Security News

Vuln: Dnsmasq VU#973527 Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 14 May, 2019 - 23:00
Dnsmasq VU#973527 Multiple Security Vulnerabilities

Vuln: RETIRED: Multiple Siemens SCALANCE Products Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 14 May, 2019 - 23:00
RETIRED: Multiple Siemens SCALANCE Products Multiple Security Vulnerabilities

Vuln: Mozilla Firefox ESR CVE-2017-7843 Security Bypass Vulnerability

Security Focus Vulnerabilities - 14 May, 2019 - 23:00
Mozilla Firefox ESR CVE-2017-7843 Security Bypass Vulnerability

Vuln: Mozilla Firefox MFSA2017-27 Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 14 May, 2019 - 23:00
Mozilla Firefox MFSA2017-27 Multiple Security Vulnerabilities

Vuln: RETIRED: libssh2 'src/kex.c' Security Bypass Vulnerability

Security Focus Vulnerabilities - 14 May, 2019 - 23:00
RETIRED: libssh2 'src/kex.c' Security Bypass Vulnerability

Vuln: Drupal Novalnet Payment Module- Ubercart Module SQL Injection Vulnerability

Security Focus Vulnerabilities - 14 May, 2019 - 23:00
Drupal Novalnet Payment Module- Ubercart Module SQL Injection Vulnerability

Vuln: RETIRED: Drupal Novalnet Payment Module SQL Injection Vulnerability

Security Focus Vulnerabilities - 14 May, 2019 - 23:00
RETIRED: Drupal Novalnet Payment Module SQL Injection Vulnerability

Vuln: QNAP QTAP Qualcomm components Multiple Unspecified Security Vulnerabilities

Security Focus Vulnerabilities - 14 May, 2019 - 23:00
QNAP QTAP Qualcomm components Multiple Unspecified Security Vulnerabilities

[CVE-2018-7841] Schneider Electric U.Motion Builder <= 1.3.4 track_import_export.php object_id Unauthenticated Command Injection

Full Disclosure - 14 May, 2019 - 13:12

Posted by RCE Security on May 14

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Schneider Electric U.Motion Builder
Vendor URL: www.schneider-electric.com
Type: OS Command Injection [CWE-78]
Date found: 2018-11-15
Date published: 2019-05-13
CVSSv3 Score: 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE: CVE-2018-7841

2. CREDITS
==========
This vulnerability was discovered...

[CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services

Bug Traq - 14 May, 2019 - 09:07

Posted by joshua on May 14

===================
Title: [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity
Services
Author: Joshua Mulliken <joshua () mulliken net>
Thanks to: Carnegie Mellon University CERT Coordination Center
Date Found: Dec. 17, 2018
Vendor: Ellucian Company L.P.
Vendor Homepage: https://www.ellucian.com
Products: Banner Web Tailor and Banner Enterprise Identity Services
Web Tailor...

[SECURITY] [DSA 4443-1] samba security update

Bug Traq - 14 May, 2019 - 09:06

Posted by Salvatore Bonaccorso on May 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4443-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : samba
CVE ID : CVE-2018-16860

Isaac Boukris and...

[SECURITY] [DSA 4442-2] cups-filters regression update

Bug Traq - 14 May, 2019 - 09:03

Posted by Salvatore Bonaccorso on May 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4442-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : cups-filters
Debian Bug : 926576 928936 928952

The...

APPLE-SA-2019-5-13-5 Safari 12.1.1

Bug Traq - 14 May, 2019 - 09:01

Posted by Apple Product Security on May 14

APPLE-SA-2019-5-13-5 Safari 12.1.1

Safari 12.1.1 is now available and addresses the following:

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
included in macOS Mojave 10.14.5
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team...

[CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services

Bug Traq - 14 May, 2019 - 08:59

Posted by Joshua Mulliken on May 14

===================
Title: [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity
Services
Author: Joshua Mulliken <joshua () mulliken net>
Thanks to: Carnegie Mellon University CERT Coordination Center
Date Found: Dec. 17, 2018
Vendor: Ellucian Company L.P.
Vendor Homepage: https://www.ellucian.com
Products: Banner Web Tailor and Banner Enterprise Identity Services
Web Tailor...

APPLE-SA-2019-5-13-6 Apple TV Software 7.3

Bug Traq - 14 May, 2019 - 08:52

Posted by Apple Product Security on May 14

APPLE-SA-2019-5-13-6 Apple TV Software 7.3

Apple TV Software 7.3 is now available and addresses the following:

Bluetooth
Available for: Apple TV (3rd generation)
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2017-14315: Ben Seri and Gregory Vishnepolsky of Armis

Wi-Fi...

APPLE-SA-2019-5-13-4 watchOS 5.2.1

Bug Traq - 14 May, 2019 - 08:48

Posted by Apple Product Security on May 14

APPLE-SA-2019-5-13-4 watchOS 5.2.1

watchOS 5.2.1 is now available and addresses the following:

AppleFileConduit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)

CoreAudio
Available for: Apple Watch Series 1 and later
Impact: Processing a...

Video Teleconferencing for Fun and Profit

Daily Dave - 14 May, 2019 - 08:47

Posted by Dave Aitel on May 14

We were not going to release videos in this order, but since for some
reason everyone is suddenly interested in the security of various video
teleconferencing software, here is
Natalie Silvanovich's hilarious talk on the subject from just a couple
weeks ago at INFILTRATE 2019!
https://vimeo.com/335950239

Of course, if you want to attend or sponsor INFILTRATE 2020, now is the
time to get in (just email infiltrate () immunityinc com)! Diamond...

APPLE-SA-2019-5-13-3 tvOS 12.3

Bug Traq - 14 May, 2019 - 08:43

Posted by Apple Product Security on May 14

APPLE-SA-2019-5-13-3 tvOS 12.3

tvOS 12.3 is now available and addresses the following:

AppleFileConduit
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)

CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously...

APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra

Bug Traq - 14 May, 2019 - 08:40

Posted by Apple Product Security on May 14

APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update
2019-003 High Sierra, Security Update 2019-003 Sierra

macOS Mojave 10.14.5, Security Update 2019-003 High Sierra,
Security Update 2019-003 Sierra are now available and
addresses the following:

Accessibility Framework
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with...

APPLE-SA-2019-5-13-1 iOS 12.3

Bug Traq - 14 May, 2019 - 08:37

Posted by Apple Product Security on May 14

APPLE-SA-2019-5-13-1 iOS 12.3

iOS 12.3 is now available and addresses the following:

AppleFileConduit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)

Contacts
Available for: iPhone 5s and later, iPad...
Syndicate content