information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
IPsec is a suite of protocols providing data authentication, integrity, and
confidential
FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
libfetch(3) is a multi-protocol file transfer library included with FreeBSD
and used by the fetch(1) command-line tool,
FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The kernel can create a core dump file when a process crashes that contains
process state, for debugging.
II. Prob
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Apache Olingo OData 4.0
# Vendor: Apache Foundation
# CSNC ID: CSNC
FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The Intel machine check architecture is a mechanism to detect and report
hardware errors, such as system bus err
,
CVE-2018-12127, CVE-2018-12130, CVE-2018-11091,
CVE-2017-5715
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: VeloCloud
# Vendor: VMware
information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
0. Revision history
v1.0 2019-08-20 Initial release.
v1.1 2019-08-21 Updated workaround.
I. Backgro
-2019-5603
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
Note: This issue is related to the previously disclosed SA-19:15.mqueuefs.
It is anot
information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
/dev/midistat is a device file which can be read to obtain a
human-readable list of the availa
FreeBSD Security Advisories, including
descriptions of the fields above, security branches, and the following
sections, please visit https://security.FreeBSD.org/>.
I. Background
mbufs are a unit of memory management mostly used in the kernel for network
packets and socket buffers. m_pulldown(9)
information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
bhyve(8) is a hypervisor that supports running a variety of guest operating
systems in virt
information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The bsnmp software library is used for the Internet SNMP (Simple Network
Management Proto
regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
MLDv2 is the Multicast Listener Discovery protocol, version 2. It is used
by IPv6 routers to discover multic
Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The bzip2(1)/bunzip2(1) utilities and the libbz2 library compress and
decompress files using an algorithm based on the Burr
FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
bhyve(8) is a hypervisor that supports running a variety of virtual
machines (guests). bhyve includes an emula
FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
UNIX-domain sockets are used for inter-process communication. It is
possible to use UNIX-domain sockets to trans
regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
mqueuefs(5) implements POSIX message queue file system which can be used
by processes as a communicat
12:54:10 UTC (releng/11.2, 11.2-RELEASE-p12)
2019-07-24 12:54:10 UTC (releng/11.3, 11.3-RELEASE-p1)
CVE Name: CVE-2019-5605
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections
information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The telnet(1) command is a TELNET protocol client, used primarily to
establish terminal sessi
Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The posix_openpt(2) system call allocates a pseudo-terminal device and
returns a descriptor referencing that device. Suc
(releng/12.0, 12.0-RELEASE-p7)
2019-05-10 23:46:42 UTC (stable/11, 11.2-STABLE)
2019-07-02 00:02:16 UTC (releng/11.2, 11.2-RELEASE-p11)
CVE Name: CVE-2019-5601
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields
FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The cd(4) driver implements a number of ioctls to permit low-level access to
the media in the CD-ROM device.
FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The iconv(3) API converts text data from one character encoding to another
and is available as part of the standar
-STABLE)
2019-06-19 16:43:05 UTC (releng/12.0, 12.0-RELEASE-p6)
CVE Name: CVE-2019-5599
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https
/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2019-004-thunderbird
Summary and Impact
==
A type confusion has been identified in the Thunderbird email
client. The issue is present in the libical implementation, which was
forked from upstream
: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2019-003-thunderbird
Summary and Impact
==
A stack-based buffer overflow has been identified in the Thunderbird
email client. The issue is present in the libical
: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2019-002-thunderbird
Summary and Impact
==
A heap-based buffer overflow has been identified in the Thunderbird
email client. The issue is present in the libical implementation
: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2019-002-thunderbird
Summary and Impact
==
A heap-based buffer overflow has been identified in the Thunderbird
email client. The issue is present in the libical implementation
: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2019-002-thunderbird
Summary and Impact
==
A heap-based buffer overflow has been identified in the Thunderbird
email client. The issue is present in the libical implementation
-2018-12127, CVE-2018-12130,
CVE-2019-11091
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
0. Revision history
v1.0 20
-2018-12127, CVE-2018-12130,
CVE-2019-11091
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
0. Revision history
v1.0 20
-2018-12127, CVE-2018-12130,
CVE-2019-11091
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
Modern processors mak
(releng/12.0, 12.0-RELEASE-p4)
2019-03-01 18:12:07 UTC (stable/11, 11.3-PRERELEASE)
2019-05-14 23:10:21 UTC (releng/11.2, 11.2-RELEASE-p10)
CVE Name: CVE-2019-5597
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields
/12.0, 12.0-RELEASE-p4)
2019-03-21 14:17:12 UTC (stable/11, 11.3-PRERELEASE)
2019-05-14 23:12:22 UTC (releng/11.2, 11.2-RELEASE-p10)
CVE Name: CVE-2019-5598
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above
general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
Wi-Fi Protected Access II (WPA2) is a security protocol developed by the
Wi-Fi Alliance
(releng/12.0, 12.0-RELEASE-p4)
2019-03-07 13:45:36 UTC (stable/11, 11.3-PRERELEASE)
2019-05-14 23:06:26 UTC (releng/11.2, 11.2-RELEASE-p10)
CVE Name: CVE-2019-8936
For general information regarding FreeBSD Security Advisories,
including descriptions of the
SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/
Pydio 8 Multiple Vulnerabilities
1. *Advisory Information*
Title: Pydio 8 Multiple Vulnerabilities
Advisory ID: SAUTH-2019-0002
Advisory URL:
https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities
Date
://www.secureauth.com/labs/advisories/cisco-webex-meetings-elevation-privilege-vulnerability-version-2
Date published: 2019-02-27
Date of last update: 2019-02-27
Vendors contacted: Cisco
Release mode: Coordinated release
2. *Vulnerability Information*
Class: OS command injection [CWE-78]
Impact: Code execution
SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/
Micro Focus Filr Multiple Vulnerabilities
1. *Advisory Information*
Title: Micro Focus Filr Multiple Vulnerabilities
Advisory ID: SAUTH-2019-0001
Advisory URL:
https://www.secureauth.com/labs/advisories/micro-focus-filr-multiple
)
2019-02-05 17:57:30 UTC (stable/11, 11.2-STABLE)
CVE Name: CVE-2019-5596
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
UTC (releng/12.0, 12.0-RELEASE-p3)
2019-02-05 17:54:02 UTC (stable/11, 11.2-STABLE)
2019-02-05 18:07:45 UTC (releng/11.2, 11.2-RELEASE-p9)
CVE Name: CVE-2019-5595
For general information regarding FreeBSD Security Advisories,
including descriptions of the
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: SICAM A8000 Series
# Vendor: Siemens
# CSNC ID: CSNC-2019-002
# CVE
/UI:N/S:U/C:N/I:N/A:L
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-009-uaparser/
Summary and Impact
==
The programming library UA-Parser uses regular expressions to identify
user agent strings. The complexity of some of the regular expressions
is such that an attacker
-RELEASE-p1)
2018-12-19 18:19:15 UTC (stable/11, 11.2-STABLE)
2018-12-19 18:22:25 UTC (releng/11.2, 11.2-RELEASE-p7)
CVE Name: CVE-2018-17161
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security
:38:32 UTC (releng/11.2, 11.2-RELEASE-p6)
CVE Name: CVE-2018-17160
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The bh
)
2018-11-27 19:42:16 UTC (releng/11.2, 11.2-RELEASE-p5)
CVE Name: CVE-2018-17157, CVE-2018-17158, CVE-2018-17159
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https
/advisories/cisco-webex-meetings-elevation-privilege-vulnerability
Date published: 2018-11-27
Date of last update: 2018-11-27
Vendors contacted: Cisco
Release mode: Coordinated release
*2. *Vulnerability Information**
Class: OS command injection [CWE-78]
Impact: Code execution
Remotely Exploitable: No
SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/
ASRock Drivers Elevation of Privilege Vulnerabilities
1. *Advisory Information*
Title: ASRock Drivers Elevation of Privilege Vulnerabilities
Advisory ID: CORE-2018-0005
Advisory URL:
https://www.secureauth.com/labs/advisories
://mgetty.greenie.net
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty
Summary and Impact
- --
Multiple issues have been identified in the mgetty fax software. These
might be used by local users to elevate their privileges
: https://www.hylafax.org/, http://hylafax.sourceforge.net/
Credit: X41 D-SEC GmbH, Luis Merino, Eric Sesterhenn, Markus Vervier
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-008-Hylafax/
Summary and Impact
--
Severity Rating: Critical
Vector: Incoming fax
general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
To execute a binary the kernel must parse the ELF header to determine the
entry po
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: ownCloud Impersonate
# Vendor: ownCloud
# CSNC ID: CSNC-2018-015
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: ownCloud iOS Application (owncloud.iosapp) [1]
# Vendor: ownCloud Gmbh
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Atmosphere [1]
# Vendor:Async-IO.org
# CSNC ID: CSNC-2018-023
, 10.4-RELEASE-p11)
CVE Name: CVE-2018-14526
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The wpa_supplicant(8) utility i
differences in FreeBSD 10-stable a patch
is not yet available for FreeBSD 10.4. This will follow at
a later date.
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections
11.1 and later. We expect to update this advisory to include
10.4 at a later time.
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org
)
2018-08-15 02:31:10 UTC (releng/10.4, 10.4-RELEASE-p11)
CVE Name: CVE-2018-6922
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
/ Depreciated
Vendor URL: https://www.yubico.com/
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/
Summary and Impact
- --
An out of bounds write and read was discovered when malicious
responses from a
Confirmed Patched Versions: 8eef01a5e218ae78cc358de32213b50a601662de
Vendor: Apple
Vendor URL: https://smartcardservices.github.io/
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-005-smartcardservices/
Summary and Impact
: https://github.com/OpenSC/pampkcs11
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-003-pampkcs11/
Summary and Impact
- --
It is possible to replay an authentication by using a specially
prepared smartcard or token
: https://github.com/OpenSC/OpenSC
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
Summary and Impact
- --
Multiple issues have been identified in OpenSC, ranging from stack
based buffer overflows to out
://www.yubico.com/
Vendor Advisory URL: https://www.yubico.com/support/security-advisories
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/
Summary and Impact
- --
A buffer overflow and an out of
)
2018-08-06 17:50:40 UTC (releng/10.4, 10.4-RELEASE-p10)
CVE Name: CVE-2018-6922
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
SoftNAS Cloud OS Command Injection
1. *Advisory Information*
Title: SoftNAS Cloud OS Command Injection
Advisory ID: CORE-2018-0009
Advisory URL:
http://www.coresecurity.com/advisories/softnas-cloudnas-OS-command-injection
Date
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
QNAP Qcenter Virtual Appliance Multiple Vulnerabilities
1. *Advisory Information*
Title: QNAP Qcenter Virtual Appliance Multiple Vulnerabilities
Advisory ID: CORE-2018-0006
Advisory URL:
http://www.coresecurity.com/advisories
Special Note: This advisory only addresses this issue for FreeBSD 11.x on
i386 and amd64. We expect to update this advisory to include
10.x in the near future.
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Vert.x [1]
# CSNC ID: CSNC-2018-021
# Subject: HTTP Header
://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
Date published: 2018-05-31
Date of last update: 2018-05-22
Vendors contacted: Quest Software Inc.
Release mode: Forced release
2. *Vulnerability Information*
Class: Improper Neutralization of Special Elements used in an
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Quest DR Series Disk Backup Multiple Vulnerabilities
1. *Advisory Information*
Title: Quest DR Series Disk Backup Multiple Vulnerabilities
Advisory ID: CORE-2018-0002
Advisory URL:
http://www.coresecurity.com/advisories/quest
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
# Product: totemomail Encryption Gateway
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
# Product: totemomail Encryption Gateway
-8897
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
On x86 architecture systems, the stack is represented by the combination o
FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The IPsec suite of protocols provide network level security for IPv4 and IPv6
packets. FreeBSD includes softw
information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
On FreeBSD 11 and later, and FreeBSD 10.x systems that boot via UEFI, the
default system video console
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Microsoft Intune [1]
# Vendor: Microsoft
# CSNC ID: CSNC-2017-026
Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
Many modern processors have implementation issues that allow unprivileged
attackers to bypass user-kernel or inter-process memory acc
FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
0. Revision History
v1.0 2018-03-07 Initial release.
v1.1 2018-03-08 Correct patch for 10.x releases.
I. Background
The IP
FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The IPsec suite of protocols provide network level security for IPv4 and IPv6
packets. FreeBSD includes softw
/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities
Date published: 2018-02-21
Date of last update: 2018-02-21
Vendors contacted: Trend Micro
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Cleartext Transmission of Sensitive Information [CWE-319
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Microsoft Intune [1]
# Vendor: Microsoft
# CSNC ID: CSNC-2017-027
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Kaspersky Secure Mail Gateway Multiple Vulnerabilities
1. *Advisory Information*
Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities
Advisory ID: CORE-2017-0010
Advisory URL:
http://www.coresecurity.com/advisories
rved CVE-2017-8802 for the issue
2017-12-12: Vendor released security fix & guidance to its customers
2018-01-10: Public disclosure
References:
---
[1] https://www.zimbra.com/
[2] https://www.synacor.com/
[3] https://www.compass-security.com/research/advisories/
[4] https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commerc
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: MyTy
# Vendor: Finlane GmbH
# CSNC ID: CSNC-2017-029
# CVE ID
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: MyTy
# Vendor: Finlane GmbH
# CSNC ID: CSNC-2017-030
# CVE ID
(releng/10.3, 10.3-RELEASE-p24)
CVE Name: CVE-2017-1088
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
0. Revision history
v1.0 2017
)
CVE Name: CVE-2017-1088
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The kldstat(2) syscall provides information ab
, 10.4-RELEASE-p3)
2017-11-15 22:45:13 UTC (releng/10.3, 10.3-RELEASE-p24)
CVE Name: CVE-2017-1087
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https
-RELEASE-p24)
CVE Name: CVE-2017-1086
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/>.
I. Background
The ptrace(2) syscall provides
Vendor URL: http://www.psftp.de/ftp-server/
Vector: Network
Credit: X41 D-Sec GmbH, Eric Sesterhenn, Markus Vervier
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/
Summary and Impact
--
Several issues have been identified, which allow
##
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#
##
#
# Product: iText PDF Library
# Vendor: iText Group
# CVE ID: CVE-2017
: CVE-2017-5996
Reference: https://www.vsecurity.com/download/advisories/20171026-1.txt
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Product Description
~-~
From Bomgar's website [1]: "The fastest, most secure way for experts to
)
CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above
/shadowsocks-libev
Vector: Local
Credit: X41 D-Sec GmbH, Niklas Abel
Status: Public
CVE: not yet assigned
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/
Summary and Impact
--
Shadowsocks-libev offers local command execution per configuration
/shadowsocks/shadowsocks/tree/master
Vector: Network
Credit: X41 D-Sec GmbH, Niklas Abel
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2017-008-shadowsocks/
Summary and Impact
--
Several issues have been identified, which allow attackers to manipulate
log files
(Abovo IT)
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/
Summary and Impact
--
Several issues have been identified, which allow attackers to access the
administrative web interface with admin credentials, delete files,
perform CSRF and XSS
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: PingID (MFA) [1]
# Vendor: Ping Identity Corporation
# CSNC ID: CSNC
1. *Advisory Information*
Title: SAP SAPCAR Heap Based Buffer Overflow Vulnerability
Advisory ID: CORE-2017-0001
Advisory URL: http://www.coresecurity.com/advisories/sap-sapcar-
heap-based-buffer-overflow-vulnerability
Date published: 2017-05-10
Date of last update: 2017-05-10
Vendors contacted
1 - 100 of 920 matches
Mail list logo