SOLDIERX.COM Nobody Can Stop Information Insemination

Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

[SECURITY] [DSA 4633-1] curl security update

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Local information disclosure in OpenSMTPD (CVE-2020-8793)

News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Posted by Stefan Kanthak on Jun 05

Hi @ll,

the MSDN article "Security Considerations: Microsoft Windows Shell"
<https://msdn.microsoft.com/en-us/library/bb776776.aspx#shellexecute-shellexecuteex-and-related-functions>
provides since MANY years the following advice for calls of ShellExecute():

| Make sure you provide an unambiguous definition of the application that is to
| be executed.
|
| * When providing the executable file's path, provide the fully...

Posted by Stefan Kanthak on Jun 05

Hi @ll,

the help text displayed by the command line "%COMSPEC% /?" as well as the
documentation <https://msdn.microsoft.com/en-us/library/cc771320.aspx> of
Windows' command processor CMD.EXE both state:

| * Executing registry subkeys
|
| If you do not specify /d in String, Cmd.exe looks for the following
| registry subkeys:
|
| HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun\REG_SZ
|
|...

Posted by Aaron Bishop on Jun 05

All issues are associated with *Castel NextGen DVR v1.0.0 *and have been
resolved in v1.0.1*.*

-------------------------------
*CVE-2020-11679
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11679>*

*Original Disclosure*
https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass

*Description*
A low privileged user can call functionality reserved for an Administrator
which promotes a low privileged account...

Posted by Eldar Marcussen on Jun 02

Sabberworm PHP CSS parser - Code injection
===============================================================================

Identifiers
-------------------------------------------------
* CVE-2020-13756

CVSSv3 score
-------------------------------------------------
8.6 - [AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L](
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L&version=3.1
)

Vendor...

Posted by Red Timmy Security on Jun 02

Original post:
https://www.redtimmy.com/java-hacking/apache-tomcat-rce-by-deserialization-cve-2020-9484-write-up-and-exploit/

SUMMARY

Apache Tomcat is affected by a Java deserialization vulnerability, if
the PersistentManager is configured as session manager. Successful
exploitation requires the attacker to be able to upload an arbitrary
file to the server.

AFFECTED VERSIONS

- Apache Tomcat 10.x < 10.0.0-M5
- Apache Tomcat 9.x <...

Posted by Marcin Kozlowski on Jun 02

Hi list,

Managed to reproduce BIAS (Bluetooth Impersonation Attack) CVE 2020-10135.
Impersonation of any previously paired and connected Bluetooth device in
vulnerable setup. Reproduction on Linux host and Samsung S3 Neo+ mobile.

More info in the repo:
https://github.com/marcinguy/CVE-2020-10135-BIAS

Link to original PoC author(s) is also there.

Thanks,
Marcin

Posted by Apple Product Security via Fulldisclosure on Jun 02

APPLE-SA-2020-06-01-4 watchOS 6.2.6

watchOS 6.2.6 is now available and addresses the following:

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-9859: unc0ver

Installation note:

Instructions on how to update your Apple Watch software are
available at...

Posted by Apple Product Security via Fulldisclosure on Jun 02

APPLE-SA-2020-06-01-3 tvOS 13.4.6

tvOS 13.4.6 is now available and addresses the following:

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-9859: unc0ver

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check...

Posted by Apple Product Security via Fulldisclosure on Jun 02

APPLE-SA-2020-06-01-2 macOS Catalina 10.15.5 Supplemental Update,
Security Update 2020-003 High Sierra

macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003
High Sierra are now available and address the following:

Kernel
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with...

Posted by Apple Product Security via Fulldisclosure on Jun 02

APPLE-SA-2020-06-01-1 iOS 13.5.1 and iPadOS 13.5.1

iOS 13.5.1 and iPadOS 13.5.1 are now available and address the
following:

Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-9859: unc0ver

Installation...

Posted by duykham on Jun 02

### Credit:
#### Author: duykham
#### Date: 2020-Apr-13

### Affected version:
Firefox 75.0 (64-bit), latest version as of 2020-Apr-13.
Google Chrome v81.0.4044.92 (64-bit) latest version as of 2020-Apr-13.
Platform: Windows 10

(As of my knowledge, until today 2020/05/31, there is no fix yet, later
versions are most likely affected, too).

### Title:
User's search term is accidentally sent to ISP without user's consent.

### Category:...

Posted by Thierry Zoller on May 29

Adapting the Mechanics of Vulnerability Disclosure to an area where
Privacy Rights need to be scrutinized and where transparency becomes
paramount.

Posted by Apple Product Security via Fulldisclosure on May 29

APPLE-SA-2020-05-26-4 tvOS 13.4.5

tvOS 13.4.5 addresses the following:

Accounts
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt

AppleMobileFileIntegrity
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to use...

Posted by Apple Product Security via Fulldisclosure on May 29

APPLE-SA-2020-05-26-11 Windows Migration Assistant 2.2.0.0 (v. 1A11)

Windows Migration Assistant 2.2.0.0 (v. 1A11) is now available and
addresses the following:

Windows Installer
Available for: macOS Catalina
Impact: Running the installer in an untrusted directory may result in
arbitrary code execution
Description: A dynamic library loading issue was addressed with
improved path searching.
CVE-2020-9858: Csaba Fitzl (@theevilbit) of Offensive...

Posted by Apple Product Security via Fulldisclosure on May 29

APPLE-SA-2020-05-26-10 iCloud for Windows 7.19

iCloud for Windows 7.19 is now available and addresses the following:

ImageIO
Available for: Windows 7 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab

ImageIO...