Security News
Vuln: Dnsmasq VU#973527 Multiple Security Vulnerabilities
Dnsmasq VU#973527 Multiple Security Vulnerabilities
Vuln: RETIRED: Multiple Siemens SCALANCE Products Multiple Security Vulnerabilities
RETIRED: Multiple Siemens SCALANCE Products Multiple Security Vulnerabilities
Vuln: Mozilla Firefox ESR CVE-2017-7843 Security Bypass Vulnerability
Mozilla Firefox ESR CVE-2017-7843 Security Bypass Vulnerability
Vuln: Mozilla Firefox MFSA2017-27 Multiple Security Vulnerabilities
Mozilla Firefox MFSA2017-27 Multiple Security Vulnerabilities
Vuln: RETIRED: libssh2 'src/kex.c' Security Bypass Vulnerability
RETIRED: libssh2 'src/kex.c' Security Bypass Vulnerability
Vuln: Drupal Novalnet Payment Module- Ubercart Module SQL Injection Vulnerability
Drupal Novalnet Payment Module- Ubercart Module SQL Injection Vulnerability
Vuln: RETIRED: Drupal Novalnet Payment Module SQL Injection Vulnerability
RETIRED: Drupal Novalnet Payment Module SQL Injection Vulnerability
Vuln: QNAP QTAP Qualcomm components Multiple Unspecified Security Vulnerabilities
QNAP QTAP Qualcomm components Multiple Unspecified Security Vulnerabilities
[CVE-2018-7841] Schneider Electric U.Motion Builder <= 1.3.4 track_import_export.php object_id Unauthenticated Command Injection
Posted by RCE Security on May 14
RCE Security Advisoryhttps://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Schneider Electric U.Motion Builder
Vendor URL: www.schneider-electric.com
Type: OS Command Injection [CWE-78]
Date found: 2018-11-15
Date published: 2019-05-13
CVSSv3 Score: 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE: CVE-2018-7841
2. CREDITS
==========
This vulnerability was discovered...
[CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services
Posted by joshua on May 14
===================Title: [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity
Services
Author: Joshua Mulliken <joshua () mulliken net>
Thanks to: Carnegie Mellon University CERT Coordination Center
Date Found: Dec. 17, 2018
Vendor: Ellucian Company L.P.
Vendor Homepage: https://www.ellucian.com
Products: Banner Web Tailor and Banner Enterprise Identity Services
Web Tailor...
[SECURITY] [DSA 4443-1] samba security update
Posted by Salvatore Bonaccorso on May 14
-------------------------------------------------------------------------Debian Security Advisory DSA-4443-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : samba
CVE ID : CVE-2018-16860
Isaac Boukris and...
[SECURITY] [DSA 4442-2] cups-filters regression update
Posted by Salvatore Bonaccorso on May 14
-------------------------------------------------------------------------Debian Security Advisory DSA-4442-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : cups-filters
Debian Bug : 926576 928936 928952
The...
APPLE-SA-2019-5-13-5 Safari 12.1.1
Posted by Apple Product Security on May 14
APPLE-SA-2019-5-13-5 Safari 12.1.1Safari 12.1.1 is now available and addresses the following:
WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
included in macOS Mojave 10.14.5
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team...
[CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services
Posted by Joshua Mulliken on May 14
===================Title: [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity
Services
Author: Joshua Mulliken <joshua () mulliken net>
Thanks to: Carnegie Mellon University CERT Coordination Center
Date Found: Dec. 17, 2018
Vendor: Ellucian Company L.P.
Vendor Homepage: https://www.ellucian.com
Products: Banner Web Tailor and Banner Enterprise Identity Services
Web Tailor...
APPLE-SA-2019-5-13-6 Apple TV Software 7.3
Posted by Apple Product Security on May 14
APPLE-SA-2019-5-13-6 Apple TV Software 7.3Apple TV Software 7.3 is now available and addresses the following:
Bluetooth
Available for: Apple TV (3rd generation)
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2017-14315: Ben Seri and Gregory Vishnepolsky of Armis
Wi-Fi...
APPLE-SA-2019-5-13-4 watchOS 5.2.1
Posted by Apple Product Security on May 14
APPLE-SA-2019-5-13-4 watchOS 5.2.1watchOS 5.2.1 is now available and addresses the following:
AppleFileConduit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)
CoreAudio
Available for: Apple Watch Series 1 and later
Impact: Processing a...
Video Teleconferencing for Fun and Profit
Posted by Dave Aitel on May 14
We were not going to release videos in this order, but since for somereason everyone is suddenly interested in the security of various video
teleconferencing software, here is
Natalie Silvanovich's hilarious talk on the subject from just a couple
weeks ago at INFILTRATE 2019!
https://vimeo.com/335950239
Of course, if you want to attend or sponsor INFILTRATE 2020, now is the
time to get in (just email infiltrate () immunityinc com)! Diamond...
APPLE-SA-2019-5-13-3 tvOS 12.3
Posted by Apple Product Security on May 14
APPLE-SA-2019-5-13-3 tvOS 12.3tvOS 12.3 is now available and addresses the following:
AppleFileConduit
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously...
APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra
Posted by Apple Product Security on May 14
APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update2019-003 High Sierra, Security Update 2019-003 Sierra
macOS Mojave 10.14.5, Security Update 2019-003 High Sierra,
Security Update 2019-003 Sierra are now available and
addresses the following:
Accessibility Framework
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with...
APPLE-SA-2019-5-13-1 iOS 12.3
Posted by Apple Product Security on May 14
APPLE-SA-2019-5-13-1 iOS 12.3iOS 12.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)
Contacts
Available for: iPhone 5s and later, iPad...
