Security News

FreeBSD Security Advisory FreeBSD-SA-19:10.ufs

Bug Traq - 3 July, 2019 - 07:11

Posted by FreeBSD Security Advisories on Jul 03

=============================================================================
FreeBSD-SA-19:10.ufs Security Advisory
The FreeBSD Project

Topic: Kernel stack disclosure in UFS/FFS

Category: core
Module: Kernel
Announced: 2019-07-02
Credits: David G. Lawrence <dg () dglawrence com>
Affects: All supported...

[SYSS-2019-017] EBK BKS Buskoppler - Unauthenticated Remote Code Execution

Bug Traq - 3 July, 2019 - 07:09

Posted by sebastian . auwaerter on Jul 03

Advisory ID: SYSS-2019-017
Product: BKS EBK Ethernet-Buskoppler Pro
Manufacturer: BKS GmbH
Affected Version(s): < 3.01
Vulnerability Type: Unrestricted Upload of File with Dangerous Type (CWE-434)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: April 23, 2019
Solution Date: June 14, 2019
Public Disclosure: July 03, 2019
CVE Reference: CVE-2019-12971
Author of Advisory: Sebastian Auwaerter, SySS GmbH...

FreeBSD Security Advisory FreeBSD-SA-19:11.cd_ioctl

Bug Traq - 3 July, 2019 - 07:05

Posted by FreeBSD Security Advisories on Jul 03

=============================================================================
FreeBSD-SA-19:11.cd_ioctl Security Advisory
The FreeBSD Project

Topic: Privilege escalation in cd(4) driver

Category: core
Module: kernel
Announced: 2019-07-02
Credits: Alex Fortune
Affects: All supported versions of FreeBSD.
Corrected:...

FreeBSD Security Advisory FreeBSD-SA-19:09.iconv

Bug Traq - 3 July, 2019 - 07:01

Posted by FreeBSD Security Advisories on Jul 03

=============================================================================
FreeBSD-SA-19:09.iconv Security Advisory
The FreeBSD Project

Topic: iconv buffer overflow

Category: core
Module: libc
Announced: 2019-07-02
Credits: Andrea Venturoli <security () netfence it>, NetFence
Affects: All supported...

Vuln: IBM Spectrum Protect Plus Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 2 July, 2019 - 23:00
IBM Spectrum Protect Plus Multiple Security Vulnerabilities

Vuln: Quest KACE Systems Management Appliance CVE-2019-10973 Security Bypass Vulnerability

Security Focus Vulnerabilities - 1 July, 2019 - 23:00
Quest KACE Systems Management Appliance CVE-2019-10973 Security Bypass Vulnerability

Vuln: Schneider Electric Modicon Controllers CVE-2019-6819 Denial of Service Vulnerability

Security Focus Vulnerabilities - 1 July, 2019 - 23:00
Schneider Electric Modicon Controllers CVE-2019-6819 Denial of Service Vulnerability

[SECURITY] [DSA 4475-1] openssl security update

Bug Traq - 1 July, 2019 - 21:36

Posted by Moritz Muehlenhoff on Jul 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-4475-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2019-1543

Joran Dirk Greef...

[SECURITY] [DSA 4474-1] firefox-esr security update

Bug Traq - 1 July, 2019 - 21:33

Posted by Moritz Muehlenhoff on Jul 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-4474-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-11708

A sandbox...

[RT-SA-2019-012] Information Disclosure in REDDOXX Appliance

Bug Traq - 1 July, 2019 - 21:29

Posted by RedTeam Pentesting GmbH on Jul 01

Advisory: Information Disclosure in REDDOXX Appliance

RedTeam Pentesting discovered an Information Disclosure vulnerability in
the REDDOXX appliance software, which allows unauthenticated attackers
to gain information about the internal network the appliance is part of.

Details
=======

Product: REDDOXX Appliance
Affected Versions: 2032-SP2 up to hotfix 51
Fixed Versions: 2032-SP2 hotfix 53
Vulnerability Type: Information Disclosure
Security...

[RT-SA-2019-012] Information Disclosure in REDDOXX Appliance

Full Disclosure - 1 July, 2019 - 09:22

Posted by RedTeam Pentesting GmbH on Jul 01

Advisory: Information Disclosure in REDDOXX Appliance

RedTeam Pentesting discovered an Information Disclosure vulnerability in
the REDDOXX appliance software, which allows unauthenticated attackers
to gain information about the internal network the appliance is part of.

Details
=======

Product: REDDOXX Appliance
Affected Versions: 2032-SP2 up to hotfix 51
Fixed Versions: 2032-SP2 hotfix 53
Vulnerability Type: Information Disclosure
Security...

[SYSS-2019-016] SquirrelMail script filter bypass/XSS

Bug Traq - 1 July, 2019 - 06:20

Posted by Moritz Bechler on Jul 01

Advisory ID: SYSS-2019-016
Product: SquirrelMail
Manufacturer: The SquirrelMail Project
Affected Version(s): 1.4.22, SVN
Tested Version(s): SVN
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-04-17
Solution Date: N/A
Public Disclosure: 2019-07-01
CVE Reference: CVE-2019-12970
Author of Advisory: Moritz Bechler, SySS GmbH...

Vuln: Oracle Java SE CVE-2019-2697 Remote Security Vulnerability

Security Focus Vulnerabilities - 30 June, 2019 - 23:00
Oracle Java SE CVE-2019-2697 Remote Security Vulnerability

Vuln: Oracle Java SE CVE-2019-2698 Remote Security Vulnerability

Security Focus Vulnerabilities - 30 June, 2019 - 23:00
Oracle Java SE CVE-2019-2698 Remote Security Vulnerability

Vuln: Oracle Java SE CVE-2019-2602 Remote Security Vulnerability

Security Focus Vulnerabilities - 30 June, 2019 - 23:00
Oracle Java SE CVE-2019-2602 Remote Security Vulnerability

Vuln: Oracle Java SE CVE-2019-2684 Remote Security Vulnerability

Security Focus Vulnerabilities - 30 June, 2019 - 23:00
Oracle Java SE CVE-2019-2684 Remote Security Vulnerability

Vuln: Eclipse OpenJ9 CVE-2019-10245 Denial of Service Vulnerability

Security Focus Vulnerabilities - 30 June, 2019 - 23:00
Eclipse OpenJ9 CVE-2019-10245 Denial of Service Vulnerability

Vuln: Linux Kernel CVE-2019-11479 Denial of Service Vulnerability

Security Focus Vulnerabilities - 30 June, 2019 - 23:00
Linux Kernel CVE-2019-11479 Denial of Service Vulnerability

Vuln: ABB PB610 Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 30 June, 2019 - 23:00
ABB PB610 Multiple Security Vulnerabilities

Vuln: Multiple ABB Products CVE-2019-7225 Hardcoded Credentials Vulnerability

Security Focus Vulnerabilities - 30 June, 2019 - 23:00
Multiple ABB Products CVE-2019-7225 Hardcoded Credentials Vulnerability
Syndicate content