Security News

AMD-SEV: Platform DH key recovery via invalid curve attack (CVE-2019-9836)

Full Disclosure - 25 June, 2019 - 13:03

Posted by Cfir Cohen via Fulldisclosure on Jun 25

Overview
========
AMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption
feature. SEV protects guest virtual machines from the hypervisor, provides
confidentiality guarantees at runtime and remote attestation at launch
time. See [1] for details. SEV key management code runs inside the Platform
Security Processor (PSP) [2].

The SEV elliptic-curve (ECC) implementation was found to be vulnerable to
an invalid curve attack. At...

[SECURITY] [DSA 4471-1] thunderbird security update

Bug Traq - 25 June, 2019 - 08:47

Posted by Moritz Muehlenhoff on Jun 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-4471-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-11707 CVE-2019-11708...

Vuln: Nessus CVE-2019-3961 Cross Site Scripting Vulnerability

Security Focus Vulnerabilities - 24 June, 2019 - 23:00
Nessus CVE-2019-3961 Cross Site Scripting Vulnerability

Vuln: Multiple Cisco Products CVE-2019-1845 Denial of Service Vulnerability

Security Focus Vulnerabilities - 24 June, 2019 - 23:00
Multiple Cisco Products CVE-2019-1845 Denial of Service Vulnerability

Vuln: Kubernetes CVE-2019-11246 Incomplete Fix Arbitrary File Overwrite Vulnerability

Security Focus Vulnerabilities - 24 June, 2019 - 23:00
Kubernetes CVE-2019-11246 Incomplete Fix Arbitrary File Overwrite Vulnerability

Webex meetings are vulnerable to mitm

Full Disclosure - 24 June, 2019 - 22:24

Posted by RDX Guy on Jun 24

https://pankajupadhyay.in/2019/06/24/webex-meetings-are-vulnerable-to-mitm/

"In my free time, I was looking at some Android applications and noticed
that I was able to intercept SSL traffic for Webex Meetings app. When
explored it further, I found that Webex Meetings mobile app accepts
self-signed certificates. Also there is no certificate pinning enabled.

This makes Webex meet app vulnerable to Man in the middle attack.

Users of this...

BlogEngine.NET 3.3.7 and earlier Directory Traversal + Listing

Full Disclosure - 24 June, 2019 - 22:23

Posted by aaron bishop on Jun 24

*CVE-2019-10717* - A Directory Traversal + Directory Listing exists on
BlogEngine.Net 3.3.7 and earlier through the *path* parameter used by the
/api/filemanager endpoint. A request such as:

https://$HOST/api/filemanager?path=*%2F..%2f..%2f*

Discloses the contents of the application root:

....
{
"IsChecked": false,
"SortOrder": 25,
"Created": "5/26/2018 1:53:02 PM",
"Name":...

[SECURITY] [DSA 4469-1] libvirt security update

Bug Traq - 24 June, 2019 - 02:42

Posted by Salvatore Bonaccorso on Jun 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-4469-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 22, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libvirt
CVE ID : CVE-2019-10161 CVE-2019-10167

Two...

[SECURITY] [DSA 4470-1] pdns security update

Bug Traq - 24 June, 2019 - 02:40

Posted by Moritz Muehlenhoff on Jun 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-4470-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 23, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : pdns
CVE ID : CVE-2019-10162 CVE-2019-10163

Two...

[slackware-security] mozilla-firefox (SSA:2019-172-01)

Bug Traq - 24 June, 2019 - 02:39

Posted by Slackware Security Team on Jun 24

[slackware-security] mozilla-firefox (SSA:2019-172-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-60.7.2esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 4467-2] vim regression update

Bug Traq - 24 June, 2019 - 02:32

Posted by Moritz Muehlenhoff on Jun 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-4467-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 23, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vim
CVE ID : CVE-2019-12735

The update for vim...

APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1

Bug Traq - 24 June, 2019 - 02:29

Posted by Apple Product Security on Jun 24

APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1

AirPort Base Station Firmware Update 7.8.1 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extreme, and AirPort Time
Capsule base stations with 802.11n
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8581: Lucio Albornoz...

[SECURITY] [DSA 4468-1] php-horde-form security update

Bug Traq - 24 June, 2019 - 02:29

Posted by Salvatore Bonaccorso on Jun 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-4468-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 21, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php-horde-form
CVE ID : CVE-2019-9858
Debian Bug...

[slackware-security] mozilla-thunderbird (SSA:2019-172-02)

Bug Traq - 24 June, 2019 - 02:26

Posted by Slackware Security Team on Jun 24

[slackware-security] mozilla-thunderbird (SSA:2019-172-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-60.7.2-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[slackware-security] bind (SSA:2019-171-01)

Bug Traq - 24 June, 2019 - 02:21

Posted by Slackware Security Team on Jun 24

[slackware-security] bind (SSA:2019-171-01)

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a denial-of-service security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.11.8-i586-1_slack14.2.txz: Upgraded.
Fixed a race condition in dns_dispatch_getnext() that could cause an
assertion failure if a significant number of incoming packets...

[SECURITY] [DSA 4447-2] intel-microcode security update

Bug Traq - 24 June, 2019 - 02:18

Posted by Moritz Muehlenhoff on Jun 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-4447-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
Jun 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : intel-microcode
CVE ID : CVE-2018-12126...

FreeBSD Security Advisory FreeBSD-SA-19:08.rack

Bug Traq - 24 June, 2019 - 02:14

Posted by FreeBSD Security Advisories on Jun 24

=============================================================================
FreeBSD-SA-19:08.rack Security Advisory
The FreeBSD Project

Topic: Resource exhaustion in non-default RACK TCP stack

Category: core
Module: inet
Announced: 2019-06-19
Credits: Jonathan Looney (Netflix)
Peter Lei (Netflix)...

XL-19-012 - ABB IDAL HTTP Server Uncontrolled Format String Vulnerability

Full Disclosure - 24 June, 2019 - 02:06

Posted by xen1thLabs on Jun 24

XL-19-012 - ABB IDAL HTTP Server Uncontrolled Format String Vulnerability
========================================================================

Identifiers
-----------
XL-19-012
CVE-2019-7228
ABBVU-IAMF-1902007

CVSS Score
----------
8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL HTTP...

Fortinet FortiCam FCM-MB40 Vulnerabilities

Full Disclosure - 24 June, 2019 - 02:06

Posted by XORcat on Jun 24

Original posting: https://xor.cat/2019/06/19/fortinet-forticam-vulns/

## Background

In March of 2019 I discovered five vulnerabilities in Fortinet's
FortiCam FCM-MB40[1] product.

Part-way through disclosing this vulnerability, I discovered that the
FCM-MB40 is manufactured by a company called Dynacolor Inc[2], which
calls the product "Q2-H"[3].

The FortiCam FCM-MB40 software version which I found these
vulnerabilities in was...

APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1

Full Disclosure - 24 June, 2019 - 02:06

Posted by Apple Product Security via Fulldisclosure on Jun 24

APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1

AirPort Base Station Firmware Update 7.8.1 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extreme, and AirPort Time
Capsule base stations with 802.11n
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8581: Lucio Albornoz...
Syndicate content