Security News

[SECURITY] [DSA 4600-1] firefox-esr security update

Bug Traq - 9 January, 2020 - 06:21

Posted by Moritz Muehlenhoff on Jan 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4600-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 09, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-17026 CVE-2019-17024...

[slackware-security] mozilla-firefox (SSA:2020-009-01)

Bug Traq - 9 January, 2020 - 06:17

Posted by Slackware Security Team on Jan 09

[slackware-security] mozilla-firefox (SSA:2020-009-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.4.1esr-i686-1_slack14.2.txz: Upgraded.
This release fixes a critial security issue:
Mozilla Foundation Security Advisory 2020-03: Incorrect alias information
in...

[slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)

Bug Traq - 9 January, 2020 - 04:15

Posted by Slackware Security Team on Jan 09

[slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.208/*: Upgraded.
IPV6_MULTIPLE_TABLES n -> y
+IPV6_SUBTREES y
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages....

[SECURITY] [DSA 4598-1] python-django security update

Bug Traq - 8 January, 2020 - 05:02

Posted by Salvatore Bonaccorso on Jan 08

-------------------------------------------------------------------------
Debian Security Advisory DSA-4598-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 07, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2019-19844
Debian Bug...

[SECURITY] [DSA 4599-1] wordpress security update

Bug Traq - 8 January, 2020 - 04:58

Posted by Sebastien Delafond on Jan 08

-------------------------------------------------------------------------
Debian Security Advisory DSA-4599-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
January 08, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2019-16217 CVE-2019-16218...

[TZO-04-2020] Bitdefender Generic Malformed Archive Bypass (BZ2)

Full Disclosure - 7 January, 2020 - 12:27

Posted by Thierry Zoller on Jan 07


Multiple Reflected Cross-site Scripting Vulnerabilities in ERPNext 11.1.47

Full Disclosure - 7 January, 2020 - 12:19

Posted by Daniel Bishtawi on Jan 07

Hello,

We are informing you about the vulnerabilities in ERPNext 11.1.47

Here are the details:

Information
--------------------

Advisory by Netsparker
Name: Multiple Reflected Cross-site Scripting Vulnerabilities in ERPNext
Affected Software: ERPNext
Affected Versions: 11.1.47
Vendor Homepage: https://erpnext.com/
Vulnerability Type: Reflected Cross-site Scripting
Severity: High
Status: Fixed
CVSS Score (3.0):...

Two vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 7 January, 2020 - 12:18

Posted by Q C on Jan 07

Advisory: two vulnerabilities found in MikroTik's RouterOS

Details
=======

Product: MikroTik's RouterOS
Affected Versions: before 6.44.6 (Long-term release tree)
Fixed Versions: 6.44.6 (Long-term release tree)
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team

Product Description
==================

RouterOS is the operating system used on the...

Microsoft Windows VCF Card / Mailto Link Denial Of Service

Full Disclosure - 7 January, 2020 - 12:18

Posted by hyp3rlinx on Jan 07

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-MAILTO-LINK-DENIAL-OF-SERVICE.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
A VCF file is a standard file format for storing contact information for a
person or business.
Microsoft Outlook supports the vCard and vCalendar features.
These are a...

Fortinet FortiSIEM Hardcoded SSH Key

Full Disclosure - 7 January, 2020 - 12:18

Posted by Andrew Klaus on Jan 07

Vendor: Fortinet
Product: FortiSIEM
Tested version: 5.2.5, 5.2.6. I haven't confirmed older versions, but there
is a good chance they're also affected.
CVE: Fortinet hands out their own CVEs according to Mitre, and since no
human confirmation was received by Fortinet, no CVE was created yet.

== Summary:

FortiSIEM has a hardcoded SSH public key for user "tunneluser" which is the
same between all installs. An attacker with...

[slackware-security] mozilla-firefox (SSA:2020-006-01)

Bug Traq - 7 January, 2020 - 02:21

Posted by Slackware Security Team on Jan 06

[slackware-security] mozilla-firefox (SSA:2020-006-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.4.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 4597-1] netty security update

Bug Traq - 6 January, 2020 - 01:57

Posted by Salvatore Bonaccorso on Jan 05

-------------------------------------------------------------------------
Debian Security Advisory DSA-4597-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 03, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : netty
CVE ID : CVE-2019-16869
Debian Bug :...

[TZO-04-2020] Bitdefender Generic Malformed Archive Bypass (BZ2)

Bug Traq - 6 January, 2020 - 01:53

Posted by Thierry Zoller on Jan 05


[TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information)

Full Disclosure - 3 January, 2020 - 13:15

Posted by Thierry Zoller on Jan 03


[TZO-02-2020] Kaspersyk Generic Malformed Archive Bypass (ZIP GFlag)

Full Disclosure - 3 January, 2020 - 13:15

Posted by Thierry Zoller on Jan 03


[TZO-01-2020] AVIRA Generic Malformed Container bypass (ISO)

Full Disclosure - 3 January, 2020 - 13:15

Posted by Thierry Zoller on Jan 03


Open-Xchange Security Advisory 2020-01-02

Full Disclosure - 3 January, 2020 - 13:13

Posted by Open-Xchange GmbH via Fulldisclosure on Jan 03

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs (open-xchange, appsuite, dovecot, powerdns) at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 67097 (Bug ID)
Vulnerability type: Cross-site scripting (CWE-80)...

CA20191218-01: Security Notice for CA Client Automation Agent for Windows

Full Disclosure - 3 January, 2020 - 13:13

Posted by Kevin Kotas via Fulldisclosure on Jan 03

CA20191218-01: Security Notice for CA Client Automation Agent for
Windows

Issued: December 18, 2019
Last Updated: December 18, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Client Automation agent on Windows. A
vulnerability exists that can allow a local attacker to gain
escalated privileges. CA published solutions to address the
vulnerability and recommends that all affected customers implement
the...

New BlackArch Linux ISOs + OVA Image available!

Full Disclosure - 3 January, 2020 - 13:11

Posted by Black Arch on Jan 03

Dear list,

We've released new BlackArch Linux ISOs and OVA image (version
2020.01.01). Many improvements and QA went through all packages and
tools Blackarch Linux offers! For details see the ChangeLog below. The
BlackArch repository, Live-ISO and OVA image include more than 2400
tools now. The aarch64 repository is filled with about 2200 tools.

A ChangeLog of the Live-ISO-2020.01.01:

- added 120 new tools
- add terminus font...

Microsoft Windows .Group File / URL Field Code Execution

Full Disclosure - 3 January, 2020 - 13:11

Posted by hyp3rlinx on Jan 03

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.GROUP-FILE-URL-FIELD-CODE-EXECUTION.txt
[+] twitter.com/hyp3rlinx
[+] apparitionsec@gmail
[+] ISR: Apparition Security

[Vendor]
www.microsoft.com

[Product]
Windows ".Group" File Type

Gorup files are a collection of contacts created by Windows Contacts, an
embedded contact management...
Syndicate content