Security News

Vuln: Cisco IOS and IOS XE Software CVE-2018-0197 Denial of Service Vulnerability

Security Focus Vulnerabilities - 15 July, 2019 - 23:00
Cisco IOS and IOS XE Software CVE-2018-0197 Denial of Service Vulnerability

Vuln: Symantec Norton Password Manager CVE-2019-9700 IP Address Spoofing Vulnerability

Security Focus Vulnerabilities - 15 July, 2019 - 23:00
Symantec Norton Password Manager CVE-2019-9700 IP Address Spoofing Vulnerability

Vuln: Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 15 July, 2019 - 23:00
Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability

Vuln: OpenVPN CVE-2016-6329 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 15 July, 2019 - 23:00
OpenVPN CVE-2016-6329 Information Disclosure Vulnerability

Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

Security Focus Vulnerabilities - 15 July, 2019 - 23:00
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

Vuln: Pivotal Spring Security CVE-2019-11272 Authentication Bypass Vulnerability

Security Focus Vulnerabilities - 15 July, 2019 - 23:00
Pivotal Spring Security CVE-2019-11272 Authentication Bypass Vulnerability

Vuln: Linux Kernel 'crypto/af_alg.c' Use After Free Arbitrary Code Execution Vulnerability

Security Focus Vulnerabilities - 15 July, 2019 - 23:00
Linux Kernel 'crypto/af_alg.c' Use After Free Arbitrary Code Execution Vulnerability

Vuln: Moodle CVE-2019-10187 Security Bypass Vulnerability

Security Focus Vulnerabilities - 15 July, 2019 - 23:00
Moodle CVE-2019-10187 Security Bypass Vulnerability

Vuln: Schneider Electric Floating License Manager ICSA-19-192-07 Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 15 July, 2019 - 23:00
Schneider Electric Floating License Manager ICSA-19-192-07 Multiple Security Vulnerabilities

[SYSS-2019-024] FANUC Robotics Virtual Robot Controller - Stack-based Buffer Overflow (CWE-121)

Bug Traq - 15 July, 2019 - 12:51

Posted by Sebastian Hamann on Jul 15

Advisory ID: SYSS-2019-024
Product: FANUC Robotics Virtual Robot Controller
Manufacturer: FANUC Robotics America, Inc.
Affected Version(s): V8.23
Tested Version(s): V8.23
Vulnerability Type: Stack-based Buffer Overflow (CWE-121)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-05-22
Solution Date: ?
Public Disclosure: 2019-07-15
CVE Reference: CVE-2019-13585
Author of Advisory: Sebastian Hamann, SySS GmbH...

[SYSS-2019-025] FANUC Robotics Virtual Robot Controller - Path Traversal (CWE-22)

Bug Traq - 15 July, 2019 - 12:47

Posted by Sebastian Hamann on Jul 15

Advisory ID: SYSS-2019-025
Product: FANUC Robotics Virtual Robot Controller
Manufacturer: FANUC Robotics America, Inc.
Affected Version(s): V8.23
Tested Version(s): V8.23
Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2019-05-22
Solution Date: ?
Public Disclosure: 2019-07-15
CVE Reference: CVE-2019-13584
Author...

[slackware-security] bzip2 (SSA:2019-195-01)

Bug Traq - 15 July, 2019 - 02:45

Posted by Slackware Security Team on Jul 15

[slackware-security] bzip2 (SSA:2019-195-01)

New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bzip2-1.0.8-i586-1_slack14.2.txz: Upgraded.
Fixes security issues:
bzip2recover: Fix use after free issue with outFile.
Make sure nSelectors is not out of range.
For more information, see:...

[SECURITY] [DSA 4482-1] thunderbird security update

Bug Traq - 15 July, 2019 - 02:42

Posted by Moritz Muehlenhoff on Jul 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4482-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-9811 CVE-2019-11709...

[SECURITY] [DSA 4481-1] ruby-mini-magick security update

Bug Traq - 15 July, 2019 - 02:38

Posted by Salvatore Bonaccorso on Jul 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4481-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-mini-magick
CVE ID : CVE-2019-13574
Debian Bug...

Vuln: Google Chrome Prior to 75.0.3770.142 Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 14 July, 2019 - 23:00
Google Chrome Prior to 75.0.3770.142 Multiple Security Vulnerabilities

Vuln: GNU glibc CVE-2019-1010023 Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 14 July, 2019 - 23:00
GNU glibc CVE-2019-1010023 Remote Code Execution Vulnerability

Vuln: VideoLAN VLC CVE-2019-13602 Heap Based Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 13 July, 2019 - 23:00
VideoLAN VLC CVE-2019-13602 Heap Based Buffer Overflow Vulnerability

Reflected Cross-site Scripting Vulnerability in Ponzu CMS 0.9.4

Full Disclosure - 12 July, 2019 - 13:26

Posted by Daniel Bishtawi on Jul 12

Hello,

We are informing you about the vulnerabilities we reported in phpFK
lite-version.

*Information:*

Advisory by Netsparker
Name: Multiple Cross-site Scripting Vulnerabilities in phpFK
Affected Software: phpFK
Affected Versions: lite-version
Homepage: https://www.frank-karau.de/
Vulnerability: Reflected Cross-site Scripting
Severity: 7.4 High
Status: Not Fixed
CVSS Score (3.0): CVE-2017-18364
CVSS Score (3.0):...

[SECURITY] [DSA 4480-1] redis security update

Bug Traq - 12 July, 2019 - 03:39

Posted by Moritz Muehlenhoff on Jul 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4480-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : redis
CVE ID : CVE-2019-10192 CVE-2019-10193...

AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver

Bug Traq - 12 July, 2019 - 03:36

Posted by Asterisk Security Team on Jul 12

Asterisk Project Security Advisory - AST-2019-003

Product Asterisk
Summary Remote Crash Vulnerability in chan_sip channel
driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions...
Syndicate content