Security News

Vuln: Linux Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability

Security Focus Vulnerabilities - 21 July, 2019 - 23:00
Linux Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability

Re: local privilege escalation via CDE dtprintinfo

Full Disclosure - 19 July, 2019 - 00:13

Posted by Marco Ivaldi on Jul 18

Hi,

Just a quick follow-up to my original advisory. The CVE name CVE-2019-2832 has been assigned to the vulnerability and
Oracle has released a patch in its July 2019 CPU. Further information is available at:

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixSUNS
https://support.oracle.com/epmos/faces/DocContentDisplay?id=2560938.1

Once again, I would like to thank Jon Trulson (maintainer of the open...

Vuln: GNOME gvfs CVE-2019-12795 Local Authorization Bypass Vulnerability

Security Focus Vulnerabilities - 18 July, 2019 - 23:00
GNOME gvfs CVE-2019-12795 Local Authorization Bypass Vulnerability

Vuln: Squid CVE-2019-13345 Multiple Cross Site Scripting Vulnerabilities

Security Focus Vulnerabilities - 18 July, 2019 - 23:00
Squid CVE-2019-13345 Multiple Cross Site Scripting Vulnerabilities

Vuln: Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 18 July, 2019 - 23:00
Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

Vuln: Mozilla Firefox Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 18 July, 2019 - 23:00
Mozilla Firefox Multiple Security Vulnerabilities

CVE-2019-13577 / MAPLE Computer WBT SNMP Administrator v2.0.195.15 / Unauthenticated Remote Buffer Overflow Code Execution 0day

Bug Traq - 18 July, 2019 - 04:01

Posted by apparitionsec on Jul 18

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MAPLE-WBT-SNMP-ADMINISTRATOR-v2.0.195.15-REMOTE-BUFFER-OVERFLOW-CODE-EXECUTION-0DAY.txt
[+] ISR: Apparition Security

[Vendor]
www.computerlab.com

[Product]
MAPLE Computer WBT SNMP Administrator (Thin Client Administrator)
v2.0.195.15...

Vuln: CKEditor CVE-2018-9861 Cross Site Scripting Vulnerability

Security Focus Vulnerabilities - 17 July, 2019 - 23:00
CKEditor CVE-2018-9861 Cross Site Scripting Vulnerability

CVE-2019-2107 a.k.a "Hevcfright" Proof of Concept exploit (Denial of Service PoC)

Full Disclosure - 17 July, 2019 - 00:47

Posted by Marcin Kozlowski on Jul 16

Hi list,

Maybe you find this interesting. In July 2019 Android fixed several
critical bugs, including this one. I think "Hevcfright" (in reference to
Stagefright) is quite possible, with lot of effort, I guess. This video
will crash stock VideoPlayer in Android 7-9 without July 2019 Patch (
https://source.android.com/security/bulletin/2019-07-01). More here:
https://github.com/marcinguy/CVE-2019-2107/

Thanks,
Marcin

CVE-2019-13577 / MAPLE Computer WBT SNMP Administrator v2.0.195.15 / Unauthenticated Remote Buffer Overflow Code Execution 0day

Full Disclosure - 17 July, 2019 - 00:45

Posted by hyp3rlinx on Jul 16

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MAPLE-WBT-SNMP-ADMINISTRATOR-v2.0.195.15-REMOTE-BUFFER-OVERFLOW-CODE-EXECUTION-0DAY.txt
[+] ISR: Apparition Security

[Vendor]
www.computerlab.com

[Product]
MAPLE Computer WBT SNMP Administrator (Thin Client Administrator)
v2.0.195.15

https://www.computerlab.com/index.php/downloads/category/27-device-manager...

Re: Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity

Full Disclosure - 17 July, 2019 - 00:45

Posted by hyp3rlinx on Jul 16

[** CORRECTION Fixed Port Typo]

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Compiled HTML Help "hh.exe"

Microsoft Compiled HTML Help is a Microsoft proprietary online help format,
consisting of a...

Vuln: Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 16 July, 2019 - 23:00
Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability

Vuln: Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability

Security Focus Vulnerabilities - 16 July, 2019 - 23:00
Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability

Vuln: Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability

Security Focus Vulnerabilities - 16 July, 2019 - 23:00
Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability

Vuln: Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability

Security Focus Vulnerabilities - 16 July, 2019 - 23:00
Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability

Vuln: Apache CXF CVE-2018-8039 TLS Hostname Verification Security Bypass Vulnerability

Security Focus Vulnerabilities - 16 July, 2019 - 23:00
Apache CXF CVE-2018-8039 TLS Hostname Verification Security Bypass Vulnerability

Vuln: Perl Multiple Buffer Overflow Vulnerabilities

Security Focus Vulnerabilities - 16 July, 2019 - 23:00
Perl Multiple Buffer Overflow Vulnerabilities

Vuln: Apache Batik CVE-2018-8013 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 16 July, 2019 - 23:00
Apache Batik CVE-2018-8013 Information Disclosure Vulnerability

Vuln: Oracle MySQL Server Cpujul2019 Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 16 July, 2019 - 23:00
Oracle MySQL Server Cpujul2019 Multiple Security Vulnerabilities

Vuln: Multiple Dell EMC Products CVE-2018-11058 Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 16 July, 2019 - 23:00
Multiple Dell EMC Products CVE-2018-11058 Buffer Overflow Vulnerability
Syndicate content