Security News

Vuln: OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities

Security Focus Vulnerabilities - 10 September, 2019 - 23:00
OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities

Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update

Security Focus Vulnerabilities - 20 min 29 sec ago
[SECURITY] [DSA 4269-1] postgresql-9.6 security update

Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update

Security Focus Vulnerabilities - 20 min 29 sec ago
[SECURITY] [DSA 4268-1] openjdk-8 security update

Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update

Security Focus Vulnerabilities - 20 min 29 sec ago
[SECURITY] [DSA 4267-1] kamailio security update

Bugtraq: [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

Security Focus Vulnerabilities - 20 min 30 sec ago
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

More rss feeds from SecurityFocus

Security Focus Vulnerabilities - 20 min 30 sec ago
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

[CVE-2019-11604] Quest KACE Systems Management Appliance <= 9.0 kbot_service_notsoap.php METHOD Reflected Cross-Site Scripting

Full Disclosure - 24 May, 2019 - 12:23

Posted by RCE Security on May 24

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Quest KACE Systems Management Appliance
Vendor URL: www.quest.com
Type: Cross-Site Scripting [CWE-79]
Date found: 2018-09-09
Date published: 2019-05-19
CVSSv3 Score: 4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
CVE: CVE-2019-11604

2. CREDITS
==========
This vulnerability was discovered and...

Exploring the File System via Jenkins Credentials Plugin Vulnerability – CVE-2019-10320

Full Disclosure - 24 May, 2019 - 12:22

Posted by Nightwatch Cybersecurity Research on May 24

[Original blog post here:
https://wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320/]

SUMMARY

The recently fixed vulnerability in the Jenkins Credentials plugin
(v2.1.19) allowed users with certain permissions to confirm existence
of a file on the server’s file system. While this doesn’t allow an
attacker to view the file content, the ability to obtain...

[REVIVE-SA-2019-002] Revive Adserver Vulnerability

Full Disclosure - 24 May, 2019 - 12:21

Posted by Matteo Beccati via Fulldisclosure on May 24

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2019-002
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2019-002
------------------------------------------------------------------------
CVE-IDs: t.b.a.
Date: 2019-05-21
Risk Level: High...

New BlackArch Linux ISOs + OVA Image (2019.06.01) with 2200 Tools released

Full Disclosure - 24 May, 2019 - 12:20

Posted by Black Arch on May 24

Dear list,

We've released the new BlackArch Linux ISOs and OVA image (version:
2019.06.01) along with many many improvements. They include more than
2190 tools now. The armv6h, armv7h and aarch64 repositories are filled
with about 2100 tools.

A ChangeLog of the Live-ISO-2019.06.01:

- added more than 150 new tools
- added 'jedi-vim' plugin
- updated vim plugins
- included every tool of BlackArch except:...

CMS Made Simple 2.2.10 - (Authenticated) Persistent Cross-Site Scripting

Full Disclosure - 24 May, 2019 - 12:20

Posted by Manuel Garcia Cardenas on May 24

=============================================
MGC ALERT 2019-002
- Original release date: April 10, 2019
- Last revised: May 22, 2019
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
- CVE-ID: CVE-2019-11226
=============================================

I. VULNERABILITY
-------------------------
CMS Made Simple 2.2.10 - (Authenticated) Persistent Cross-Site Scripting

II. BACKGROUND
-------------------------
CMS Made...

Vuln: Adobe Flash Player CVE-2019-7837 Use After Free Arbitrary Code Execution Vulnerability

Security Focus Vulnerabilities - 23 May, 2019 - 23:00
Adobe Flash Player CVE-2019-7837 Use After Free Arbitrary Code Execution Vulnerability

Vuln: Multiple F-Secure Windows Endpoint Protection Products Local Code Execution Vulnerability

Security Focus Vulnerabilities - 23 May, 2019 - 23:00
Multiple F-Secure Windows Endpoint Protection Products Local Code Execution Vulnerability

Vuln: Multiple VMware Products CVE-2019-5519 Local Code Execution Vulnerability

Security Focus Vulnerabilities - 23 May, 2019 - 23:00
Multiple VMware Products CVE-2019-5519 Local Code Execution Vulnerability

[slackware-security] curl (SSA:2019-142-01)

Bug Traq - 23 May, 2019 - 03:14

Posted by Slackware Security Team on May 23

[slackware-security] curl (SSA:2019-142-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.65.0-i586-1_slack14.2.txz: Upgraded.
This release fixes the following security issues:
Integer overflows in curl_url_set
tftp: use the current blksize for recvfrom()
For more...

[CVE-2019-11604] Quest KACE Systems Management Appliance <= 9.0 kbot_service_notsoap.php METHOD Reflected Cross-Site Scripting

Bug Traq - 23 May, 2019 - 03:12

Posted by RCE Security on May 23

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Quest KACE Systems Management Appliance
Vendor URL: www.quest.com
Type: Cross-Site Scripting [CWE-79]
Date found: 2018-09-09
Date published: 2019-05-19
CVSSv3 Score: 4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
CVE: CVE-2019-11604

2. CREDITS
==========
This vulnerability was discovered and...

Bitbucket Server security advisory 2019-05-22

Bug Traq - 23 May, 2019 - 03:09

Posted by Anton Black on May 23

This email refers to the advisory found at
https://confluence.atlassian.com/x/V87JOQ .

CVE ID:

* CVE-2019-3397.

Product: Bitbucket Server.

Affected Bitbucket Server product versions:

5.13.0 <= version < 5.13.5
5.14.0 <= version < 5.14.3
5.15.0 <= version < 5.5.2
6.0.0 <= version < 6.0.3
6.1.0 <= version < 6.1.1

Fixed Bitbucket Server product versions:

* for 5.13.x, Bitbucket Server 5.13.5 has been released...

[SECURITY] [DSA 4449-1] ffmpeg security update

Bug Traq - 23 May, 2019 - 03:09

Posted by Moritz Muehlenhoff on May 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-4449-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 22, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ffmpeg
CVE ID : CVE-2018-15822 CVE-2018-1999011...

[SECURITY] [DSA 4448-1] firefox-esr security update

Bug Traq - 23 May, 2019 - 03:03

Posted by Moritz Muehlenhoff on May 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-4448-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 22, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2018-18511 CVE-2019-5798...

Anviz M3 RFID Access Control security issues

Bug Traq - 23 May, 2019 - 03:00

Posted by Marco on May 23

Security issues have been found in the Anviz M3 RFID Access Control
device when working in standalone mode connected to a TCP/IP network,
that could lead to access control bypass and private informations
leakage and alteration.

### Advisory information

TITLE: Anviz M3 RFID Access Control security issues
ADVISORY URL: https://github.com/wizlab-it/anviz-m3-rfid-cve-2019-11523-poc/
DATE PUBLISHED: 2019/05/22
AFFECTED VENDORS: Anviz
AFFECTED...
Syndicate content