Security News

Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update

Security Focus Vulnerabilities - 9 min 37 sec ago
[SECURITY] [DSA 4269-1] postgresql-9.6 security update

Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update

Security Focus Vulnerabilities - 9 min 37 sec ago
[SECURITY] [DSA 4268-1] openjdk-8 security update

Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update

Security Focus Vulnerabilities - 9 min 37 sec ago
[SECURITY] [DSA 4267-1] kamailio security update

Bugtraq: [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

Security Focus Vulnerabilities - 9 min 37 sec ago
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

More rss feeds from SecurityFocus

Security Focus Vulnerabilities - 9 min 37 sec ago
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.

Full Disclosure - 21 November, 2019 - 17:49

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory -

Product Asterisk
Summary Re-invite with T.38 and malformed SDP causes crash.
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions
Severity Minor...

AST-2019-007: AMI user could execute system commands.

Full Disclosure - 21 November, 2019 - 17:49

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory - AST-2019-007

Product Asterisk
Summary AMI user could execute system commands.
Nature of Advisory Remote Code Execution
Susceptibility Remote Authenticated Sessions
Severity Minor...

AST-2019-006: SIP request can change address of a SIP peer.

Full Disclosure - 21 November, 2019 - 17:49

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory - AST-2019-006

Product Asterisk
Summary SIP request can change address of a SIP peer.
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor...

[slackware-security] bind (SSA:2019-324-01)

Bug Traq - 21 November, 2019 - 03:51

Posted by Slackware Security Team on Nov 21

[slackware-security] bind (SSA:2019-324-01)

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.11.13-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
Set a limit on the number of concurrently served pipelined TCP queries.
For more information, see:...

[SECURITY] [DSA 4574-1] redmine security update

Bug Traq - 20 November, 2019 - 02:31

Posted by Moritz Muehlenhoff on Nov 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4574-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : redmine
CVE ID : CVE-2019-17427 CVE-2019-18890...

CVE-2019-16758 Lexmark Services Monitor 2.27.4.0.39 Directory Traversal

Full Disclosure - 19 November, 2019 - 13:53

Posted by Kevin R on Nov 19

# Exploit Title: Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
# Google Dork: N/A
# Date: 2019-11-15
# Exploit Author: Kevin Randall
# Vendor Homepage: https://www.lexmark.com/en_us.html
# Software Link: https://www.lexmark.com/en_us.html
# Version: 2.27.4.0.39 (Latest Version)
# Tested on: Windows Server 2012
# CVE : CVE-2019-16758

Vulnerability: Lexmark Services Monitor (Version 2.27.4.0.39) Runs on
TCP Port 2070. The latest...

Re: A KEYNOTE REVIEW: Bluehat 2019 Alex Stamos

Daily Dave - 19 November, 2019 - 11:59

Posted by frank pound on Nov 19

Although not a 0-day buildroot[0] seems to use http to download its
tarballs. It would be interesting to see which of the many embedded devices
(like cubesats and rockets??) out there use buildroot or similar systems
akin to buildroot to construct their minimal linux kernel and linux
environments. Firmware updates etc. available as binary downloads might be
constructed with such a build system. I haven't done much research on this
other...

[SECURITY] [DSA 4572-1] slurm-llnl security update

Bug Traq - 19 November, 2019 - 03:30

Posted by Moritz Muehlenhoff on Nov 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4572-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : slurm-llnl
CVE ID : CVE-2019-12838

It was...

[SECURITY] [DSA 4573-1] symfony security update

Bug Traq - 19 November, 2019 - 03:27

Posted by Moritz Muehlenhoff on Nov 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4573-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : symfony
CVE ID : CVE-2019-18887 CVE-2019-18888...

[SECURITY] [DSA 4568-1] postgresql-common security update

Bug Traq - 18 November, 2019 - 08:23

Posted by Moritz Muehlenhoff on Nov 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4568-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-common
CVE ID : CVE-2019-3466

Rich...

[SECURITY] [DSA 4569-1] ghostscript security update

Bug Traq - 18 November, 2019 - 08:19

Posted by Salvatore Bonaccorso on Nov 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4569-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
November 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-14869

Manfred Paul...

[slackware-security] Slackware 14.2 kernel (SSA:2019-320-01)

Bug Traq - 18 November, 2019 - 08:18

Posted by Slackware Security Team on Nov 18

[slackware-security] Slackware 14.2 kernel (SSA:2019-320-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.202/*: Upgraded.
CRYPTO_CRC32C_INTEL m -> y
+X86_INTEL_TSX_MODE_AUTO n
+X86_INTEL_TSX_MODE_OFF y
+X86_INTEL_TSX_MODE_ON n
These updates fix various bugs and security issues,...

[SECURITY] [DSA 4570-1] mosquitto security update

Bug Traq - 18 November, 2019 - 08:14

Posted by Salvatore Bonaccorso on Nov 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4570-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
November 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mosquitto
CVE ID : CVE-2019-11779
Debian Bug :...

[SECURITY] [DSA 4571-1] thunderbird security update

Bug Traq - 18 November, 2019 - 08:10

Posted by Moritz Muehlenhoff on Nov 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4571-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-15903 CVE-2019-11764...

XSSer v.1.8[2] - "The Hiv3!" released

Full Disclosure - 18 November, 2019 - 00:14

Posted by psy on Nov 17

Hi FD,

I am glad to present a new release of this tool:

- https://xsser.03c8.net

---------

"Cross Site "Scripter" (aka XSSer) is an automatic -framework- to
detect, exploit and report XSS vulnerabilities in web-based
applications. It provides several options to try to bypass certain
filters and various special techniques for code injection."

---------

XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can...
Syndicate content