Security News

SEC Consult SA-20190822-0 :: Multiple Vulnerabilities in OpenPGP.js

Full Disclosure - 22 August, 2019 - 06:24

Posted by SEC Consult Vulnerability Lab on Aug 22

You owe me € 10

SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus

Bug Traq - 21 August, 2019 - 08:02

Posted by SEC Consult Vulnerability Lab on Aug 21

SEC Consult Vulnerability Lab Security Advisory < 20190821-0 >
=======================================================================
title: Unauthenticated sensitive information leakage
product: Zoho Corporation ManageEngine ServiceDesk Plus
vulnerable version: v10 <10509
fixed version: v10 >=10509
CVE number: CVE-2019-15045, CVE-2019-15046
impact: Critical
homepage:...

[SECURITY] [DSA 4504-1] vlc security update

Bug Traq - 21 August, 2019 - 08:02

Posted by Moritz Muehlenhoff on Aug 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-4504-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vlc
CVE ID : CVE-2019-13602 CVE-2019-13962...

FreeBSD Security Advisory FreeBSD-SA-19:24.mqueuefs

Bug Traq - 21 August, 2019 - 08:01

Posted by FreeBSD Security Advisories on Aug 21

=============================================================================
FreeBSD-SA-19:24.mqueuefs Security Advisory
The FreeBSD Project

Topic: Reference count overflow in mqueue filesystem 32-bit compat

Category: core
Module: kernel
Announced: 2019-08-20
Credits: Karsten König, Secfault Security
Affects:...

FreeBSD Security Advisory FreeBSD-SA-19:23.midi

Bug Traq - 21 August, 2019 - 07:55

Posted by FreeBSD Security Advisories on Aug 21

=============================================================================
FreeBSD-SA-19:23.midi Security Advisory
The FreeBSD Project

Topic: kernel memory disclosure from /dev/midistat

Category: core
Module: sound
Announced: 2019-08-20
Credits: Peter Holm, Mark Johnston
Affects: All supported versions of...

FreeBSD Security Advisory FreeBSD-SA-19:22.mbuf

Bug Traq - 21 August, 2019 - 07:51

Posted by FreeBSD Security Advisories on Aug 21

=============================================================================
FreeBSD-SA-19:22.mbuf Security Advisory
The FreeBSD Project

Topic: IPv6 remote Denial-of-Service

Category: kernel
Module: net
Announced: 2019-08-20
Credits: Clement Lecigne
Affects: All supported versions of FreeBSD.
Corrected:...

SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus

Full Disclosure - 21 August, 2019 - 07:29

Posted by SEC Consult Vulnerability Lab on Aug 21

SEC Consult Vulnerability Lab Security Advisory < 20190821-0 >
=======================================================================
title: Unauthenticated sensitive information leakage
product: Zoho Corporation ManageEngine ServiceDesk Plus
vulnerable version: v10 <10509
fixed version: v10 >=10509
CVE number: CVE-2019-15045, CVE-2019-15046
impact: Critical
homepage:...

[CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3

Bug Traq - 19 August, 2019 - 02:39

Posted by Justin Bull on Aug 19

[CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3

Happy Sunday everyone.

A security bulletin for you all.

Software:
--------
MediaWiki OAuth2 Client (https://github.com/Schine/MW-OAuth2Client)

Description:
----------
MediaWiki implementation of the PHP League's OAuth2 Client, to allow MediaWiki
to act as a client to any OAuth2 server.

Not Affeted:
------------
0.2 and earlier.

Affected Versions:
---------------
0.3

Fixed...

[SECURITY] [DSA 4503-1] golang-1.11 security update

Bug Traq - 19 August, 2019 - 02:32

Posted by Moritz Muehlenhoff on Aug 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4503-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : golang-1.11
CVE ID : CVE-2019-9512 CVE-2019-9514...

[SECURITY] [DSA 4502-1] ffmpeg security update

Bug Traq - 16 August, 2019 - 16:55

Posted by Moritz Muehlenhoff on Aug 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4502-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ffmpeg
CVE ID : CVE-2019-12730

Several...

No cON Name 2019 Congress CFP

Full Disclosure - 16 August, 2019 - 12:18

Posted by sqlsec--- via Fulldisclosure on Aug 16

No cON Name 2019 Congress
Call For Papers https://www.noconname.org/call-for-papers/
INTRODUCTIONThe organization has opened CFP. Our goal is to get highly  qualifiedrequests  for both, speaker
opportunities, as well as workshops, to show in  oneof  the most  respected hacker conferences in  Barcelona and Spain,
NcN (No cONName).We will be accepting exclusively technical  presentations, proof of concept for,private 
investigations ...

APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

Full Disclosure - 16 August, 2019 - 12:17

Posted by Apple Product Security via Fulldisclosure on Aug 16

APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

SwiftNIO HTTP/2 1.5.0 is now available and addresses the following:

SwiftNIO HTTP/2
Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on
macOS Sierra 10.12 and later and Ubuntu 14.04 and later
Impact: A HTTP/2 server may consume unbounded amounts of memory when
receiving certain traffic patterns and eventually suffer resource
exhaustion
Description: This issue was addressed with improved buffer size...

APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4

Full Disclosure - 16 August, 2019 - 12:17

Posted by Apple Product Security via Fulldisclosure on Aug 16

APPLE-SA-2019-8-13-4 Additional information for
APPLE-SA-2019-7-22-5 tvOS 12.4

tvOS 12.4 addresses the following:

Bluetooth
Available for: Apple TV 4K and Apple TV HD
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele...

APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3

Full Disclosure - 16 August, 2019 - 12:17

Posted by Apple Product Security via Fulldisclosure on Aug 16

APPLE-SA-2019-8-13-3 Additional information for
APPLE-SA-2019-7-22-4 watchOS 5.3

watchOS 5.3 addresses the following:

Bluetooth
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele...

APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4

Full Disclosure - 16 August, 2019 - 12:17

Posted by Apple Product Security via Fulldisclosure on Aug 16

APPLE-SA-2019-8-13-2 Additional information for
APPLE-SA-2019-7-22-1 iOS 12.4

iOS 12.4 addresses the following:

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with...

APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra

Full Disclosure - 16 August, 2019 - 12:17

Posted by Apple Product Security via Fulldisclosure on Aug 16

APPLE-SA-2019-8-13-1 Additional information for
APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update
2019-004 High Sierra, Security Update 2019-004 Sierra

macOS Mojave 10.14.6, Security Update 2019-004 High Sierra,
Security Update 2019-004 Sierra address the
following:

AppleGraphicsControl
Available for: macOS Mojave 10.14.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with...

Open-Xchange Security Advisory 2019-08-15

Full Disclosure - 16 August, 2019 - 12:16

Posted by Open-Xchange GmbH via Fulldisclosure on Aug 16

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs (appsuite, dovecot, powerdns) at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX Guard
Vendor: OX Software GmbH

Internal reference: 65132 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version:...

Open-Xchange Security Advisory 2019-08-15

Full Disclosure - 16 August, 2019 - 12:16

Posted by Open-Xchange GmbH via Fulldisclosure on Aug 16

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs (appsuite, dovecot, powerdns) at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 64680 (Bug ID)
Vulnerability type: Content Spoofing (CWE-451)
Vulnerable version:...

Details about recent GNU patch vulnerabilities

Bug Traq - 16 August, 2019 - 05:21

Posted by Imre Rad on Aug 16

I identified several vulnerabilities in the GNU patch utility, some of
them making it possible to execute arbitrary code if the victim opens
a crafted patch file. It also turned out, some of these
vulnerabilities had been silently addressed by the maintainer back
then in 2018 when CVE-2018-1000156 was reported. Some Linux
distributions (like Debian, Ubuntu or Fedora) applied only the primary
patch and thus they remained vulnerable to the attack...

[SECURITY] [DSA 4501-1] libreoffice security update

Bug Traq - 16 August, 2019 - 01:22

Posted by Moritz Muehlenhoff on Aug 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4501-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9850 CVE-2019-9851...
Syndicate content