Security News

Vuln: Samba CVE-2018-16860 Man in the Middle Security Bypass Vulnerability

Security Focus Vulnerabilities - 13 May, 2019 - 23:00
Samba CVE-2018-16860 Man in the Middle Security Bypass Vulnerability

Vuln: Microsoft Office Access Connectivity Engine CVE-2019-0945 Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 13 May, 2019 - 23:00
Microsoft Office Access Connectivity Engine CVE-2019-0945 Remote Code Execution Vulnerability

Vuln: SAP Solution Manager CVE-2019-0293 Remote Authorization Bypass Vulnerability

Security Focus Vulnerabilities - 13 May, 2019 - 23:00
SAP Solution Manager CVE-2019-0293 Remote Authorization Bypass Vulnerability

Vuln: Adobe Acrobat and Reader APSB19-18 Multiple Information Disclosure Vulnerabilities

Security Focus Vulnerabilities - 13 May, 2019 - 23:00
Adobe Acrobat and Reader APSB19-18 Multiple Information Disclosure Vulnerabilities

Vuln: Adobe Acrobat and Reader Use After Free Multiple Arbitrary Code Execution Vulnerabilities

Security Focus Vulnerabilities - 13 May, 2019 - 23:00
Adobe Acrobat and Reader Use After Free Multiple Arbitrary Code Execution Vulnerabilities

Vuln: Adobe Acrobat and Reader APSB19-18 Multiple Arbitrary Code Execution Vulnerabilities

Security Focus Vulnerabilities - 13 May, 2019 - 23:00
Adobe Acrobat and Reader APSB19-18 Multiple Arbitrary Code Execution Vulnerabilities

Vuln: Adobe Acrobat and Reader CVE-2019-7824 Arbitrary Code Execution Vulnerability

Security Focus Vulnerabilities - 13 May, 2019 - 23:00
Adobe Acrobat and Reader CVE-2019-7824 Arbitrary Code Execution Vulnerability

Vuln: Adobe Acrobat and Reader APSB19-18 Multiple Arbitrary Code Execution Vulnerabilities

Security Focus Vulnerabilities - 13 May, 2019 - 23:00
Adobe Acrobat and Reader APSB19-18 Multiple Arbitrary Code Execution Vulnerabilities

Vuln: Adobe Acrobat and Reader CVE-2019-7784 Arbitrary Code Execution Vulnerability

Security Focus Vulnerabilities - 13 May, 2019 - 23:00
Adobe Acrobat and Reader CVE-2019-7784 Arbitrary Code Execution Vulnerability

Vuln: SAP BusinessObjects Business Intelligence CVE-2019-0289 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 13 May, 2019 - 23:00
SAP BusinessObjects Business Intelligence CVE-2019-0289 Information Disclosure Vulnerability

Vuln: SAP Treasury and Risk Management CVE-2019-0280 Unauthorized Access Vulnerability

Security Focus Vulnerabilities - 13 May, 2019 - 23:00
SAP Treasury and Risk Management CVE-2019-0280 Unauthorized Access Vulnerability

Vuln: SAP Identity Management CVE-2019-0301 Remote Privilege Escalation Vulnerability

Security Focus Vulnerabilities - 13 May, 2019 - 23:00
SAP Identity Management CVE-2019-0301 Remote Privilege Escalation Vulnerability

Re: System Down: A systemd-journald exploit

Full Disclosure - 13 May, 2019 - 13:20

Posted by Qualys Security Advisory on May 13

Hi all,

Our systemd-journald exploit for CVE-2018-16865 and CVE-2018-16866 is
now available at:

https://www.qualys.com/2019/05/09/system-down/system-down.tar.gz

It is also attached to this email. A few notes about this exploit:

- It supports several targets by default (vulnerable versions of Debian,
Ubuntu, Fedora, CentOS), and it should be relatively easy to add more
targets.

- When adding a new amd64 target, use the...

APPLE-SA-2019-5-13-5 Safari 12.1.1

Full Disclosure - 13 May, 2019 - 13:19

Posted by Apple Product Security via Fulldisclosure on May 13

APPLE-SA-2019-5-13-5 Safari 12.1.1

Safari 12.1.1 is now available and addresses the following:

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
included in macOS Mojave 10.14.5
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team...

APPLE-SA-2019-5-13-6 Apple TV Software 7.3

Full Disclosure - 13 May, 2019 - 13:19

Posted by Apple Product Security via Fulldisclosure on May 13

APPLE-SA-2019-5-13-6 Apple TV Software 7.3

Apple TV Software 7.3 is now available and addresses the following:

Bluetooth
Available for: Apple TV (3rd generation)
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2017-14315: Ben Seri and Gregory Vishnepolsky of Armis

Wi-Fi...

APPLE-SA-2019-5-13-4 watchOS 5.2.1

Full Disclosure - 13 May, 2019 - 13:19

Posted by Apple Product Security via Fulldisclosure on May 13

APPLE-SA-2019-5-13-4 watchOS 5.2.1

watchOS 5.2.1 is now available and addresses the following:

AppleFileConduit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)

CoreAudio
Available for: Apple Watch Series 1 and later
Impact: Processing a...

APPLE-SA-2019-5-13-3 tvOS 12.3

Full Disclosure - 13 May, 2019 - 13:19

Posted by Apple Product Security via Fulldisclosure on May 13

APPLE-SA-2019-5-13-3 tvOS 12.3

tvOS 12.3 is now available and addresses the following:

AppleFileConduit
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)

CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously...

APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra

Full Disclosure - 13 May, 2019 - 13:19

Posted by Apple Product Security via Fulldisclosure on May 13

APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update
2019-003 High Sierra, Security Update 2019-003 Sierra

macOS Mojave 10.14.5, Security Update 2019-003 High Sierra,
Security Update 2019-003 Sierra are now available and
addresses the following:

Accessibility Framework
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with...

APPLE-SA-2019-5-13-1 iOS 12.3

Full Disclosure - 13 May, 2019 - 13:19

Posted by Apple Product Security via Fulldisclosure on May 13

APPLE-SA-2019-5-13-1 iOS 12.3

iOS 12.3 is now available and addresses the following:

AppleFileConduit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)

Contacts
Available for: iPhone 5s and later, iPad...

[CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services

Full Disclosure - 13 May, 2019 - 13:18

Posted by Joshua Mulliken on May 13

===================
Title: [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity
Services
Author: Joshua Mulliken <
joshua () mulliken net

Thanks to: Carnegie Mellon University CERT Coordination Center
Date Found: Dec. 17, 2018
Vendor: Ellucian Company L.P.
Vendor Homepage:
https://www.ellucian.com
Products: Banner Web Tailor and Banner Enterprise Identity Services
Web Tailor Affected...
Syndicate content