...

Tags:
8:28
CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)
» ‎ Bugtraq

Posted by Kevin Kotas on Sep 10
CA20190904-01: Security Notice for CA Common Services Distributed
Intelligence Architecture (DIA)

Issued: September 4th, 2019
Last Updated: September 4th, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Common Services in the Distributed
Intelligence Architecture (DIA) component. A vulnerability exists,
CVE-2019-13656, that can allow a remote attacker to execute arbitrary
code. CA published solutions...

Tags:
September 06, 2019
4:29
[SECURITY] [DSA 4517-1] exim4 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 06
-------------------------------------------------------------------------
Debian Security Advisory DSA-4517-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 06, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2019-15846

"Zerons"...

Tags:
4:27
Windows NTFS / Privileged File Access Enumeration
» ‎ Bugtraq

Posted by apparitionsec on Sep 06
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-NTFS-PRIVILEGED-FILE-ACCESS-ENUMERATION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows NTFS

NTFS is a proprietary journaling file system developed by Microsoft. Starting with Windows NT 3.1, it is the default
file system of the Windows NT family....

Tags:
4:22
[SECURITY] [DSA 4516-1] firefox-esr security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 06
-------------------------------------------------------------------------
Debian Security Advisory DSA-4516-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 05, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-9812 CVE-2019-11740...

Tags:
4:18
AST-2019-005: Remote Crash Vulnerability in audio transcoding
» ‎ Bugtraq

Posted by Asterisk Security Team on Sep 06
Asterisk Project Security Advisory - AST-2019-005

Product Asterisk
Summary Remote Crash Vulnerability in audio transcoding
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor...

Tags:
4:14
AST-2019-004: Crash when negotiating for T.38 with a declined stream
» ‎ Bugtraq

Posted by Asterisk Security Team on Sep 06
Asterisk Project Security Advisory - AST-2019-004

Product Asterisk
Summary Crash when negotiating for T.38 with a declined
stream
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions...

Tags:
September 05, 2019
0:27
[slackware-security] seamonkey (SSA:2019-247-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Sep 05
[slackware-security] seamonkey (SSA:2019-247-01)

New seamonkey packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.49.5-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.seamonkey-project.org/releases/2.49.5
(* Security...

Tags:
September 04, 2019
14:33
SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
» ‎ Bugtraq

Posted by SEC Consult Vulnerability Lab on Sep 04
SEC Consult Vulnerability Lab Security Advisory < 20190904-0 >
=======================================================================
title: Multiple vulnerabilities
product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P,
Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160,
Cisco 160W
vulnerable version: Cisco RV34X - 1.0.02.16, Cisco RV16X/26X - 1.0.00.15...

Tags:
14:11
[SECURITY] [DSA 4515-1] webkit2gtk security update
» ‎ Bugtraq

Posted by Moritz Mühlenhoff on Sep 04
-------------------------------------------------------------------------
Debian Security Advisory DSA-4515-1 security () debian org
https://www.debian.org/security/ Alberto Garcia
September 04, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2019-8644 CVE-2019-8649...

Tags:
3:03
[SECURITY] [DSA 4514-1] varnish security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 04
-------------------------------------------------------------------------
Debian Security Advisory DSA-4514-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 04, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : varnish
CVE ID : CVE-2019-15892

Alf-Andre Walla...

Tags:
2:59
[SECURITY] [DSA 4513-1] samba security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Sep 04
-------------------------------------------------------------------------
Debian Security Advisory DSA-4513-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 03, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : samba
CVE ID : CVE-2019-10197

Stefan Metzmacher...

Tags:
September 02, 2019
14:33
[SECURITY] [DSA 4512-1] qemu security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 02
-------------------------------------------------------------------------
Debian Security Advisory DSA-4512-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 02, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu
CVE ID : CVE-2019-13164 CVE-2019-14378...

Tags:
1:56
Wolters Kluwer TeamMate+ Cross-Site Request Forgery (CSRF) vulnerability
» ‎ Bugtraq

Posted by bhdresh on Sep 02
Title:
====

Wolters Kluwer TeamMate+ Cross-Site Request Forgery (CSRF) vulnerability

Credit:
======

Name: Bhadresh Patel

CVE:

====

CVE-2019-10253

Date:
====

19/03/2019 (dd/mm/yyyy)

Vendor:
======

Wolters Kluwer is a global leader in professional information, software solutions, and services for the health, tax &
accounting, finance, risk & compliance, and legal sectors. We help our customers make critical decisions every day...

Tags:
1:53
[SECURITY] [DSA 4511-1] nghttp2 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 02
-------------------------------------------------------------------------
Debian Security Advisory DSA-4511-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nghttp2
CVE ID : CVE-2019-9511 CVE-2019-9513

Two...

Tags:
1:50
Advisory for Confluence Server Local File Disclosure Vulnerability (CVE-2019-3394)
» ‎ Bugtraq

Posted by Ming Chang on Sep 02
This email refers to the advisory found at
https://confluence.atlassian.com/x/uAsvOg .

CVE ID:

* CVE-2019-3394.

Product: Confluence Server.

Affected Confluence Server product versions:

6.1.0 <= version < 6.6.16
6.7.0 <= version < 6.13.7
6.14.0 <= version < 6.15.8

Fixed Confluence Server product versions:

* Confluence Server 6.6.16 has been released with a fix for this issue.
* Confluence Server 6.13.7 has been released...

Tags:
August 30, 2019
2:46
SEC Consult SA-20190829-1 :: External DNS Requests in Zyxel USG/UAG/ATP/VPN/NXC series
» ‎ Bugtraq

Posted by SEC Consult Vulnerability Lab on Aug 30
SEC Consult Vulnerability Lab Security Advisory < 20190829-1 >
=======================================================================
title: External DNS Requests
product: Zyxel USG/UAG/ATP/VPN/NXC series
vulnerable version: see "Vulnerable / tested version"
fixed version: see "Solution"
CVE number: -
impact: medium
homepage: https://www.zyxel.com...

Tags:
2:43
SEC Consult SA-20190829-0 :: Hardcoded FTP Credentials in Zyxel NWA/NAP/WAC wireless access point series
» ‎ Bugtraq

Posted by SEC Consult Vulnerability Lab on Aug 30
SEC Consult Vulnerability Lab Security Advisory < 20190829-0 >
=======================================================================
title: Hardcoded FTP Credentials
product: Zyxel NWA/NAP/WAC wireless access point series
vulnerable version: see "Vulnerable / tested version"
fixed version: see "Solution"
CVE number: -
impact: medium
homepage:...

Tags:
August 29, 2019
12:03
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004
» ‎ Bugtraq

Posted by Adrian Perez de Castro on Aug 29
------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004
------------------------------------------------------------------------

Date reported : August 29, 2019
Advisory ID : WSA-2019-0004
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0004.html
WPE WebKit Advisory URL :...

Tags:
August 28, 2019
7:47
[SECURITY] [DSA 4510-1] dovecot security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Aug 28
-------------------------------------------------------------------------
Debian Security Advisory DSA-4510-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dovecot
CVE ID : CVE-2019-11500

Nick Roessler and...

Tags:
1:00
Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root
» ‎ Bugtraq

Posted by Pedro Ribeiro on Aug 28
Hi,

tl;dr three vulns (auth bypass, command injection, default password) in
Cisco UCS and Cisco IMC Supervisor, two of which (auth bypass + command
injection) can be chained to achieve unauthenticated RCE as root

Full advisory below, can also be fetched from
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-ucs-rce.txt

Metasploit modules have been submitted to:
https://github.com/rapid7/metasploit-framework/pull/12243...

Tags:
August 26, 2019
23:56
[slackware-security] Slackware 14.2 kernel (SSA:2019-238-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Aug 26
[slackware-security] Slackware 14.2 kernel (SSA:2019-238-01)

New kernel packages are available for Slackware 14.2 to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.190/*: Upgraded.
These updates fix various bugs and a minor local denial-of-service security
issue. They also change this option:
FANOTIFY_ACCESS_PERMISSIONS n -> y
This is needed by...

Tags:
23:53
[SECURITY] [DSA 4509-1] apache2 security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Aug 26
-------------------------------------------------------------------------
Debian Security Advisory DSA-4509-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 26, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : apache2
CVE ID : CVE-2019-9517 CVE-2019-10081...

Tags:
23:51
APPLE-SA-2019-8-26-3 tvOS 12.4.1
» ‎ Bugtraq

Posted by Akila Srinivasan on Aug 26
APPLE-SA-2019-8-26-3 tvOS 12.4.1

tvOS 12.4.1 is now available and addresses the following:

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8605: Ned Williamson working with Google Project Zero

Additional recognition

Kernel
We would like to acknowledge...

Tags:
23:45
APPLE-SA-2019-8-26-2 macOS Mojave 10.14.6 Supplemental Update
» ‎ Bugtraq

Posted by Akila Srinivasan on Aug 26
APPLE-SA-2019-8-26-2 macOS Mojave 10.14.6 Supplemental Update

macOS Mojave 10.14.6 Supplemental Update is now available and
addresses the following:

Kernel
Available for: macOS Mojave 10.14.6
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8605: Ned Williamson working with Google Project Zero

Additional...

Tags:
23:41
APPLE-SA-2019-8-26-1 iOS 12.4.1
» ‎ Bugtraq

Posted by Akila Srinivasan on Aug 26
APPLE-SA-2019-8-26-1 iOS 12.4.1

iOS 12.4.1 is now available and addresses the following:

Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8605: Ned Williamson working with Google Project Zero

Additional recognition...

Tags:
August 25, 2019
23:27
[SECURITY] [DSA 4508-1] h2o security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Aug 25
-------------------------------------------------------------------------
Debian Security Advisory DSA-4508-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : h2o
CVE ID : CVE-2019-9512 CVE-2019-9514...

Tags:
23:24
[SECURITY] [DSA 4507-1] squid security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Aug 25
-------------------------------------------------------------------------
Debian Security Advisory DSA-4507-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : squid
CVE ID : CVE-2019-12525 CVE-2019-12527...

Tags:
23:20
[SECURITY] [DSA 4506-1] qemu security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Aug 25
-------------------------------------------------------------------------
Debian Security Advisory DSA-4506-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu
CVE ID : CVE-2018-20815 CVE-2019-13164...

Tags:
August 22, 2019
12:59
[SECURITY] [DSA 4505-1] nginx security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Aug 22
-------------------------------------------------------------------------
Debian Security Advisory DSA-4505-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 22, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nginx
CVE ID : CVE-2019-9511 CVE-2019-9513...

Tags:
12:55
FreeBSD Security Advisory FreeBSD-SA-19:23.midi [REVISED]
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Aug 22
=============================================================================
FreeBSD-SA-19:23.midi Security Advisory
The FreeBSD Project

Topic: kernel memory disclosure from /dev/midistat

Category: core
Module: sound
Announced: 2019-08-20
Credits: Peter Holm, Mark Johnston
Affects: All supported versions of...

Tags:
5:30
SEC Consult SA-20190822-0 :: Multiple Vulnerabilities in OpenPGP.js
» ‎ Bugtraq

Posted by SEC Consult Vulnerability Lab on Aug 22
You owe me € 10

Tags:
August 21, 2019
6:02
SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus
» ‎ Bugtraq

Posted by SEC Consult Vulnerability Lab on Aug 21
SEC Consult Vulnerability Lab Security Advisory < 20190821-0 >
=======================================================================
title: Unauthenticated sensitive information leakage
product: Zoho Corporation ManageEngine ServiceDesk Plus
vulnerable version: v10 <10509
fixed version: v10 >=10509
CVE number: CVE-2019-15045, CVE-2019-15046
impact: Critical
homepage:...

Tags:
6:02
[SECURITY] [DSA 4504-1] vlc security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Aug 21
-------------------------------------------------------------------------
Debian Security Advisory DSA-4504-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vlc
CVE ID : CVE-2019-13602 CVE-2019-13962...

Tags:
6:01
FreeBSD Security Advisory FreeBSD-SA-19:24.mqueuefs
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Aug 21
=============================================================================
FreeBSD-SA-19:24.mqueuefs Security Advisory
The FreeBSD Project

Topic: Reference count overflow in mqueue filesystem 32-bit compat

Category: core
Module: kernel
Announced: 2019-08-20
Credits: Karsten KÃ¶nig, Secfault Security
Affects:...

Tags:
5:55
FreeBSD Security Advisory FreeBSD-SA-19:23.midi
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Aug 21
=============================================================================
FreeBSD-SA-19:23.midi Security Advisory
The FreeBSD Project

Topic: kernel memory disclosure from /dev/midistat

Category: core
Module: sound
Announced: 2019-08-20
Credits: Peter Holm, Mark Johnston
Affects: All supported versions of...

Tags:
5:51
FreeBSD Security Advisory FreeBSD-SA-19:22.mbuf
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Aug 21
=============================================================================
FreeBSD-SA-19:22.mbuf Security Advisory
The FreeBSD Project

Topic: IPv6 remote Denial-of-Service

Category: kernel
Module: net
Announced: 2019-08-20
Credits: Clement Lecigne
Affects: All supported versions of FreeBSD.
Corrected:...

Tags:
August 19, 2019
0:39
[CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3
» ‎ Bugtraq

Posted by Justin Bull on Aug 19
[CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3

Happy Sunday everyone.

A security bulletin for you all.

Software:
--------
MediaWiki OAuth2 Client (https://github.com/Schine/MW-OAuth2Client)

Description:
----------
MediaWiki implementation of the PHP League's OAuth2 Client, to allow MediaWiki
to act as a client to any OAuth2 server.

Not Affeted:
------------
0.2 and earlier.

Affected Versions:
---------------
0.3

Fixed...

Tags:
0:32
[SECURITY] [DSA 4503-1] golang-1.11 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Aug 19
-------------------------------------------------------------------------
Debian Security Advisory DSA-4503-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : golang-1.11
CVE ID : CVE-2019-9512 CVE-2019-9514...

Tags:
August 16, 2019
14:55
[SECURITY] [DSA 4502-1] ffmpeg security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Aug 16
-------------------------------------------------------------------------
Debian Security Advisory DSA-4502-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ffmpeg
CVE ID : CVE-2019-12730

Several...

Tags:
3:21
Details about recent GNU patch vulnerabilities
» ‎ Bugtraq

Posted by Imre Rad on Aug 16
I identified several vulnerabilities in the GNU patch utility, some of
them making it possible to execute arbitrary code if the victim opens
a crafted patch file. It also turned out, some of these
vulnerabilities had been silently addressed by the maintainer back
then in 2018 when CVE-2018-1000156 was reported. Some Linux
distributions (like Debian, Ubuntu or Fedora) applied only the primary
patch and thus they remained vulnerable to the attack...

Tags:
August 15, 2019
23:22
[SECURITY] [DSA 4501-1] libreoffice security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Aug 15
-------------------------------------------------------------------------
Debian Security Advisory DSA-4501-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9850 CVE-2019-9851...

Tags:
3:37
[slackware-security] mozilla-firefox (SSA:2019-226-02)
» ‎ Bugtraq

Posted by Slackware Security Team on Aug 15
[slackware-security] mozilla-firefox (SSA:2019-226-02)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.0.2esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Tags:
August 14, 2019
3:01
[slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Aug 14
[slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.189/*: Upgraded.
These updates fix various bugs and many security issues, and include the
Spectre v1 SWAPGS mitigations.
Be sure to upgrade your initrd after upgrading the kernel packages....

Tags:
3:01
APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4
» ‎ Bugtraq

Posted by Apple Product Security on Aug 14
APPLE-SA-2019-8-13-2 Additional information for
APPLE-SA-2019-7-22-1 iOS 12.4

iOS 12.4 addresses the following:

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with...

Tags:
2:58
APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0
» ‎ Bugtraq

Posted by Apple Product Security on Aug 14
APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

SwiftNIO HTTP/2 1.5.0 is now available and addresses the following:

SwiftNIO HTTP/2
Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on
macOS Sierra 10.12 and later and Ubuntu 14.04 and later
Impact: A HTTP/2 server may consume unbounded amounts of memory when
receiving certain traffic patterns and eventually suffer resource
exhaustion
Description: This issue was addressed with improved buffer size...

Tags:
2:57
APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4
» ‎ Bugtraq

Posted by Apple Product Security on Aug 14
APPLE-SA-2019-8-13-4 Additional information for
APPLE-SA-2019-7-22-5 tvOS 12.4

tvOS 12.4 addresses the following:

Bluetooth
Available for: Apple TV 4K and Apple TV HD
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele...

Tags:
2:53
APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3
» ‎ Bugtraq

Posted by Apple Product Security on Aug 14
APPLE-SA-2019-8-13-3 Additional information for
APPLE-SA-2019-7-22-4 watchOS 5.3

watchOS 5.3 addresses the following:

Bluetooth
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele...

Tags:
2:49
APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
» ‎ Bugtraq

Posted by Apple Product Security on Aug 14
APPLE-SA-2019-8-13-1 Additional information for
APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update
2019-004 High Sierra, Security Update 2019-004 Sierra

macOS Mojave 10.14.6, Security Update 2019-004 High Sierra,
Security Update 2019-004 Sierra address the
following:

AppleGraphicsControl
Available for: macOS Mojave 10.14.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with...

Tags:
August 13, 2019
14:15
TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability
» ‎ Bugtraq

Posted by Vulnerability Lab on Aug 13
Document Title:
===============
TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2188

Product:
https://osdn.net/projects/tortoisesvn/storage/1.12.1/Application/TortoiseSVN-1.12.1.28628-x64-svn-1.12.2.msi/

Ticket: https://groups.google.com/forum/#!forum/tortoisesvn

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14422

CVE-ID:...

Tags:
14:11
[SECURITY] [DSA 4500-1] chromium security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Aug 13
-------------------------------------------------------------------------
Debian Security Advisory DSA-4500-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
August 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2019-5805 CVE-2019-5806...

Tags:
14:08
[SECURITY] [DSA 4497-1] linux security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Aug 13
-------------------------------------------------------------------------
Debian Security Advisory DSA-4497-1 security () debian org
https://www.debian.org/security/ Ben Hutchings
August 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2015-8553 CVE-2018-5995...

Tags:
14:04
Dlink-CVE-2019-13101
» ‎ Bugtraq

Posted by Devendra Solanki on Aug 13
A remote vulnerability was discovered on D-Link DIR-600M Wireless N
150 Home Router in multiple respective firmware versions.
The vulnerability provides unauthenticated remote access to the
router's WAN configuration page i.e. "wan.htm", which leads to
disclosure of sensitive user information including but not limited to
PPPoE, DNS configuration etc, also allowing to change
the configuration settings as well.

A metasploit script...

Tags:
August 12, 2019
14:21
[SECURITY] [DSA 4499-1] ghostscript security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Aug 12
-------------------------------------------------------------------------
Debian Security Advisory DSA-4499-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-10216
Debian Bug...

Tags:
7:23
[SECURITY] [DSA 4498-1] python-django security update
» ‎ Bugtraq

Posted by Sebastien Delafond on Aug 12
-------------------------------------------------------------------------
Debian Security Advisory DSA-4498-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
August 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2019-14232...

Tags:
7:19
[SECURITY] [DSA 4496-1] pango1.0 security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Aug 12
-------------------------------------------------------------------------
Debian Security Advisory DSA-4496-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : pango1.0
CVE ID : CVE-2019-1010238
Debian Bug :...

Tags:
7:16
[SECURITY] [DSA 4495-1] linux security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Aug 12
-------------------------------------------------------------------------
Debian Security Advisory DSA-4495-1 security () debian org
https://www.debian.org/security/ Ben Hutchings
August 10, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2018-20836 CVE-2019-1125...

Tags:
7:13
[SECURITY] [DSA 4494-1] kconfig security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Aug 12
-------------------------------------------------------------------------
Debian Security Advisory DSA-4494-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : kconfig
CVE ID : CVE-2019-14744

Dominik Penner...

Tags:
August 08, 2019
15:00
[SECURITY] [DSA 4493-1] postgresql-11 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Aug 08
-------------------------------------------------------------------------
Debian Security Advisory DSA-4493-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-11
CVE ID : CVE-2019-10208...

Tags:
14:57
[SECURITY] [DSA 4492-1] postgresql-9.6 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Aug 08
-------------------------------------------------------------------------
Debian Security Advisory DSA-4492-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-9.6
CVE ID : CVE-2019-10208

A issue has...

Tags:
4:19
[slackware-security] kdelibs (SSA:2019-220-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Aug 08
[slackware-security] kdelibs (SSA:2019-220-01)

New kdelibs packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/kdelibs-4.14.38-i586-1_slack14.2.txz: Upgraded.
kconfig: malicious .desktop files (and others) would execute code.
For more information, see:...

Tags:
4:15
[waraxe-2019-SA#110] - Reflected XSS in MapProxy 1.11.0
» ‎ Bugtraq

Posted by come2waraxe on Aug 08
[waraxe-2019-SA#110] - Reflected XSS in MapProxy 1.11.0
================================================================================

Author: Janek Vind "waraxe"
Date: 07. August 2019
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-110.html

Target description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MapProxy is an open source proxy for geospatial data. It caches, accelerates and...

Tags:
August 06, 2019
12:06
FreeBSD Security Advisory FreeBSD-SA-19:21.bhyve
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Aug 06
=============================================================================
FreeBSD-SA-19:21.bhyve Security Advisory
The FreeBSD Project

Topic: Insufficient validation of guest-supplied data (e1000 device)

Category: core
Module: bhyve
Announced: 2019-08-06
Credits: Reno Robert
Affects: All supported versions...

Tags:
12:03
FreeBSD Security Advisory FreeBSD-SA-19:20.bsnmp
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Aug 06
=============================================================================
FreeBSD-SA-19:20.bsnmp Security Advisory
The FreeBSD Project

Topic: Insufficient message length validation in bsnmp library

Category: contrib
Module: bsnmp
Announced: 2019-08-06
Credits: Guido Vranken <guidovranken () gmail com>...

Tags:
12:00
FreeBSD Security Advisory FreeBSD-SA-19:19.mldv2
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Aug 06
=============================================================================
FreeBSD-SA-19:19.mldv2 Security Advisory
The FreeBSD Project

Topic: ICMPv6 / MLDv2 out-of-bounds memory access

Category: core
Module: net
Announced: 2019-08-06
Credits: CJD of Apple
Affects: All supported versions of FreeBSD....

Tags:
11:57
FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Aug 06
=============================================================================
FreeBSD-SA-19:18.bzip2 Security Advisory
The FreeBSD Project

Topic: Multiple vulnerabilities in bzip2

Category: contrib
Module: bzip2
Announced: 2019-08-06
Affects: All supported versions of FreeBSD.
Corrected: 2019-07-04 07:29:18 UTC...

Tags:
August 05, 2019
1:28
[SECURITY] [DSA 4491-1] proftpd-dfsg security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Aug 05
-------------------------------------------------------------------------
Debian Security Advisory DSA-4491-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 04, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : proftpd-dfsg
CVE ID : CVE-2019-12815
Debian Bug...

Tags:
1:24
Microsoft Windows PowerShell Unsanitized Filename Command Execution
» ‎ Bugtraq

Posted by apparitionsec on Aug 05
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt
[+] ISR: Apparition Security

[Vendor]
www.microsoft.com

[Product]
Windows PowerShell

Windows PowerShell is a Windows command-line shell designed especially for system administrators.
PowerShell includes an interactive...

Tags:
August 02, 2019
0:52
[slackware-security] mariadb (SSA:2019-213-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Aug 02
[slackware-security] mariadb (SSA:2019-213-01)

New mariadb packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mariadb-5.5.65-i486-1_slack14.1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2805...

Tags:
August 01, 2019
2:37
[SECURITY] [DSA 4490-1] subversion security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Aug 01
-------------------------------------------------------------------------
Debian Security Advisory DSA-4490-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : subversion
CVE ID : CVE-2018-11782 CVE-2019-0203...

Tags:
July 30, 2019
0:36
[SECURITY] [DSA 4489-1] patch security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jul 30
-------------------------------------------------------------------------
Debian Security Advisory DSA-4489-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 27, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : patch
CVE ID : CVE-2019-13636 CVE-2019-13638
Debian...

Tags:
0:32
CVE-2019-13635: Directory traversal in WP Fastest Cache 0.8.9.5 and below
» ‎ Bugtraq

Posted by Imre Rad on Jul 30
WP Fastest Cache is a Wordpress plugin that creates static html files
from the dynamic WordPress blog in order to speed up operation.

Version 0.8.9.5 and below of the plugin was identified being
vulnerable to directory traversal attacks.

The first two are Windows only, the 3rd one is generic. The Windows
specific ones were tested on WampServer (so with Apache's Httpd).

#1:
The impact is reading files outside of the cache directory. The...

Tags:
0:29
[SYSS-2019-004]: ABUS Secvest (FUAA50000) - Message Transmission - Unchecked Error Condition (CWE-391)
» ‎ Bugtraq

Posted by matthias . deeg on Jul 30
Advisory ID: SYSS-2019-004
Product: ABUS Secvest (FUAA50000)
Manufacturer: ABUS
Affected Version(s): v3.01.01
Tested Version(s): v3.01.01
Vulnerability Type: Message Transmission - Unchecked Error Condition (CWE-391)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-03-02
Solution Date: -
Public Disclosure: 2019-07-26
CVE Reference: CVE-2019-14261
Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert...

Tags:
0:26
[SECURITY] [DSA 4488-1] exim4 security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jul 30
-------------------------------------------------------------------------
Debian Security Advisory DSA-4488-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 25, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2019-13917

Jeremy Harris...

Tags:
0:22
[SYSS-2019-016] SquirrelMail script filter bypass/XSS (update)
» ‎ Bugtraq

Posted by Moritz Bechler on Jul 30
Advisory ID: SYSS-2019-016 (update 1)
Product: SquirrelMail
Manufacturer: The SquirrelMail Project
Affected Version(s): 1.4.22, SVN
Tested Version(s): SVN
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-04-17
Solution Date: 2019-07-24
Public Disclosure: 2019-07-01
CVE Reference: CVE-2019-12970
Author of Advisory: Moritz Bechler, SySS GmbH...

Tags:
July 24, 2019
7:12
FreeBSD Security Advisory FreeBSD-SA-19:16.bhyve
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Jul 24
=============================================================================
FreeBSD-SA-19:16.bhyve Security Advisory
The FreeBSD Project

Topic: Bhyve out-of-bounds read in XHCI device

Category: core
Module: bhyve
Announced: 2019-07-24
Credits: Reno Robert
Affects: All supported versions of FreeBSD....

Tags:
7:09
FreeBSD Security Advisory FreeBSD-SA-19:17.fd
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Jul 24
=============================================================================
FreeBSD-SA-19:17.fd Security Advisory
The FreeBSD Project

Topic: File description reference count leak

Category: core
Module: unix
Announced: 2019-07-24
Credits: Mark Johnston
Affects: All supported versions of FreeBSD.
Corrected:...

Tags:
7:04
FreeBSD Security Advisory FreeBSD-SA-19:15.mqueuefs
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Jul 24
=============================================================================
FreeBSD-SA-19:15.mqueuefs Security Advisory
The FreeBSD Project

Topic: Reference count overflow in mqueue filesystem

Category: core
Module: kernel
Announced: 2019-07-24
Credits: Mateusz Guzik
Affects: All supported versions of FreeBSD....

Tags:
7:00
FreeBSD Security Advisory FreeBSD-SA-19:14.freebsd32
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Jul 24
=============================================================================
FreeBSD-SA-19:14.freebsd32 Security Advisory
The FreeBSD Project

Topic: Kernel memory disclosure in freebsd32_ioctl

Category: core
Module: kernel
Announced: 2019-07-24
Credits: Ilja van Sprundel, IOActive
Affects: FreeBSD 11.2 and...

Tags:
6:57
FreeBSD Security Advisory FreeBSD-SA-19:12.telnet
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Jul 24
=============================================================================
FreeBSD-SA-19:12.telnet Security Advisory
The FreeBSD Project

Topic: telnet(1) client multiple vulnerabilities

Category: contrib
Module: contrib/telnet
Announced: 2019-07-24
Credits: Juniper Networks
Affects: All supported versions of...

Tags:
6:53
FreeBSD Security Advisory FreeBSD-SA-19:13.pts
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Jul 24
=============================================================================
FreeBSD-SA-19:13.pts Security Advisory
The FreeBSD Project

Topic: pts(4) write-after-free

Category: core
Module: kernel
Announced: 2019-07-24
Credits: syzkaller
Affects: All supported versions of FreeBSD.
Corrected: 2019-07-07...

Tags:
3:41
Trend Micro Deep Discovery Inspector IDS / Percent Encoding IDS Bypass
» ‎ Bugtraq

Posted by apparitionsec on Jul 24
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-DEEP-DISCOVERY-INSPECTOR-PERCENT-ENCODING-IDS-BYPASS.txt
[+] ISR: Apparition Security

[Vendor]
www.trendmicro.com

[Product]
Deep Discovery Inspector

Deep Discovery Inspector is a network appliance that monitors all ports and over 105 different network protocols to
discover...

Tags:
3:38
APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6
» ‎ Bugtraq

Posted by Apple Product Security on Jul 24
APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6

iTunes for Windows 12.9.6 is now available and addresses the
following:

libxslt
Available for: Windows 7 and later
Impact: A remote attacker may be able to view sensitive information
Description: A stack overflow was addressed with improved input
validation.
CVE-2019-13118: found by OSS-Fuzz

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to...

Tags:
3:34
APPLE-SA-2019-7-23-1 iCloud for Windows 7.13
» ‎ Bugtraq

Posted by Apple Product Security on Jul 24
APPLE-SA-2019-7-23-1 iCloud for Windows 7.13

iCloud for Windows 7.13 is now available and addresses the following:

libxslt
Available for: Windows 7 and later
Impact: A remote attacker may be able to view sensitive information
Description: A stack overflow was addressed with improved input
validation.
CVE-2019-13118: found by OSS-Fuzz

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to...

Tags:
3:32
APPLE-SA-2019-7-23-3 iCloud for Windows 10.6
» ‎ Bugtraq

Posted by Apple Product Security on Jul 24
APPLE-SA-2019-7-23-3 iCloud for Windows 10.6

iCloud for Windows 10.6 is now available and addresses the following:

libxslt
Available for: Windows 10 and later via the Microsoft Store
Impact: A remote attacker may be able to view sensitive information
Description: A stack overflow was addressed with improved input
validation.
CVE-2019-13118: found by OSS-Fuzz

WebKit
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing...

Tags:
3:28
[SECURITY] [DSA 4487-1] neovim security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jul 24
-------------------------------------------------------------------------
Debian Security Advisory DSA-4487-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : neovim
CVE ID : CVE-2019-12735

User...

Tags:
July 23, 2019
0:55
APPLE-SA-2019-7-22-3 Safari 12.1.2
» ‎ Bugtraq

Posted by Apple Product Security on Jul 23
APPLE-SA-2019-7-22-3 Safari 12.1.2

Safari 12.1.2 is now available and addresses the following:

Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
included in macOS Mojave 10.14.6
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2019-8670: Tsubasa FUJII (@reinforchu)

WebKit
Available for: macOS Sierra...

Tags:
0:52
APPLE-SA-2019-7-22-5 tvOS 12.4
» ‎ Bugtraq

Posted by Apple Product Security on Jul 23
APPLE-SA-2019-7-22-5 tvOS 12.4

tvOS 12.4 is now available and addresses the following:

Core Data
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero

Core Data
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code...

Tags:
0:49
APPLE-SA-2019-7-22-4 watchOS 5.3
» ‎ Bugtraq

Posted by Apple Product Security on Jul 23
APPLE-SA-2019-7-22-4 watchOS 5.3

watchOS 5.3 is now available and addresses the following:

Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero

Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause...

Tags:
0:45
APPLE-SA-2019-7-22-1 iOS 12.4
» ‎ Bugtraq

Posted by Apple Product Security on Jul 23
APPLE-SA-2019-7-22-1 iOS 12.4

iOS 12.4 is now available and addresses the following:

Core Data
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero

Core Data
Available for: iPhone 5s and later, iPad Air and...

Tags:
July 22, 2019
1:18
Jira Server - Template injection in various resources - CVE-2019-11581
» ‎ Bugtraq

Posted by Anton Black on Jul 22
This email refers to the advisory found at
https://confluence.atlassian.com/x/AzoGOg .

CVE ID:

* CVE-2019-11581.

Product: Jira Server and Data Center.

Affected Jira Server and Data Center product versions:

4.0.0 <= version < 7.6.14
7.13.0 <= version < 7.13.5
8.0.0 <= version < 8.0.3
8.1.0 <= version < 8.1.2
8.2.0 <= version < 8.2.3

Fixed Jira Server and Data Center product versions:

* Jira Server and Data...

Tags:
1:15
[slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Jul 22
[slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.182/*: Upgraded.
These updates fix various bugs and many minor security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be...

Tags:
1:11
[SECURITY] [DSA 4486-1] openjdk-11 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jul 22
-------------------------------------------------------------------------
Debian Security Advisory DSA-4486-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 21, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-11
CVE ID : CVE-2019-2745 CVE-2019-2762...

Tags:
1:08
[SECURITY] [DSA 4485-1] openjdk-8 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jul 22
-------------------------------------------------------------------------
Debian Security Advisory DSA-4485-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 21, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-8
CVE ID : CVE-2019-2745 CVE-2019-2762...

Tags:
1:04
[SECURITY] [DSA 4484-1] linux security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jul 22
-------------------------------------------------------------------------
Debian Security Advisory DSA-4484-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2019-13272

Jann Horn discovered...

Tags:
July 18, 2019
2:01
CVE-2019-13577 / MAPLE Computer WBT SNMP Administrator v2.0.195.15 / Unauthenticated Remote Buffer Overflow Code Execution 0day
» ‎ Bugtraq

Posted by apparitionsec on Jul 18
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MAPLE-WBT-SNMP-ADMINISTRATOR-v2.0.195.15-REMOTE-BUFFER-OVERFLOW-CODE-EXECUTION-0DAY.txt
[+] ISR: Apparition Security

[Vendor]
www.computerlab.com

[Product]
MAPLE Computer WBT SNMP Administrator (Thin Client Administrator)
v2.0.195.15...

Tags:
July 16, 2019
17:44
[SECURITY] [DSA 4483-1] libreoffice security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jul 16
-------------------------------------------------------------------------
Debian Security Advisory DSA-4483-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9848 CVE-2019-9849...

Tags:
1:15
Deutsche Telekom CERT Advisory [DTC-A-20170323-001]
» ‎ Bugtraq

Posted by cert on Jul 16
Deutsche Telekom CERT Advisory [DTC-A-20170323-001]

Summary:
Information leakage found in FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box 7490)

Recommendation:
Update to the newest Version of FRITZ!OS

Details:
a) application
b) problem
c) CVSS
d) detailed description
e) credits...

Tags:
1:12
[**Fixed Typo] Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity
» ‎ Bugtraq

Posted by apparitionsec on Jul 16
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Compiled HTML Help "hh.exe"

Microsoft Compiled HTML Help is a Microsoft proprietary online help format, consisting of a collection...

Tags:
1:09
Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity
» ‎ Bugtraq

Posted by apparitionsec on Jul 16
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Compiled HTML Help "hh.exe"

Microsoft Compiled HTML Help is a Microsoft proprietary online help format, consisting of a collection...

Tags:
July 15, 2019
10:51
[SYSS-2019-024] FANUC Robotics Virtual Robot Controller - Stack-based Buffer Overflow (CWE-121)
» ‎ Bugtraq

Posted by Sebastian Hamann on Jul 15
Advisory ID: SYSS-2019-024
Product: FANUC Robotics Virtual Robot Controller
Manufacturer: FANUC Robotics America, Inc.
Affected Version(s): V8.23
Tested Version(s): V8.23
Vulnerability Type: Stack-based Buffer Overflow (CWE-121)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-05-22
Solution Date: ?
Public Disclosure: 2019-07-15
CVE Reference: CVE-2019-13585
Author of Advisory: Sebastian Hamann, SySS GmbH...

Tags:
10:47
[SYSS-2019-025] FANUC Robotics Virtual Robot Controller - Path Traversal (CWE-22)
» ‎ Bugtraq

Posted by Sebastian Hamann on Jul 15
Advisory ID: SYSS-2019-025
Product: FANUC Robotics Virtual Robot Controller
Manufacturer: FANUC Robotics America, Inc.
Affected Version(s): V8.23
Tested Version(s): V8.23
Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2019-05-22
Solution Date: ?
Public Disclosure: 2019-07-15
CVE Reference: CVE-2019-13584
Author...

Tags:
0:45
[slackware-security] bzip2 (SSA:2019-195-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Jul 15
[slackware-security] bzip2 (SSA:2019-195-01)

New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bzip2-1.0.8-i586-1_slack14.2.txz: Upgraded.
Fixes security issues:
bzip2recover: Fix use after free issue with outFile.
Make sure nSelectors is not out of range.
For more information, see:...

Tags:
0:42
[SECURITY] [DSA 4482-1] thunderbird security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jul 15
-------------------------------------------------------------------------
Debian Security Advisory DSA-4482-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-9811 CVE-2019-11709...

Tags:
0:38
[SECURITY] [DSA 4481-1] ruby-mini-magick security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jul 15
-------------------------------------------------------------------------
Debian Security Advisory DSA-4481-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-mini-magick
CVE ID : CVE-2019-13574
Debian Bug...

Tags:
July 12, 2019
1:39
[SECURITY] [DSA 4480-1] redis security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jul 12
-------------------------------------------------------------------------
Debian Security Advisory DSA-4480-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : redis
CVE ID : CVE-2019-10192 CVE-2019-10193...

Tags:
1:36
AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver
» ‎ Bugtraq

Posted by Asterisk Security Team on Jul 12
Asterisk Project Security Advisory - AST-2019-003

Product Asterisk
Summary Remote Crash Vulnerability in chan_sip channel
driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions...

Tags:
1:35
AST-2019-002: Remote crash vulnerability with MESSAGE messages
» ‎ Bugtraq

Posted by Asterisk Security Team on Jul 12
Asterisk Project Security Advisory - AST-2019-002

Product Asterisk
Summary Remote crash vulnerability with MESSAGE messages
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions
Severity Low...

Tags:
1:30
[SECURITY] [DSA 4479-1] firefox-esr security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jul 12
-------------------------------------------------------------------------
Debian Security Advisory DSA-4479-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-9811 CVE-2019-11709...

Tags:
1:27
[slackware-security] mozilla-firefox (SSA:2019-191-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Jul 12
[slackware-security] mozilla-firefox (SSA:2019-191-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements. Some of the patched
flaws are considered critical, and could be used to run...

Tags:
1:23
[SECURITY] [DSA 4478-1] dosbox security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jul 12
-------------------------------------------------------------------------
Debian Security Advisory DSA-4478-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 10, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dosbox
CVE ID : CVE-2019-7165 CVE-2019-12594

Two...

Tags:
July 09, 2019
5:55
[SECURITY] [DSA 4477-1] zeromq3 security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jul 09
-------------------------------------------------------------------------
Debian Security Advisory DSA-4477-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : zeromq3
CVE ID : CVE-2019-13132

Fang-Pen Lin...

Tags:
July 08, 2019
5:43
Two vulnerabilities found in Sony Bravia Smart TVs
» ‎ Bugtraq

Posted by xen1thLabs on Jul 08
## ADVISORY INFORMATION

TITLE: Two vulnerabilities found in Sony BRAVIA Smart TVs
ADVISORY URL:
CVE-2019-11889
https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/
CVE-2019-11890

https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-over-wifi-lan-internet-vulnerability-xl-19-013/

DATE PUBLISHED: 02/07/2019
AFFECTED VENDORS: Sony
RELEASE...

Tags:
5:41
Cisco Data Center Manager multiple vulns; RCE as root
» ‎ Bugtraq

Posted by Pedro Ribeiro on Jul 08
Hi,

tl;dr Cisco Data Center Network Manager has multiple vulns which can be
abused to achieve RCE as root with no authentication.

Full advisory below, and Metasploit modules have been submitted to the
project.

A special thanks to iDefense for handling the disclosure process with Cisco.

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt

code execution) on Cisco Data Center Network Manager

Security (...

Tags:
5:37
[SECURITY] [DSA 4476-1] python-django security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jul 08
-------------------------------------------------------------------------
Debian Security Advisory DSA-4476-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2019-6975 CVE-2019-12308...

Tags:
July 04, 2019
3:45
[SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321)
» ‎ Bugtraq

Posted by manuel . stotz on Jul 04
Advisory ID: SYSS-2019-021
Product: Cynap
Manufacturer: WolfVision
Affected Version(s): 1.18g, 1.28j
Tested Version(s): 1.18g, 1.28j
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-05-03
Solution Date: 2019-06-19
Public Disclosure: 2019-07-04
CVE Reference: Not assigned yet
Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH)...

Tags:
July 03, 2019
23:22
Microsoft File Checksum Integrity Verifier "fciv.exe" v2.05 / DLL Hijack Arbitrary Code Execution
» ‎ Bugtraq

Posted by apparitionsec on Jul 03
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-FILE-CHECKSUM-VERIFIER-v2.05-DLL-HIJACKING-ARBITRARY-CODE-EXECUTION.txt
[+] ISR: Apparition Security

[Vendor]
www.microsoft.com

[Product]
File Checksum Integrity Verifier version 2.05 "fciv.exe"

Download:
https://www.microsoft.com/en-us/download/details.aspx?id=11533

Excerpt from...

Tags:
5:11
FreeBSD Security Advisory FreeBSD-SA-19:10.ufs
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Jul 03
=============================================================================
FreeBSD-SA-19:10.ufs Security Advisory
The FreeBSD Project

Topic: Kernel stack disclosure in UFS/FFS

Category: core
Module: Kernel
Announced: 2019-07-02
Credits: David G. Lawrence <dg () dglawrence com>
Affects: All supported...

Tags:
5:09
[SYSS-2019-017] EBK BKS Buskoppler - Unauthenticated Remote Code Execution
» ‎ Bugtraq

Posted by sebastian . auwaerter on Jul 03
Advisory ID: SYSS-2019-017
Product: BKS EBK Ethernet-Buskoppler Pro
Manufacturer: BKS GmbH
Affected Version(s): < 3.01
Vulnerability Type: Unrestricted Upload of File with Dangerous Type (CWE-434)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: April 23, 2019
Solution Date: June 14, 2019
Public Disclosure: July 03, 2019
CVE Reference: CVE-2019-12971
Author of Advisory: Sebastian Auwaerter, SySS GmbH...

Tags:
5:05
FreeBSD Security Advisory FreeBSD-SA-19:11.cd_ioctl
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Jul 03
=============================================================================
FreeBSD-SA-19:11.cd_ioctl Security Advisory
The FreeBSD Project

Topic: Privilege escalation in cd(4) driver

Category: core
Module: kernel
Announced: 2019-07-02
Credits: Alex Fortune
Affects: All supported versions of FreeBSD.
Corrected:...

Tags:
5:01
FreeBSD Security Advisory FreeBSD-SA-19:09.iconv
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Jul 03
=============================================================================
FreeBSD-SA-19:09.iconv Security Advisory
The FreeBSD Project

Topic: iconv buffer overflow

Category: core
Module: libc
Announced: 2019-07-02
Credits: Andrea Venturoli <security () netfence it>, NetFence
Affects: All supported...

Tags:
July 01, 2019
19:36
[SECURITY] [DSA 4475-1] openssl security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jul 01
-------------------------------------------------------------------------
Debian Security Advisory DSA-4475-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2019-1543

Joran Dirk Greef...

Tags:
19:33
[SECURITY] [DSA 4474-1] firefox-esr security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jul 01
-------------------------------------------------------------------------
Debian Security Advisory DSA-4474-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-11708

A sandbox...

Tags:
19:29
[RT-SA-2019-012] Information Disclosure in REDDOXX Appliance
» ‎ Bugtraq

Posted by RedTeam Pentesting GmbH on Jul 01
Advisory: Information Disclosure in REDDOXX Appliance

RedTeam Pentesting discovered an Information Disclosure vulnerability in
the REDDOXX appliance software, which allows unauthenticated attackers
to gain information about the internal network the appliance is part of.

Details
=======

Product: REDDOXX Appliance
Affected Versions: 2032-SP2 up to hotfix 51
Fixed Versions: 2032-SP2 hotfix 53
Vulnerability Type: Information Disclosure
Security...

Tags:
4:20
[SYSS-2019-016] SquirrelMail script filter bypass/XSS
» ‎ Bugtraq

Posted by Moritz Bechler on Jul 01
Advisory ID: SYSS-2019-016
Product: SquirrelMail
Manufacturer: The SquirrelMail Project
Affected Version(s): 1.4.22, SVN
Tested Version(s): SVN
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-04-17
Solution Date: N/A
Public Disclosure: 2019-07-01
CVE Reference: CVE-2019-12970
Author of Advisory: Moritz Bechler, SySS GmbH...

Tags:
June 30, 2019
20:56
[slackware-security] irssi (SSA:2019-180-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Jun 30
[slackware-security] irssi (SSA:2019-180-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/irssi-1.1.3-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue: Use after free when sending SASL login
to the server found by ilbelkyr. May affect the stability of Irssi. SASL...

Tags:
20:46
[SECURITY] [DSA 4473-1] rdesktop security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jun 30
-------------------------------------------------------------------------
Debian Security Advisory DSA-4473-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : rdesktop
Debian Bug : 930387

Multiple security issues...

Tags:
June 28, 2019
5:45
[SECURITY] [DSA 4472-1] expat security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jun 28
-------------------------------------------------------------------------
Debian Security Advisory DSA-4472-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : expat
CVE ID : CVE-2018-20843
Debian Bug :...

Tags:
June 26, 2019
4:05
[SYSS-2019-006] Adobe Coldfusion (Windows) - Remote Code Execution through JNBridge listener
» ‎ Bugtraq

Posted by Moritz Bechler on Jun 26
Advisory ID: SYSS-2019-006
Product: Coldfusion/JNBridge
Manufacturer: Adobe/JNBridge LLC
Affected Version(s): Coldfusion 2016,2018, JNBridge all versions
Tested Version(s): 2018
Vulnerability Type: Remote Code Execution
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-03-27
Solution Date: 2019-06-11
Public Disclosure: 2019-06-24
CVE Reference: CVE-2019-7839
Author of Advisory: Moritz Bechler, SySS GmbH...

Tags:
June 25, 2019
6:47
[SECURITY] [DSA 4471-1] thunderbird security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jun 25
-------------------------------------------------------------------------
Debian Security Advisory DSA-4471-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-11707 CVE-2019-11708...

Tags:
June 24, 2019
0:42
[SECURITY] [DSA 4469-1] libvirt security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jun 24
-------------------------------------------------------------------------
Debian Security Advisory DSA-4469-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 22, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libvirt
CVE ID : CVE-2019-10161 CVE-2019-10167

Two...

Tags:
0:40
[SECURITY] [DSA 4470-1] pdns security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jun 24
-------------------------------------------------------------------------
Debian Security Advisory DSA-4470-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 23, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : pdns
CVE ID : CVE-2019-10162 CVE-2019-10163

Two...

Tags:
0:39
[slackware-security] mozilla-firefox (SSA:2019-172-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Jun 24
[slackware-security] mozilla-firefox (SSA:2019-172-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-60.7.2esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Tags:
0:32
[SECURITY] [DSA 4467-2] vim regression update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jun 24
-------------------------------------------------------------------------
Debian Security Advisory DSA-4467-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 23, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vim
CVE ID : CVE-2019-12735

The update for vim...

Tags:
0:29
APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1
» ‎ Bugtraq

Posted by Apple Product Security on Jun 24
APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1

AirPort Base Station Firmware Update 7.8.1 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extreme, and AirPort Time
Capsule base stations with 802.11n
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8581: Lucio Albornoz...

Tags:
0:29
[SECURITY] [DSA 4468-1] php-horde-form security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jun 24
-------------------------------------------------------------------------
Debian Security Advisory DSA-4468-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 21, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php-horde-form
CVE ID : CVE-2019-9858
Debian Bug...

Tags:
0:26
[slackware-security] mozilla-thunderbird (SSA:2019-172-02)
» ‎ Bugtraq

Posted by Slackware Security Team on Jun 24
[slackware-security] mozilla-thunderbird (SSA:2019-172-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-60.7.2-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Tags:
0:21
[slackware-security] bind (SSA:2019-171-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Jun 24
[slackware-security] bind (SSA:2019-171-01)

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a denial-of-service security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.11.8-i586-1_slack14.2.txz: Upgraded.
Fixed a race condition in dns_dispatch_getnext() that could cause an
assertion failure if a significant number of incoming packets...

Tags:
0:18
[SECURITY] [DSA 4447-2] intel-microcode security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jun 24
-------------------------------------------------------------------------
Debian Security Advisory DSA-4447-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
Jun 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : intel-microcode
CVE ID : CVE-2018-12126...

Tags:
0:14
FreeBSD Security Advisory FreeBSD-SA-19:08.rack
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on Jun 24
=============================================================================
FreeBSD-SA-19:08.rack Security Advisory
The FreeBSD Project

Topic: Resource exhaustion in non-default RACK TCP stack

Category: core
Module: inet
Announced: 2019-06-19
Credits: Jonathan Looney (Netflix)
Peter Lei (Netflix)...

Tags:
June 18, 2019
10:12
[SECURITY] [DSA 4465-1] linux security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jun 18
-------------------------------------------------------------------------
Debian Security Advisory DSA-4465-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2019-3846 CVE-2019-5489...

Tags:
June 17, 2019
2:44
[SECURITY] [DSA 4464-1] thunderbird security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jun 17
-------------------------------------------------------------------------
Debian Security Advisory DSA-4464-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-11703 CVE-2019-11704...

Tags:
2:44
Microsoft Word (2016) Deceptive File Reference ZDI-CAN-7949
» ‎ Bugtraq

Posted by apparitionsec on Jun 17
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WORD-DECEPTIVE-FILE-REFERENCE.txt
[+] ISR: ApparitionSec
[+] Zero Day Initiative Program

[Vendor]
www.microsoft.com

[Product]
Microsoft Word 2016

[Vulnerability Type]
Deceptive File Reference

[References]
ZDI-CAN-7949

[Security Issue]
When a MS Word ".docx" File contains a...

Tags:
2:39
[SECURITY] [DSA 4463-1] znc security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jun 17
-------------------------------------------------------------------------
Debian Security Advisory DSA-4463-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : znc
CVE ID : CVE-2019-9917 CVE-2019-12816
Debian...

Tags:
2:36
[SE-2019-01] Java Card vulnerabilities (post shutdown release)
» ‎ Bugtraq

Posted by Adam Gowdiak on Jun 17
Hello All,

Original reports that were submitted to Oracle and Gemalto have been
posted to Security Explorations website:

http://www.security-explorations.com/javacard_details.html

This should help all interested parties to proceed with an independent
evaluation of the issues, but also judge Oracle and Gemalto stance with
respect to them.

Thank you.

Best Regards,
adam gowdiak

Tags:
June 13, 2019
23:13
X41 D-Sec GmbH Security Advisory X41-2019-004: Type confusion in Thunderbird
» ‎ Bugtraq

Posted by X41 D-Sec GmbH Advisories on Jun 13
X41 D-Sec GmbH Security Advisory: X41-2019-004

Type confusion in Thunderbird
=============================
Severity Rating: Medium
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1555646
Vector: Incoming mail with calendar attachment
Credit: X41 D-SEC GmbH, Luis Merino...

Tags:
23:13
[slackware-security] mozilla-thunderbird (SSA:2019-164-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Jun 13
[slackware-security] mozilla-thunderbird (SSA:2019-164-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-60.7.1-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Tags:
23:12
X41 D-Sec GmbH Security Advisory X41-2019-003: Stack-based buffer overflow in Thunderbird
» ‎ Bugtraq

Posted by X41 D-Sec GmbH Advisories on Jun 13
X41 D-Sec GmbH Security Advisory: X41-2019-003

Stack-based buffer overflow in Thunderbird
==========================================
Severity Rating: High
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1553808
Vector: Incoming mail with calendar attachment
Credit: X41...

Tags:
23:09
X41 D-Sec GmbH Security Advisory X41-2019-002: Heap-based buffer overflow in Thunderbird
» ‎ Bugtraq

Posted by X41 D-Sec GmbH Advisories on Jun 13
X41 D-Sec GmbH Security Advisory: X41-2019-002

Heap-based buffer overflow in Thunderbird
=========================================
Severity Rating: High
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1553820
Vector: Incoming mail with calendar attachment
Credit: X41...

Tags:
23:00
X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird
» ‎ Bugtraq

Posted by X41 D-Sec GmbH Advisories on Jun 13
X41 D-Sec GmbH Security Advisory: X41-2019-001

Heap-based buffer overflow in Thunderbird
=========================================
Severity Rating: High
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1553814
Vector: Incoming mail with calendar attachment
Credit: X41...

Tags:
22:56
[SECURITY] [DSA 4462-1] dbus security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jun 13
-------------------------------------------------------------------------
Debian Security Advisory DSA-4462-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dbus
CVE ID : CVE-2019-12749
Debian Bug :...

Tags:
22:53
X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird
» ‎ Bugtraq

Posted by X41 D-Sec GmbH Advisories on Jun 13
X41 D-Sec GmbH Security Advisory: X41-2019-001

Heap-based buffer overflow in Thunderbird
=========================================
Severity Rating: High
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1553814
Vector: Incoming mail with calendar attachment
Credit: X41...

Tags:
4:30
SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
» ‎ Bugtraq

Posted by SEC Consult Vulnerability Lab on Jun 13
SEC Consult Vulnerability Lab Security Advisory < 20190612-0 >
=======================================================================
title: Multiple vulnerabilities
product: WAGO 852 Industrial Managed Switch Series
vulnerable version: 852-303: <v1.2.2.S0
852-1305: <v1.1.6.S0
852-1505: <v1.1.5.S0
fixed version: 852-303: v1.2.2.S0...

Tags:
June 12, 2019
7:40
[SECURITY] [DSA 4461-1] zookeeper security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jun 12
-------------------------------------------------------------------------
Debian Security Advisory DSA-4461-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : zookeeper
CVE ID : CVE-2019-0201

Harrison Neil...

Tags:
7:38
[SECURITY] [DSA 4460-1] mediawiki security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jun 12
-------------------------------------------------------------------------
Debian Security Advisory DSA-4460-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mediawiki
CVE ID : CVE-2019-11358 CVE-2019-12466...

Tags:
7:34
[SECURITY] [DSA 4459-1] vlc security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Jun 12
-------------------------------------------------------------------------
Debian Security Advisory DSA-4459-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vlc
CVE ID : not yet available

Multiple security...

Tags:
June 10, 2019
1:27
CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8
» ‎ Bugtraq

Posted by Imre Rad on Jun 10
Affected product:
WampServer 3.1.4-3.1.8

Offiical description:
"WampServer is a Windows web development environment. It allows you to
create web applications with Apache2, PHP and a MySQL database.
Alongside, PhpMyAdmin allows you to manage easily your databases."

Official website:
http://www.wampserver.com/en/

Vulnerability description:
The add_vhost.php script in the administration panel of Wampserver was
vulnerable to Cross Site...

Tags:
June 09, 2019
22:09
[SECURITY] [DSA 4458-1] cyrus-imapd security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jun 09
-------------------------------------------------------------------------
Debian Security Advisory DSA-4458-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : cyrus-imapd
CVE ID : CVE-2019-11356

A flaw was...

Tags:
22:05
Newly releases IoT security issues
» ‎ Bugtraq

Posted by stevesim84 on Jun 09
Two repositories containing security issues against various kinds of IoT devices ranging from consumer electronics such
as smart routers, smart home controllers, smart IP cameras to IIoT used tools as well as routers seem to have been
released.

One of them is identified by Samuel Huntley and it is in Moxa IIoT router --
https://github.com/samuelhuntley/Moxa_AWK_1121

The other one is identified by Mandar Satam who works in the security field...

Tags:
21:55
[SECURITY] [DSA 4457-1] evolution security update
» ‎ Bugtraq

Posted by Sebastien Delafond on Jun 09
-------------------------------------------------------------------------
Debian Security Advisory DSA-4457-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
June 07, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : evolution
CVE ID : CVE-2018-15587
Debian Bug :...

Tags:
June 06, 2019
21:44
[SECURITY] [DSA 4454-2] qemu regression update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jun 06
-------------------------------------------------------------------------
Debian Security Advisory DSA-4454-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 06, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu
Debian Bug : 929067

Vincent Tondellier reported...

Tags:
June 05, 2019
19:24
[SECURITY] [DSA 4456-1] exim4 security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jun 05
-------------------------------------------------------------------------
Debian Security Advisory DSA-4456-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 05, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2019-10149

The Qualys Research...

Tags:
June 04, 2019
4:18
[SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability
» ‎ Bugtraq

Posted by matthias . deeg on Jun 04
Advisory ID: SYSS-2019-015
Product: R700 Laser Presentation Remote
Manufacturer: Logitech
Affected Version(s): Model R-R0010 (PID WD904XM and PID WD802XM)
Tested Version(s): Model R-R0010 (PID WD904XM and PID WD802XM)
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-04-12
Solution Date: -
Public...

Tags:
4:15
[SYSS-2019-008]: Inateck 2.4 GHz Wearable Wireless Presenter WP2002 - Keystroke Injection Vulnerability
» ‎ Bugtraq

Posted by matthias . deeg on Jun 04
Advisory ID: SYSS-2019-008
Product: 2.4 GHz Wearable Wireless Presenter WP2002
Manufacturer: Inateck
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-03-22
Solution Date: -
Public Disclosure: 2019-06-04
CVE Reference: CVE-2019-12504
Author of...

Tags:
4:11
[SYSS-2019-007]: Inateck 2.4 GHz Wireless Presenter WP1001 - Keystroke Injection Vulnerability
» ‎ Bugtraq

Posted by matthias . deeg on Jun 04
Advisory ID: SYSS-2019-007
Product: 2.4 GHz Wireless Presenter WP1001
Manufacturer: Inateck
Affected Version(s): Rev. v1.3C
Tested Version(s): Rev. v1.3C
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-03-22
Solution Date: -
Public Disclosure: 2019-06-04
CVE Reference: CVE-2019-12505
Author of...

Tags:
June 03, 2019
21:27
[SECURITY] [DSA 4455-1] heimdal security update
» ‎ Bugtraq

Posted by Salvatore Bonaccorso on Jun 03
-------------------------------------------------------------------------
Debian Security Advisory DSA-4455-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 03, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : heimdal
CVE ID : CVE-2018-16860 CVE-2019-12098...

Tags:
3:49
Rapid7’s Windows InsightIDR Agent: Local Privilege Escalation
» ‎ Bugtraq

Posted by Florian Bogner on Jun 03
Local Privilege Escalation in Rapid7’s Windows Insight IDR Agent

Metadata
===================================================
Release Date: 03-Jun-2019
Author: Florian Bogner @ https://bee-itsecurity.at
Affected product: Rapid7’s Insight Agent v2.6.3.14 and earlier for Windows
Fixed in: version 2.6.5
Tested on: Windows 10 x64 fully patched
CVE: CVE-2019-5629
URL:...

Tags:
May 31, 2019
5:34
Unauthorized Access Vulnerability in ZyXEL P-660HN-T1 V2 (2.00(AAKK.3))
» ‎ Bugtraq

Posted by Onur Onur on May 31
Description:
The rpWLANRedirect.asp ASP page is accessible without authentication
on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the
page, the admin user's password can be obtained by viewing the HTML
source code, and the interface of the modem can be accessed as admin.

Solution:
The manufacturer has released the hotfix via dropbox for the current
vulnerability....

Tags:
4:54
Unauthorized Access Vulnerability in ZyXEL P-660HN-T1 V2 (2.00(AAKK.3))
» ‎ Bugtraq

Posted by Onur Onur on May 31
Description:
The rpWLANRedirect.asp ASP page is accessible without authentication
on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the
page, the admin user's password can be obtained by viewing the HTML
source code, and the interface of the modem can be accessed as admin.

Solution:
The manufacturer has released the hotfix via dropbox for the current
vulnerability....

Tags:
4:51
APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1
» ‎ Bugtraq

Posted by Apple Product Security on May 31
APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1

AirPort Base Station Firmware Update 7.9.1 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations
with 802.11ac
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8581: Lucio Albornoz

AirPort Base...

Tags:
4:48
[SECURITY] [DSA 4454-1] qemu security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on May 31
-------------------------------------------------------------------------
Debian Security Advisory DSA-4454-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 30, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu
CVE ID : CVE-2018-11806 CVE-2018-12617...

Tags:
May 30, 2019
9:51
[SECURITY] [DSA 4453-1] openjdk-8 security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on May 30
-------------------------------------------------------------------------
Debian Security Advisory DSA-4453-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 29, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-8
CVE ID : CVE-2019-2602 CVE-2019-2684...

Tags:
May 29, 2019
0:34
[SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257)
» ‎ Bugtraq

Posted by matthias . deeg on May 29
Advisory ID: SYSS-2019-014
Product: LOGO!
Manufacturer: Siemens
Affected Version(s): LOGO! 8 (all versions)
Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03
Vulnerability Type: Storing Passwords in a Recoverable Format (CWE-257)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-04-04
Solution Date: 2019-05-14 (recommended mitigation by manufacturer)
Public Disclosure: 2019-05-29
CVE Reference:...

Tags:
0:30
[SYSS-2019-013]: Siemens LOGO! 8 - Missing Authentication for Critical Function (CWE-306)
» ‎ Bugtraq

Posted by matthias . deeg on May 29
Advisory ID: SYSS-2019-013
Product: LOGO!
Manufacturer: Siemens
Affected Version(s): LOGO! 8 (all versions)
Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03
Vulnerability Type: Missing Authentication for Critical Function (CWE-306)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-04-04
Solution Date: 2019-05-14 (recommended mitigation by manufacturer)
Public Disclosure: 2019-05-29
CVE Reference:...

Tags:
0:27
[SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321)
» ‎ Bugtraq

Posted by matthias . deeg on May 29
Advisory ID: SYSS-2019-012
Product: LOGO!
Manufacturer: Siemens
Affected Version(s): LOGO! 8 (all versions)
Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-04-04
Solution Date: 2019-05-14 (recommended mitigation by manufacturer)
Public Disclosure: 2019-05-29
CVE Reference:...

Tags:
May 28, 2019
21:41
APPLE-SA-2019-5-28-1 iTunes for Windows 12.9.5
» ‎ Bugtraq

Posted by Apple Product Security on May 28
APPLE-SA-2019-5-28-1 iTunes for Windows 12.9.5

iTunes for Windows 12.9.5 is now available and addresses the
following:

SQLite
Available for: Windows 7 and later
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved
memory handling.
CVE-2019-8577: Omer Gull of Checkpoint Research

SQLite
Available for: Windows 7 and later
Impact: A maliciously crafted SQL query may lead...

Tags:
21:38
APPLE-SA-2019-5-28-2 iCloud for Windows 7.12
» ‎ Bugtraq

Posted by Apple Product Security on May 28
APPLE-SA-2019-5-28-2 iCloud for Windows 7.12

iCloud for Windows 7.12 is now available and addresses the following:

SQLite
Available for: Windows 7 and later
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved
memory handling.
CVE-2019-8577: Omer Gull of Checkpoint Research

SQLite
Available for: Windows 7 and later
Impact: A maliciously crafted SQL query may lead to...

Tags:
May 27, 2019
1:23
Crowd Security Advisory - 2019-05-22
» ‎ Bugtraq

Posted by Atlassian on May 27
This email refers to the advisory found at
https://confluence.atlassian.com/x/3ADVOQ .

CVE ID:

* CVE-2019-11580.

Product: Crowd and Crowd Data Center.

Affected Crowd and Crowd Data Center product versions:

2.1.0 <= version < 3.0.5
3.1.0 <= version < 3.1.6
3.2.0 <= version < 3.2.8
3.3.0 <= version < 3.3.5
3.4.0 <= version < 3.4.4

Fixed Crowd and Crowd Data Center product versions:

* Crowd and Crowd Data Center...

Tags:

Skip to page: 1 2 3 ... 64

← SecurityFocus Vulnerabilities Full Disclosure →

jetlib.sec » Bugtraq

Feeds

Bugtraq

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags: