Security News

Bugtraq: Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Security Focus Vulnerabilities - 40 min 28 sec ago
Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Bugtraq: [SECURITY] [DSA 4633-1] curl security update

Security Focus Vulnerabilities - 40 min 28 sec ago
[SECURITY] [DSA 4633-1] curl security update

Bugtraq: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Security Focus Vulnerabilities - 40 min 28 sec ago
LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Bugtraq: Local information disclosure in OpenSMTPD (CVE-2020-8793)

Security Focus Vulnerabilities - 40 min 28 sec ago
Local information disclosure in OpenSMTPD (CVE-2020-8793)

More rss feeds from SecurityFocus

Security Focus Vulnerabilities - 40 min 28 sec ago
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Defense in depth -- the Microsoft way (part 69): security remarks are as futile as the qUACkery!

Full Disclosure - 5 June, 2020 - 11:31

Posted by Stefan Kanthak on Jun 05

Hi @ll,

the MSDN article "Security Considerations: Microsoft Windows Shell"
<https://msdn.microsoft.com/en-us/library/bb776776.aspx#shellexecute-shellexecuteex-and-related-functions>
provides since MANY years the following advice for calls of ShellExecute():

| Make sure you provide an unambiguous definition of the application that is to
| be executed.
|
| * When providing the executable file's path, provide the fully...

Defense in depth -- the Microsoft way (part 68): qUACkery is futile!

Full Disclosure - 5 June, 2020 - 11:31

Posted by Stefan Kanthak on Jun 05

Hi @ll,

the help text displayed by the command line "%COMSPEC% /?" as well as the
documentation <https://msdn.microsoft.com/en-us/library/cc771320.aspx> of
Windows' command processor CMD.EXE both state:

| * Executing registry subkeys
|
| If you do not specify /d in String, Cmd.exe looks for the following
| registry subkeys:
|
| HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun\REG_SZ
|
|...

Castel NextGen DVR multiple CVEs

Full Disclosure - 5 June, 2020 - 11:22

Posted by Aaron Bishop on Jun 05

All issues are associated with *Castel NextGen DVR v1.0.0 *and have been
resolved in v1.0.1*.*

-------------------------------
*CVE-2020-11679
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11679>*

*Original Disclosure*
https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass

*Description*
A low privileged user can call functionality reserved for an Administrator
which promotes a low privileged account...

Sabberworm PHP CSS parser - Code injection vulnerability

Full Disclosure - 3 June, 2020 - 01:04

Posted by Eldar Marcussen on Jun 02

Sabberworm PHP CSS parser - Code injection
===============================================================================

Identifiers
-------------------------------------------------
* CVE-2020-13756

CVSSv3 score
-------------------------------------------------
8.6 - [AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L](
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L&version=3.1
)

Vendor...

[CVE-2020-9484] Apache Tomcat RCE via PersistentManager

Full Disclosure - 3 June, 2020 - 01:03

Posted by Red Timmy Security on Jun 02

Original post:
https://www.redtimmy.com/java-hacking/apache-tomcat-rce-by-deserialization-cve-2020-9484-write-up-and-exploit/

SUMMARY

Apache Tomcat is affected by a Java deserialization vulnerability, if
the PersistentManager is configured as session manager. Successful
exploitation requires the attacker to be able to upload an arbitrary
file to the server.

AFFECTED VERSIONS

- Apache Tomcat 10.x < 10.0.0-M5
- Apache Tomcat 9.x <...

BIAS (Bluetooth Impersonation Attack) CVE 2020-10135 reproduction

Full Disclosure - 3 June, 2020 - 01:03

Posted by Marcin Kozlowski on Jun 02

Hi list,

Managed to reproduce BIAS (Bluetooth Impersonation Attack) CVE 2020-10135.
Impersonation of any previously paired and connected Bluetooth device in
vulnerable setup. Reproduction on Linux host and Samsung S3 Neo+ mobile.

More info in the repo:
https://github.com/marcinguy/CVE-2020-10135-BIAS

Link to original PoC author(s) is also there.

Thanks,
Marcin

APPLE-SA-2020-06-01-4 watchOS 6.2.6

Full Disclosure - 3 June, 2020 - 01:03

Posted by Apple Product Security via Fulldisclosure on Jun 02

APPLE-SA-2020-06-01-4 watchOS 6.2.6

watchOS 6.2.6 is now available and addresses the following:

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-9859: unc0ver

Installation note:

Instructions on how to update your Apple Watch software are
available at...

APPLE-SA-2020-06-01-3 tvOS 13.4.6

Full Disclosure - 3 June, 2020 - 01:03

Posted by Apple Product Security via Fulldisclosure on Jun 02

APPLE-SA-2020-06-01-3 tvOS 13.4.6

tvOS 13.4.6 is now available and addresses the following:

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-9859: unc0ver

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check...

APPLE-SA-2020-06-01-2 macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 High Sierra

Full Disclosure - 3 June, 2020 - 01:03

Posted by Apple Product Security via Fulldisclosure on Jun 02

APPLE-SA-2020-06-01-2 macOS Catalina 10.15.5 Supplemental Update,
Security Update 2020-003 High Sierra

macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003
High Sierra are now available and address the following:

Kernel
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with...

APPLE-SA-2020-06-01-1 iOS 13.5.1 and iPadOS 13.5.1

Full Disclosure - 3 June, 2020 - 01:03

Posted by Apple Product Security via Fulldisclosure on Jun 02

APPLE-SA-2020-06-01-1 iOS 13.5.1 and iPadOS 13.5.1

iOS 13.5.1 and iPadOS 13.5.1 are now available and address the
following:

Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-9859: unc0ver

Installation...

[Bug] Firefox privacy leakage: search term is sent to ISP without user's consent.

Full Disclosure - 3 June, 2020 - 01:03

Posted by duykham on Jun 02

### Credit:
#### Author: duykham
#### Date: 2020-Apr-13

### Affected version:
Firefox 75.0 (64-bit), latest version as of 2020-Apr-13.
Google Chrome v81.0.4044.92 (64-bit) latest version as of 2020-Apr-13.
Platform: Windows 10

(As of my knowledge, until today 2020/05/31, there is no fix yet, later
versions are most likely affected, too).

### Title:
User's search term is accidentally sent to ISP without user's consent.

### Category:...

[CDPWE-0001] - RocketReach

Full Disclosure - 29 May, 2020 - 12:25

Posted by Thierry Zoller on May 29

Adapting the Mechanics of Vulnerability Disclosure to an area where
Privacy Rights need to be scrutinized and where transparency becomes
paramount.

APPLE-SA-2020-05-26-4 tvOS 13.4.5

Full Disclosure - 29 May, 2020 - 12:21

Posted by Apple Product Security via Fulldisclosure on May 29

APPLE-SA-2020-05-26-4 tvOS 13.4.5

tvOS 13.4.5 addresses the following:

Accounts
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt

AppleMobileFileIntegrity
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to use...

APPLE-SA-2020-05-26-11 Windows Migration Assistant 2.2.0.0 (v. 1A11)

Full Disclosure - 29 May, 2020 - 12:21

Posted by Apple Product Security via Fulldisclosure on May 29

APPLE-SA-2020-05-26-11 Windows Migration Assistant 2.2.0.0 (v. 1A11)

Windows Migration Assistant 2.2.0.0 (v. 1A11) is now available and
addresses the following:

Windows Installer
Available for: macOS Catalina
Impact: Running the installer in an untrusted directory may result in
arbitrary code execution
Description: A dynamic library loading issue was addressed with
improved path searching.
CVE-2020-9858: Csaba Fitzl (@theevilbit) of Offensive...

APPLE-SA-2020-05-26-10 iCloud for Windows 7.19

Full Disclosure - 29 May, 2020 - 12:21

Posted by Apple Product Security via Fulldisclosure on May 29

APPLE-SA-2020-05-26-10 iCloud for Windows 7.19

iCloud for Windows 7.19 is now available and addresses the following:

ImageIO
Available for: Windows 7 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab

ImageIO...
Syndicate content