Security News

Chrome heap buffer overflow in freetype2 CVE-2020-15999

Full Disclosure - 30 October, 2020 - 11:42

Posted by Marcin Kozlowski on Oct 30

Hi list,

Debugged this issue, but somehow cannot trigger the crash in Chrome.

Seems like the font is loaded without correct flags or it was different
font I saw in debugger :)

Anybody had sucess witht this bug? Feel free to reply here or DM.

My notes:

https://github.com/marcinguy/CVE-2020-15999

Thanks,

Deana Shick on INFILTRATE ONLINE

Daily Dave - 30 October, 2020 - 08:48

Posted by Dave Aitel via Dailydave on Oct 30

Happy Friday! For those of you who enjoy laughing at my video editing job
or want to learn about how big companies do vulnerability management "at
scale" or what the alternatives are to CVSS, we've recently published a new
fifteen minute video: https://vimeo.com/473562240 .

-dave

[CVE-2020-25204] God Kings "com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver" Improper Authorization Allowing In-Game Notification Spoofing

Full Disclosure - 27 October, 2020 - 12:49

Posted by Julien Ahrens (RCE Security) on Oct 27

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: God Kings
Vendor URL: https://play.google.com/store/apps/details?id=com.innogames.gkandroid
Type: Improper Verification of Intent by Broadcast Receiver [CWE-925]
Date found: 2020-09-07
Date published: 2020-10-25
CVSSv3 Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2020-25204

2....

Bugtraq: Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Security Focus Vulnerabilities - 26 October, 2020 - 10:40
Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Bugtraq: [SECURITY] [DSA 4633-1] curl security update

Security Focus Vulnerabilities - 26 October, 2020 - 10:40
[SECURITY] [DSA 4633-1] curl security update

Bugtraq: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Security Focus Vulnerabilities - 26 October, 2020 - 10:40
LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Bugtraq: Local information disclosure in OpenSMTPD (CVE-2020-8793)

Security Focus Vulnerabilities - 26 October, 2020 - 10:40
Local information disclosure in OpenSMTPD (CVE-2020-8793)

More rss feeds from SecurityFocus

Security Focus Vulnerabilities - 26 October, 2020 - 10:40
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

CVE-2020-24990 Q-SYS <= 8.2.1 TFTP Directory Traversal

Full Disclosure - 23 October, 2020 - 12:49

Posted by Kevin R on Oct 23

files through a TFTP GET request

Use CVE-2020-24990.

Unicorn Emulator 1.0.2 is out!

Full Disclosure - 23 October, 2020 - 12:47

Posted by Nguyen Anh Quynh on Oct 23

Greetings!

We are very happy to announce version 1.0.2 of Unicorn Emulator!

It has been more than 3.5 years since the last major update, and this
version marks 5 year of Unicorn. Such a long journey for an open
source project! That is really exciting to see our magical animal
having more and more impact in both academia community and the
cybersecurity industry.

This version fixes various issues of v1.0.1, adds some new API and
introduces more...

SEC Consult SA-20201023-0 :: Multiple Vulnerabilities in PubliXone

Full Disclosure - 23 October, 2020 - 09:31

Posted by SEC Consult Vulnerability Lab on Oct 23

SEC Consult Vulnerability Lab Security Advisory < 20201023-0 >
=======================================================================
title: PubliXone - Multiple Vulnerabilities
product: konzept-ix publiXone
vulnerable version: 2019.045
fixed version: 2020.015
CVE number: CVE-2020-27179, CVE-2020-27183, CVE-2020-27180,
CVE-2020-27181, CVE-2020-27182
impact:...

VL 2020-10-22 - German Bundeswehr starts own Responsible Disclosure Program (VDPBw)

Full Disclosure - 22 October, 2020 - 03:55

Posted by Vulnerability Lab on Oct 22

Title: German Bundeswehr starts own Responsible Disclosure Program (VDPBw)

Link:
https://www.vulnerability-db.com/?q=articles/2020/10/22/german-bundeswehr-starts-own-responsible-disclosure-program-vdpbw

[RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton

Full Disclosure - 21 October, 2020 - 05:49

Posted by RedTeam Pentesting GmbH on Oct 21

Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton

RedTeam Pentesting discovered a vulnerability in the BigBlueButton web
conferencing system which allows participants of a conference with
permissions to upload presentations to read arbitrary files from the
file system and perform server-side requests. This leads to
administrative access to the BigBlueButton instance.

Details
=======

Product: BigBlueButton...

Re: Google's Android: remote install backdoor in Google Play Services

Full Disclosure - 20 October, 2020 - 12:41

Posted by Pedro Cunha on Oct 20

I don't see how this is an "on-purpose backdoor". As far as I know, this
feature is used so you can install Android apps on your phone via the web
interface on another device (like a desktop) logged into the same Google
account, via the Play Store.

Re: Google's Android: remote install backdoor in Google Play Services

Full Disclosure - 20 October, 2020 - 12:38

Posted by Michael Lazin on Oct 20

I do see the point and even though it is not a deliberate back door the end
result is if your google account is compromised and an attacker wants to be
sneaky they could push software to your android device without
your permission. Given the history of malware found in the play store I
would recommend making a feature request to google to notify you if someone
pushes software from the web from a previously unknown IP. If you don't
want to...

LISTSERV Maestro Remote Code Execution Vulnerability

Full Disclosure - 20 October, 2020 - 12:37

Posted by Ryan Wincey on Oct 20

Document Title:

===============

LISTSERV Maestro Remote Code Execution Vulnerability

References (Source):

====================

https://www.securifera.com/advisories/sec-2020-0001/

https://www.lsoft.com/products/maestro.asp

Release Date:

=============

2020-10-20

Product & Service Introduction:

===============================

LISTSERV Maestro is an enterprise email marketing solution and allows you to
easily engage your subscribers...

Re: Google's Android: remote install backdoor in Google Play Services

Full Disclosure - 20 October, 2020 - 12:37

Posted by Adrian Sanabria on Oct 20

If I recall correctly, iOS and MacOS work in much the same way. They can
push and remove software from devices at will. There are precedents of
Google and Apple using this power, generally to get rid of malware that
made it past app store detection and review mechanisms.

This isn't anything new and it has been standardized across both major
mobile platforms. Of course, that doesn't mean there aren't legal
implications, I'm...

Things to Watch!

Daily Dave - 19 October, 2020 - 08:35

Posted by Dave Aitel via Dailydave on Oct 19

It's MONDAY, and I wanted to send over the shorts we did with Chris Eng and
Ben Edwards. I think there's a lot of value in a robust question and answer
session with paper authors. Too often papers are supposed to stand on their
own without any real discussion.

(PHP IS DOUBLE PLUS UNGOOD)
https://vimeo.com/457850389/373c907909

(CVSS, an INTRODUCTION TO FAIL)
https://vimeo.com/454453494/330060fbb2

(XXE)
https://vimeo.com/464273744...

[RT-SA-2020-003] FRITZ!Box DNS Rebinding Protection Bypass

Full Disclosure - 19 October, 2020 - 07:18

Posted by RedTeam Pentesting GmbH on Oct 19

Advisory: FRITZ!Box DNS Rebinding Protection Bypass

RedTeam Pentesting discovered a vulnerability in FRITZ!Box router
devices which allows to resolve DNS answers that point to IP addresses
in the private local network, despite the DNS rebinding protection
mechanism.

Details
=======

Product: FRITZ!Box 7490 and potentially others
Affected Versions: 7.20 and below
Fixed Versions: >= 7.21
Vulnerability Type: Bypass
Security Risk: low
Vendor...
Syndicate content