Security News

APPLE-SA-2019-5-28-2 iCloud for Windows 7.12

Full Disclosure - 29 May, 2019 - 21:03

Posted by Apple Product Security via Fulldisclosure on May 29

APPLE-SA-2019-5-28-2 iCloud for Windows 7.12

iCloud for Windows 7.12 is now available and addresses the following:

SQLite
Available for: Windows 7 and later
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved
memory handling.
CVE-2019-8577: Omer Gull of Checkpoint Research

SQLite
Available for: Windows 7 and later
Impact: A maliciously crafted SQL query may lead to...

Local Privilege Escalation via Serv-U FTP Server

Full Disclosure - 29 May, 2019 - 21:03

Posted by Chris on May 29

Issue: Local Privilege Escalation
CVE: CVE-2018-19999
Security researcher: Chris Moberly @ The Missing Link Security
Product name: Serv-U FTP Server
Product version: Tested on 15.1.6.25 (current as of Dec 2018)
Fixed in: 15.1.7

# Overview
The Serv-U FTP Server is vulnerable to authentication bypass leading to
privilege escalation in Windows operating environments due to broken...

[SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257)

Full Disclosure - 29 May, 2019 - 20:54

Posted by Matthias Deeg on May 29

Advisory ID: SYSS-2019-014
Product: LOGO!
Manufacturer: Siemens
Affected Version(s): LOGO! 8 (all versions)
Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03
Vulnerability Type: Storing Passwords in a Recoverable Format (CWE-257)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-04-04
Solution Date: 2019-05-14 (recommended mitigation by manufacturer)
Public Disclosure: 2019-05-29
CVE Reference:...

[SYSS-2019-013]: Siemens LOGO! 8 - Missing Authentication for Critical Function (CWE-306)

Full Disclosure - 29 May, 2019 - 20:54

Posted by Matthias Deeg on May 29

Advisory ID: SYSS-2020-013
Product: LOGO!
Manufacturer: Siemens
Affected Version(s): LOGO! 8 (all versions)
Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03
Vulnerability Type: Missing Authentication for Critical Function (CWE-306)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-04-04
Solution Date: 2019-05-14 (recommended mitigation by manufacturer)
Public Disclosure: 2019-05-29
CVE Reference:...

[SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321)

Full Disclosure - 29 May, 2019 - 20:54

Posted by Matthias Deeg on May 29

Advisory ID: SYSS-2019-012
Product: LOGO!
Manufacturer: Siemens
Affected Version(s): LOGO! 8 (all versions)
Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-04-04
Solution Date: 2019-05-14 (recommended mitigation by manufacturer)
Public Disclosure: 2019-05-29
CVE Reference:...

CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication

Full Disclosure - 29 May, 2019 - 20:54

Posted by Kevin Kotas via Fulldisclosure on May 29

CA20190523-01: Security Notice for CA Risk Authentication and CA
Strong Authentication

Issued: May 23, 2019
Last Updated: May 23, 2019

The Support team for CA Technologies, A Broadcom Company, is alerting
customers to multiple potential risks with CA Risk Authentication and
CA Strong Authentication. Multiple vulnerabilities exist that can
allow a remote attacker to gain additional access in certain
configurations or possibly gain sensitive...

Cross-site Scripting Vulnerabilities in VFront 0.99.5

Full Disclosure - 29 May, 2019 - 20:49

Posted by Daniel Bishtawi on May 29

Hello,

We are informing you about the vulnerabilities we reported in VFront 0.99.5.

Here are the details:

Advisory by Netsparker
Name: Multiple Reflected Cross-site Scripting in VFront 0.99.5
Affected Software: VFront
Affected Versions: 0.99.5
Homepage: http://www.vfront.org/
Vulnerability: Reflected Cross-site Scripting
Severity: High
Status: Fixed
CVE-ID: CVE-2019-9839
CVSS Score (3.0): 7.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N...

Reflected Cross-site Scripting Vulnerability in Kanboard 1.2.7

Full Disclosure - 29 May, 2019 - 20:48

Posted by Daniel Bishtawi on May 29

Hello,

We are informing you about the vulnerabilities we reported in Kanboard
1.2.7.

Here are the details:

Advisory by Netsparker
Name: Reflected Cross-site Scripting in Kanboard
Affected Software: Kanboard
Affected Versions: 1.2.7
Homepage: https://kanboard.org/
Vulnerability: Reflected Cross-site Scripting
Severity: Medium
Status: Fixed
CVE-ID: CVE-2019-7324
CVSS Score (3.0): VA:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Netsparker Advisory Reference:...

[SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257)

Bug Traq - 29 May, 2019 - 02:34

Posted by matthias . deeg on May 29

Advisory ID: SYSS-2019-014
Product: LOGO!
Manufacturer: Siemens
Affected Version(s): LOGO! 8 (all versions)
Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03
Vulnerability Type: Storing Passwords in a Recoverable Format (CWE-257)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-04-04
Solution Date: 2019-05-14 (recommended mitigation by manufacturer)
Public Disclosure: 2019-05-29
CVE Reference:...

[SYSS-2019-013]: Siemens LOGO! 8 - Missing Authentication for Critical Function (CWE-306)

Bug Traq - 29 May, 2019 - 02:30

Posted by matthias . deeg on May 29

Advisory ID: SYSS-2019-013
Product: LOGO!
Manufacturer: Siemens
Affected Version(s): LOGO! 8 (all versions)
Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03
Vulnerability Type: Missing Authentication for Critical Function (CWE-306)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-04-04
Solution Date: 2019-05-14 (recommended mitigation by manufacturer)
Public Disclosure: 2019-05-29
CVE Reference:...

[SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321)

Bug Traq - 29 May, 2019 - 02:27

Posted by matthias . deeg on May 29

Advisory ID: SYSS-2019-012
Product: LOGO!
Manufacturer: Siemens
Affected Version(s): LOGO! 8 (all versions)
Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-04-04
Solution Date: 2019-05-14 (recommended mitigation by manufacturer)
Public Disclosure: 2019-05-29
CVE Reference:...

APPLE-SA-2019-5-28-1 iTunes for Windows 12.9.5

Bug Traq - 28 May, 2019 - 23:41

Posted by Apple Product Security on May 28

APPLE-SA-2019-5-28-1 iTunes for Windows 12.9.5

iTunes for Windows 12.9.5 is now available and addresses the
following:

SQLite
Available for: Windows 7 and later
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved
memory handling.
CVE-2019-8577: Omer Gull of Checkpoint Research

SQLite
Available for: Windows 7 and later
Impact: A maliciously crafted SQL query may lead...

APPLE-SA-2019-5-28-2 iCloud for Windows 7.12

Bug Traq - 28 May, 2019 - 23:38

Posted by Apple Product Security on May 28

APPLE-SA-2019-5-28-2 iCloud for Windows 7.12

iCloud for Windows 7.12 is now available and addresses the following:

SQLite
Available for: Windows 7 and later
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved
memory handling.
CVE-2019-8577: Omer Gull of Checkpoint Research

SQLite
Available for: Windows 7 and later
Impact: A maliciously crafted SQL query may lead to...

Vuln: Oracle VM VirtualBox Mulltiple Local Security Vulnerabilities

Security Focus Vulnerabilities - 28 May, 2019 - 23:00
Oracle VM VirtualBox Mulltiple Local Security Vulnerabilities

Vuln: Emerson Ovation OCR400 Controller Stack Buffer Overflow and Heap Buffer Overflow Vulnerabilities

Security Focus Vulnerabilities - 27 May, 2019 - 23:00
Emerson Ovation OCR400 Controller Stack Buffer Overflow and Heap Buffer Overflow Vulnerabilities

Vuln: WebKit Information Disclosure and Multiple Memory Corruption Vulnerabilities

Security Focus Vulnerabilities - 27 May, 2019 - 23:00
WebKit Information Disclosure and Multiple Memory Corruption Vulnerabilities

Vuln: WAGO Series 750-88x and 750-87x ICSA-19-106-02 Remote Security Vulnerability

Security Focus Vulnerabilities - 27 May, 2019 - 23:00
WAGO Series 750-88x and 750-87x ICSA-19-106-02 Remote Security Vulnerability

Crowd Security Advisory - 2019-05-22

Bug Traq - 27 May, 2019 - 03:23

Posted by Atlassian on May 27

This email refers to the advisory found at
https://confluence.atlassian.com/x/3ADVOQ .

CVE ID:

* CVE-2019-11580.

Product: Crowd and Crowd Data Center.

Affected Crowd and Crowd Data Center product versions:

2.1.0 <= version < 3.0.5
3.1.0 <= version < 3.1.6
3.2.0 <= version < 3.2.8
3.3.0 <= version < 3.3.5
3.4.0 <= version < 3.4.4

Fixed Crowd and Crowd Data Center product versions:

* Crowd and Crowd Data Center...

[SECURITY] [DSA 4452-1] jackson-databind security update

Bug Traq - 27 May, 2019 - 03:19

Posted by Moritz Muehlenhoff on May 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-4452-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jackson-databind
CVE ID : CVE-2018-11307...

[SECURITY] [DSA 4451-1] thunderbird security update

Bug Traq - 27 May, 2019 - 03:17

Posted by Moritz Muehlenhoff on May 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-4451-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2018-18511 CVE-2019-5798...
Syndicate content