Security News

Neowise CarbonFTP v1.4 Insecure Proprietary Password Encryption CVE-2020-6857

Bug Traq - 21 January, 2020 - 02:45

Posted by apparitionsec on Jan 20

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.neowise.com

[Product]
CarbonFTP v1.4

CarbonFTP is a file synchronization tool that enables you to synch local files with a remote FTP server and vice versa.
It provides a...

Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697

Bug Traq - 21 January, 2020 - 02:42

Posted by apparitionsec on Jan 20

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt
[+] ISR: ApparitionSec

[Vendor]
www.trendmicro.com

[Product]
Trend Micro Security 2019 (Consumer) Multiple Products

Trend Micro Security provides comprehensive protection for your devices.
This includes protection...

Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357

Bug Traq - 21 January, 2020 - 02:38

Posted by apparitionsec on Jan 20

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.trendmicro.com

[Product(s)]
Trend Micro Security (Consumer) Multiple Products

Trend Micro Security provides comprehensive protection for your devices.
This includes...

[SECURITY] [DSA 4606-1] chromium security update

Bug Traq - 20 January, 2020 - 09:26

Posted by Michael Gilbert on Jan 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4606-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
January 20, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2019-13725 CVE-2019-13726...

[SECURITY] [DSA 4603-1] thunderbird security update

Bug Traq - 20 January, 2020 - 05:10

Posted by Moritz Muehlenhoff on Jan 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4603-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 17, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-17016 CVE-2019-17017...

[SECURITY] [DSA 4604-1] cacti security update

Bug Traq - 20 January, 2020 - 05:06

Posted by Moritz Muehlenhoff on Jan 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4604-1 security () debian org
https://www.debian.org/security/ Hugo Lefeuvre
January 19, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : cacti
CVE ID : CVE-2019-16723 CVE-2019-17357...

[SECURITY] [DSA 4605-1] openjdk-11 security update

Bug Traq - 20 January, 2020 - 05:02

Posted by Moritz Muehlenhoff on Jan 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4605-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 19, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-11
CVE ID : CVE-2020-2583 CVE-2020-2590...

CVE-2020-2656 - Low impact information disclosure via Solaris xlock

Bug Traq - 17 January, 2020 - 04:15

Posted by Marco Ivaldi on Jan 17

Dear Bugtraq,

Please find attached an advisory for the following vulnerability, fixed in Oracle's Critical Patch Update (CPU) of
January 2020:

"A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow
local users to read partial contents
of sensitive files. Due to the fact that target files must be in a very specific format, exploitation of this flaw to
escalate privileges...

CVE-2020-2696 - Local privilege escalation via CDE dtsession

Bug Traq - 17 January, 2020 - 04:12

Posted by Marco Ivaldi on Jan 17

Dear Bugtraq,

Please find attached an advisory for the following vulnerability, fixed in Oracle's Critical Patch Update (CPU) of
January 2020:

"A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and
earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges
via a long palette name passed to dtsession in a malicious...

[SECURITY] [DSA 4602-1] xen security update

Bug Traq - 14 January, 2020 - 15:39

Posted by Moritz Muehlenhoff on Jan 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4602-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 13, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2019-17349 CVE-2019-17350...

[TZO-09-2020] - Bitdefender Malformed Archive bypass (RAR Uncompressed Size)

Bug Traq - 14 January, 2020 - 15:35

Posted by Thierry Zoller on Jan 14


[TZO-10-2020] - Bitdefender Malformed Archive bypass (RAR Compression Information)

Bug Traq - 14 January, 2020 - 15:31

Posted by Thierry Zoller on Jan 14


[slackware-security] mozilla-thunderbird (SSA:2020-010-01)

Bug Traq - 13 January, 2020 - 02:36

Posted by Slackware Security Team on Jan 12

[slackware-security] mozilla-thunderbird (SSA:2020-010-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-68.4.1-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[TZO-08-2020] Bitdefender Generic Malformed Archive Bypass (ZIP GPFLAG)

Bug Traq - 13 January, 2020 - 02:32

Posted by Thierry Zoller on Jan 12


[TZO-06-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)

Bug Traq - 13 January, 2020 - 02:29

Posted by Thierry Zoller on Jan 12


[TZO-05-2020] Kaspersky Generic Malformed Archive Bypass (ZIP Compressed Size)

Bug Traq - 10 January, 2020 - 08:23

Posted by Thierry Zoller on Jan 10


[TZO-07-2020] Bitdefender Generic Malformed Archive Bypass (RAR HOST_OS)

Bug Traq - 10 January, 2020 - 08:17

Posted by Thierry Zoller on Jan 10


[SECURITY] [DSA 4601-1] ldm security update

Bug Traq - 10 January, 2020 - 03:12

Posted by Moritz Muehlenhoff on Jan 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4601-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 09, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ldm
CVE ID : not yet available

It was discovered...

[SECURITY] [DSA 4600-1] firefox-esr security update

Bug Traq - 9 January, 2020 - 06:21

Posted by Moritz Muehlenhoff on Jan 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4600-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 09, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-17026 CVE-2019-17024...

[slackware-security] mozilla-firefox (SSA:2020-009-01)

Bug Traq - 9 January, 2020 - 06:17

Posted by Slackware Security Team on Jan 09

[slackware-security] mozilla-firefox (SSA:2020-009-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.4.1esr-i686-1_slack14.2.txz: Upgraded.
This release fixes a critial security issue:
Mozilla Foundation Security Advisory 2020-03: Incorrect alias information
in...
Syndicate content