FreeBSD Security Advisory FreeBSD-SA-20:02.ipsec

2020-01-29 Thread FreeBSD Security Advisories
information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background IPsec is a suite of protocols providing data authentication, integrity, and confidential

FreeBSD Security Advisory FreeBSD-SA-20:01.libfetch

2020-01-29 Thread FreeBSD Security Advisories
FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background libfetch(3) is a multi-protocol file transfer library included with FreeBSD and used by the fetch(1) command-line tool,

FreeBSD Security Advisory FreeBSD-SA-20:03.thrmisc

2020-01-29 Thread FreeBSD Security Advisories
FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The kernel can create a core dump file when a process crashes that contains process state, for debugging. II. Prob

CVE-2019-17554 - Apache Olingo OData 4.0 - XML External Entity Resolution (XXE)

2019-12-10 Thread Advisories
# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # # Product: Apache Olingo OData 4.0 # Vendor: Apache Foundation # CSNC ID: CSNC

FreeBSD Security Advisory FreeBSD-SA-19:25.mcepsc

2019-11-12 Thread FreeBSD Security Advisories
FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The Intel machine check architecture is a mechanism to detect and report hardware errors, such as system bus err

FreeBSD Security Advisory FreeBSD-SA-19:26.mcu

2019-11-12 Thread FreeBSD Security Advisories
, CVE-2018-12127, CVE-2018-12130, CVE-2018-11091, CVE-2017-5715 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https

CVE-2019-5533 - VMware VeloCloud Authorization Bypass

2019-10-16 Thread Advisories
# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # # Product: VeloCloud # Vendor: VMware

FreeBSD Security Advisory FreeBSD-SA-19:23.midi [REVISED]

2019-08-22 Thread FreeBSD Security Advisories
information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. 0. Revision history v1.0 2019-08-20 Initial release. v1.1 2019-08-21 Updated workaround. I. Backgro

FreeBSD Security Advisory FreeBSD-SA-19:24.mqueuefs

2019-08-21 Thread FreeBSD Security Advisories
-2019-5603 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. Note: This issue is related to the previously disclosed SA-19:15.mqueuefs. It is anot

FreeBSD Security Advisory FreeBSD-SA-19:23.midi

2019-08-21 Thread FreeBSD Security Advisories
information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background /dev/midistat is a device file which can be read to obtain a human-readable list of the availa

FreeBSD Security Advisory FreeBSD-SA-19:22.mbuf

2019-08-21 Thread FreeBSD Security Advisories
FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background mbufs are a unit of memory management mostly used in the kernel for network packets and socket buffers. m_pulldown(9)

FreeBSD Security Advisory FreeBSD-SA-19:21.bhyve

2019-08-06 Thread FreeBSD Security Advisories
information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background bhyve(8) is a hypervisor that supports running a variety of guest operating systems in virt

FreeBSD Security Advisory FreeBSD-SA-19:20.bsnmp

2019-08-06 Thread FreeBSD Security Advisories
information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The bsnmp software library is used for the Internet SNMP (Simple Network Management Proto

FreeBSD Security Advisory FreeBSD-SA-19:19.mldv2

2019-08-06 Thread FreeBSD Security Advisories
regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background MLDv2 is the Multicast Listener Discovery protocol, version 2. It is used by IPv6 routers to discover multic

FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2

2019-08-06 Thread FreeBSD Security Advisories
Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The bzip2(1)/bunzip2(1) utilities and the libbz2 library compress and decompress files using an algorithm based on the Burr

FreeBSD Security Advisory FreeBSD-SA-19:16.bhyve

2019-07-24 Thread FreeBSD Security Advisories
FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background bhyve(8) is a hypervisor that supports running a variety of virtual machines (guests). bhyve includes an emula

FreeBSD Security Advisory FreeBSD-SA-19:17.fd

2019-07-24 Thread FreeBSD Security Advisories
FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background UNIX-domain sockets are used for inter-process communication. It is possible to use UNIX-domain sockets to trans

FreeBSD Security Advisory FreeBSD-SA-19:15.mqueuefs

2019-07-24 Thread FreeBSD Security Advisories
regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background mqueuefs(5) implements POSIX message queue file system which can be used by processes as a communicat

FreeBSD Security Advisory FreeBSD-SA-19:14.freebsd32

2019-07-24 Thread FreeBSD Security Advisories
12:54:10 UTC (releng/11.2, 11.2-RELEASE-p12) 2019-07-24 12:54:10 UTC (releng/11.3, 11.3-RELEASE-p1) CVE Name: CVE-2019-5605 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections

FreeBSD Security Advisory FreeBSD-SA-19:12.telnet

2019-07-24 Thread FreeBSD Security Advisories
information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The telnet(1) command is a TELNET protocol client, used primarily to establish terminal sessi

FreeBSD Security Advisory FreeBSD-SA-19:13.pts

2019-07-24 Thread FreeBSD Security Advisories
Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The posix_openpt(2) system call allocates a pseudo-terminal device and returns a descriptor referencing that device. Suc

FreeBSD Security Advisory FreeBSD-SA-19:10.ufs

2019-07-03 Thread FreeBSD Security Advisories
(releng/12.0, 12.0-RELEASE-p7) 2019-05-10 23:46:42 UTC (stable/11, 11.2-STABLE) 2019-07-02 00:02:16 UTC (releng/11.2, 11.2-RELEASE-p11) CVE Name: CVE-2019-5601 For general information regarding FreeBSD Security Advisories, including descriptions of the fields

FreeBSD Security Advisory FreeBSD-SA-19:11.cd_ioctl

2019-07-03 Thread FreeBSD Security Advisories
FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The cd(4) driver implements a number of ioctls to permit low-level access to the media in the CD-ROM device.

FreeBSD Security Advisory FreeBSD-SA-19:09.iconv

2019-07-03 Thread FreeBSD Security Advisories
FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The iconv(3) API converts text data from one character encoding to another and is available as part of the standar

FreeBSD Security Advisory FreeBSD-SA-19:08.rack

2019-06-24 Thread FreeBSD Security Advisories
-STABLE) 2019-06-19 16:43:05 UTC (releng/12.0, 12.0-RELEASE-p6) CVE Name: CVE-2019-5599 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https

X41 D-Sec GmbH Security Advisory X41-2019-004: Type confusion in Thunderbird

2019-06-13 Thread X41 D-Sec GmbH Advisories
/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2019-004-thunderbird Summary and Impact == A type confusion has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream

X41 D-Sec GmbH Security Advisory X41-2019-003: Stack-based buffer overflow in Thunderbird

2019-06-13 Thread X41 D-Sec GmbH Advisories
: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2019-003-thunderbird Summary and Impact == A stack-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical

X41 D-Sec GmbH Security Advisory X41-2019-002: Heap-based buffer overflow in Thunderbird

2019-06-13 Thread X41 D-Sec GmbH Advisories
: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2019-002-thunderbird Summary and Impact == A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation

X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird

2019-06-13 Thread X41 D-Sec GmbH Advisories
: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2019-002-thunderbird Summary and Impact == A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation

X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird

2019-06-13 Thread X41 D-Sec GmbH Advisories
: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2019-002-thunderbird Summary and Impact == A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation

FreeBSD Security Advisory FreeBSD-SA-19:07.mds [REVISED]

2019-05-15 Thread FreeBSD Security Advisories
-2018-12127, CVE-2018-12130, CVE-2019-11091 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. 0. Revision history v1.0 20

FreeBSD Security Advisory FreeBSD-SA-19:07.mds

2019-05-15 Thread FreeBSD Security Advisories
-2018-12127, CVE-2018-12130, CVE-2019-11091 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. 0. Revision history v1.0 20

FreeBSD Security Advisory FreeBSD-SA-19:07.mds

2019-05-15 Thread FreeBSD Security Advisories
-2018-12127, CVE-2018-12130, CVE-2019-11091 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background Modern processors mak

FreeBSD Security Advisory FreeBSD-SA-19:05.pf

2019-05-15 Thread FreeBSD Security Advisories
(releng/12.0, 12.0-RELEASE-p4) 2019-03-01 18:12:07 UTC (stable/11, 11.3-PRERELEASE) 2019-05-14 23:10:21 UTC (releng/11.2, 11.2-RELEASE-p10) CVE Name: CVE-2019-5597 For general information regarding FreeBSD Security Advisories, including descriptions of the fields

FreeBSD Security Advisory FreeBSD-SA-19:06.pf

2019-05-15 Thread FreeBSD Security Advisories
/12.0, 12.0-RELEASE-p4) 2019-03-21 14:17:12 UTC (stable/11, 11.3-PRERELEASE) 2019-05-14 23:12:22 UTC (releng/11.2, 11.2-RELEASE-p10) CVE Name: CVE-2019-5598 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above

FreeBSD Security Advisory FreeBSD-SA-19:03.wpa

2019-05-15 Thread FreeBSD Security Advisories
general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background Wi-Fi Protected Access II (WPA2) is a security protocol developed by the Wi-Fi Alliance

FreeBSD Security Advisory FreeBSD-SA-19:04.ntp

2019-05-15 Thread FreeBSD Security Advisories
(releng/12.0, 12.0-RELEASE-p4) 2019-03-07 13:45:36 UTC (stable/11, 11.3-PRERELEASE) 2019-05-14 23:06:26 UTC (releng/11.2, 11.2-RELEASE-p10) CVE Name: CVE-2019-8936 For general information regarding FreeBSD Security Advisories, including descriptions of the

[SAUTH-2019-0002] - Pydio 8 Multiple Vulnerabilities

2019-03-28 Thread SecureAuth Advisories
SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Pydio 8 Multiple Vulnerabilities 1. *Advisory Information* Title: Pydio 8 Multiple Vulnerabilities Advisory ID: SAUTH-2019-0002 Advisory URL: https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities Date

[CORE-2018-0012] - Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2

2019-02-28 Thread advisories
://www.secureauth.com/labs/advisories/cisco-webex-meetings-elevation-privilege-vulnerability-version-2 Date published: 2019-02-27 Date of last update: 2019-02-27 Vendors contacted: Cisco Release mode: Coordinated release 2. *Vulnerability Information* Class: OS command injection [CWE-78] Impact: Code execution

[SAUTH-2019-0001] - Micro Focus Filr Multiple Vulnerabilities

2019-02-20 Thread advisories
SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Micro Focus Filr Multiple Vulnerabilities 1. *Advisory Information* Title: Micro Focus Filr Multiple Vulnerabilities Advisory ID: SAUTH-2019-0001 Advisory URL: https://www.secureauth.com/labs/advisories/micro-focus-filr-multiple

FreeBSD Security Advisory FreeBSD-SA-19:02.fd

2019-02-05 Thread FreeBSD Security Advisories
) 2019-02-05 17:57:30 UTC (stable/11, 11.2-STABLE) CVE Name: CVE-2019-5596 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>.

FreeBSD Security Advisory FreeBSD-SA-19:01.syscall

2019-02-05 Thread FreeBSD Security Advisories
UTC (releng/12.0, 12.0-RELEASE-p3) 2019-02-05 17:54:02 UTC (stable/11, 11.2-STABLE) 2019-02-05 18:07:45 UTC (releng/11.2, 11.2-RELEASE-p9) CVE Name: CVE-2019-5595 For general information regarding FreeBSD Security Advisories, including descriptions of the

CVE-2018-13798 Siemens - SICAM A8000 Series Webinterface XXE DoS

2019-01-16 Thread Advisories
# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # # Product: SICAM A8000 Series # Vendor: Siemens # CSNC ID: CSNC-2019-002 # CVE

X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser

2019-01-10 Thread X41 D-Sec GmbH Advisories
/UI:N/S:U/C:N/I:N/A:L Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-009-uaparser/ Summary and Impact == The programming library UA-Parser uses regular expressions to identify user agent strings. The complexity of some of the regular expressions is such that an attacker

FreeBSD Security Advisory FreeBSD-SA-18:15.bootpd

2018-12-19 Thread FreeBSD Security Advisories
-RELEASE-p1) 2018-12-19 18:19:15 UTC (stable/11, 11.2-STABLE) 2018-12-19 18:22:25 UTC (releng/11.2, 11.2-RELEASE-p7) CVE Name: CVE-2018-17161 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security

FreeBSD Security Advisory FreeBSD-SA-18:14.bhyve

2018-12-04 Thread FreeBSD Security Advisories
:38:32 UTC (releng/11.2, 11.2-RELEASE-p6) CVE Name: CVE-2018-17160 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The bh

FreeBSD Security Advisory FreeBSD-SA-18:13.nfs

2018-11-27 Thread FreeBSD Security Advisories
) 2018-11-27 19:42:16 UTC (releng/11.2, 11.2-RELEASE-p5) CVE Name: CVE-2018-17157, CVE-2018-17158, CVE-2018-17159 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https

[CORE-2018-0011] - Cisco WebEx Meetings Elevation of Privilege Vulnerability

2018-11-27 Thread advisories
/advisories/cisco-webex-meetings-elevation-privilege-vulnerability Date published: 2018-11-27 Date of last update: 2018-11-27 Vendors contacted: Cisco Release mode: Coordinated release *2. *Vulnerability Information** Class: OS command injection [CWE-78] Impact: Code execution Remotely Exploitable: No

[CORE-2018-0005] - ASRock Drivers Elevation of Privilege Vulnerabilities

2018-10-29 Thread SecureAuth Advisories Team
SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ ASRock Drivers Elevation of Privilege Vulnerabilities 1. *Advisory Information* Title: ASRock Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0005 Advisory URL: https://www.secureauth.com/labs/advisories

X41 D-Sec GmbH Security Advisory X41-2018-007: Multiple Vulnerabilities in mgetty

2018-09-19 Thread X41 D-Sec GmbH Advisories
://mgetty.greenie.net Credit: X41 D-Sec GmbH, Eric Sesterhenn Status: Public Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty Summary and Impact - -- Multiple issues have been identified in the mgetty fax software. These might be used by local users to elevate their privileges

X41 D-Sec GmbH Security Advisory X41-2018-008: Multiple Vulnerabilities in HylaFAX

2018-09-19 Thread X41 D-Sec GmbH Advisories
: https://www.hylafax.org/, http://hylafax.sourceforge.net/ Credit: X41 D-SEC GmbH, Luis Merino, Eric Sesterhenn, Markus Vervier Status: Public Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-008-Hylafax/ Summary and Impact -- Severity Rating: Critical Vector: Incoming fax

FreeBSD Security Advisory FreeBSD-SA-18:12.elf

2018-09-12 Thread FreeBSD Security Advisories
general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background To execute a binary the kernel must parse the ELF header to determine the entry po

CSNC-2018-015 - ownCloud Impersonate - Authorization Bypass

2018-08-29 Thread Advisories
# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # # Product: ownCloud Impersonate # Vendor: ownCloud # CSNC ID: CSNC-2018-015

CSNC-2018-016 - ownCloud iOS Application - Cross-Site Scripting

2018-08-15 Thread Advisories
# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # # Product: ownCloud iOS Application (owncloud.iosapp) [1] # Vendor: ownCloud Gmbh

CSNC-2018-023 - Atmosphere Framework - Reflected Cross-Site Scripting (XSS)

2018-08-15 Thread Advisories
# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # # Product: Atmosphere [1] # Vendor:Async-IO.org # CSNC ID: CSNC-2018-023

FreeBSD Security Advisory FreeBSD-SA-18:11.hostapd

2018-08-14 Thread FreeBSD Security Advisories
, 10.4-RELEASE-p11) CVE Name: CVE-2018-14526 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The wpa_supplicant(8) utility i

FreeBSD Security Advisory FreeBSD-SA-18:10.ip

2018-08-14 Thread FreeBSD Security Advisories
differences in FreeBSD 10-stable a patch is not yet available for FreeBSD 10.4. This will follow at a later date. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections

FreeBSD Security Advisory FreeBSD-SA-18:09.l1tf

2018-08-14 Thread FreeBSD Security Advisories
11.1 and later. We expect to update this advisory to include 10.4 at a later time. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org

FreeBSD Security Advisory FreeBSD-SA-18:08.tcp

2018-08-14 Thread FreeBSD Security Advisories
) 2018-08-15 02:31:10 UTC (releng/10.4, 10.4-RELEASE-p11) CVE Name: CVE-2018-6922 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>.

X41 D-Sec GmbH Security Advisory X41-2018-004: Multiple Vulnerabilities in Yubico libykneomgr

2018-08-14 Thread X41 D-Sec GmbH Advisories
/ Depreciated Vendor URL: https://www.yubico.com/ Credit: X41 D-Sec GmbH, Eric Sesterhenn Status: Public Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/ Summary and Impact - -- An out of bounds write and read was discovered when malicious responses from a

X41 D-Sec GmbH Security Advisory X41-2018-005: Multiple Vulnerabilities in Apple smartcardservices

2018-08-14 Thread X41 D-Sec GmbH Advisories
Confirmed Patched Versions: 8eef01a5e218ae78cc358de32213b50a601662de Vendor: Apple Vendor URL: https://smartcardservices.github.io/ Credit: X41 D-Sec GmbH, Eric Sesterhenn Status: Public Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-005-smartcardservices/ Summary and Impact

X41 D-Sec GmbH Security Advisory X41-2018-003: Multiple Vulnerabilities in pam_pkcs11

2018-08-14 Thread X41 D-Sec GmbH Advisories
: https://github.com/OpenSC/pampkcs11 Credit: X41 D-Sec GmbH, Eric Sesterhenn Status: Public Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-003-pampkcs11/ Summary and Impact - -- It is possible to replay an authentication by using a specially prepared smartcard or token

X41 D-Sec GmbH Security Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC

2018-08-14 Thread X41 D-Sec GmbH Advisories
: https://github.com/OpenSC/OpenSC Credit: X41 D-Sec GmbH, Eric Sesterhenn Status: Public Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ Summary and Impact - -- Multiple issues have been identified in OpenSC, ranging from stack based buffer overflows to out

X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv

2018-08-14 Thread X41 D-Sec GmbH Advisories
://www.yubico.com/ Vendor Advisory URL: https://www.yubico.com/support/security-advisories Credit: X41 D-Sec GmbH, Eric Sesterhenn Status: Public Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/ Summary and Impact - -- A buffer overflow and an out of

FreeBSD Security Advisory FreeBSD-SA-18:08.tcp

2018-08-06 Thread FreeBSD Security Advisories
) 2018-08-06 17:50:40 UTC (releng/10.4, 10.4-RELEASE-p10) CVE Name: CVE-2018-6922 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>.

[CORE-2018-0009] - SoftNAS Cloud OS Command Injection

2018-07-26 Thread Core Security Advisories Team
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. *Advisory Information* Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: http://www.coresecurity.com/advisories/softnas-cloudnas-OS-command-injection Date

[CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities

2018-07-12 Thread Core Security Advisories Team
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 1. *Advisory Information* Title: QNAP Qcenter Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2018-0006 Advisory URL: http://www.coresecurity.com/advisories

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu

2018-06-21 Thread FreeBSD Security Advisories
Special Note: This advisory only addresses this issue for FreeBSD 11.x on i386 and amd64. We expect to update this advisory to include 10.x in the near future. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above

CSNC-2018-021 - Vert.x - HTTP Header Injection

2018-06-13 Thread Advisories
# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # # Product: Vert.x [1] # CSNC ID: CSNC-2018-021 # Subject: HTTP Header

[CORE-2018-0004] - Quest KACE System Management Appliance Multiple Vulnerabilities

2018-06-03 Thread Core Security Advisories Team
://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities Date published: 2018-05-31 Date of last update: 2018-05-22 Vendors contacted: Quest Software Inc. Release mode: Forced release 2. *Vulnerability Information* Class: Improper Neutralization of Special Elements used in an

[CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities

2018-06-03 Thread Core Security Advisories Team
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Quest DR Series Disk Backup Multiple Vulnerabilities 1. *Advisory Information* Title: Quest DR Series Disk Backup Multiple Vulnerabilities Advisory ID: CORE-2018-0002 Advisory URL: http://www.coresecurity.com/advisories/quest

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery

2018-05-15 Thread Advisories
# # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # Product: totemomail Encryption Gateway

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking

2018-05-15 Thread Advisories
# # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # Product: totemomail Encryption Gateway

FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg

2018-05-08 Thread FreeBSD Security Advisories
-8897 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background On x86 architecture systems, the stack is represented by the combination o

FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec

2018-04-03 Thread FreeBSD Security Advisories
FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The IPsec suite of protocols provide network level security for IPv4 and IPv6 packets. FreeBSD includes softw

FreeBSD Security Advisory FreeBSD-SA-18:04.vt

2018-04-03 Thread FreeBSD Security Advisories
information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background On FreeBSD 11 and later, and FreeBSD 10.x systems that boot via UEFI, the default system video console

CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries

2018-03-20 Thread Advisories
# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # # Product: Microsoft Intune [1] # Vendor: Microsoft # CSNC ID: CSNC-2017-026

FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution

2018-03-14 Thread FreeBSD Security Advisories
Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background Many modern processors have implementation issues that allow unprivileged attackers to bypass user-kernel or inter-process memory acc

FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec [REVISED]

2018-03-07 Thread FreeBSD Security Advisories
FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. 0. Revision History v1.0 2018-03-07 Initial release. v1.1 2018-03-08 Correct patch for 10.x releases. I. Background The IP

FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec

2018-03-07 Thread FreeBSD Security Advisories
FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The IPsec suite of protocols provide network level security for IPv4 and IPv6 packets. FreeBSD includes softw

[CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities

2018-02-21 Thread Core Security Advisories Team
/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities Date published: 2018-02-21 Date of last update: 2018-02-21 Vendors contacted: Trend Micro Release mode: Coordinated release 2. *Vulnerability Information* Class: Cleartext Transmission of Sensitive Information [CWE-319

CSNC-2017-027 Microsoft Intune - App PIN Bypass

2018-02-13 Thread Advisories
# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # # Product: Microsoft Intune [1] # Vendor: Microsoft # CSNC ID: CSNC-2017-027

[CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities

2018-02-05 Thread Core Security Advisories Team
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Kaspersky Secure Mail Gateway Multiple Vulnerabilities 1. *Advisory Information* Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0010 Advisory URL: http://www.coresecurity.com/advisories

CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting

2018-01-11 Thread Advisories
rved CVE-2017-8802 for the issue 2017-12-12: Vendor released security fix & guidance to its customers 2018-01-10: Public disclosure References: --- [1] https://www.zimbra.com/ [2] https://www.synacor.com/ [3] https://www.compass-security.com/research/advisories/ [4] https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

FreeBSD Security Advisory FreeBSD-SA-17:12.openssl

2017-12-11 Thread FreeBSD Security Advisories
Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commerc

CSNC-2017-029 MyTy Blind SQL Injection

2017-11-21 Thread Advisories
# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # # Product: MyTy # Vendor: Finlane GmbH # CSNC ID: CSNC-2017-029 # CVE ID

CSNC-2017-030 MyTy Reflected Cross-Site Scripting (XSS)

2017-11-21 Thread Advisories
# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # # Product: MyTy # Vendor: Finlane GmbH # CSNC ID: CSNC-2017-030 # CVE ID

FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat [REVISED]

2017-11-21 Thread FreeBSD Security Advisories
(releng/10.3, 10.3-RELEASE-p24) CVE Name: CVE-2017-1088 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. 0. Revision history v1.0 2017

FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat

2017-11-16 Thread FreeBSD Security Advisories
) CVE Name: CVE-2017-1088 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The kldstat(2) syscall provides information ab

FreeBSD Security Advisory FreeBSD-SA-17:09.shm

2017-11-16 Thread FreeBSD Security Advisories
, 10.4-RELEASE-p3) 2017-11-15 22:45:13 UTC (releng/10.3, 10.3-RELEASE-p24) CVE Name: CVE-2017-1087 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https

FreeBSD Security Advisory FreeBSD-SA-17:08.ptrace

2017-11-16 Thread FreeBSD Security Advisories
-RELEASE-p24) CVE Name: CVE-2017-1086 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The ptrace(2) syscall provides

Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server

2017-11-13 Thread X41 D-Sec GmbH Advisories
Vendor URL: http://www.psftp.de/ftp-server/ Vector: Network Credit: X41 D-Sec GmbH, Eric Sesterhenn, Markus Vervier Status: Public Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/ Summary and Impact -- Several issues have been identified, which allow

CVE-2017-9096 iText XML External Entity Vulnerability

2017-11-06 Thread Advisories
## # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/en/research/advisories/ # ## # # Product: iText PDF Library # Vendor: iText Group # CVE ID: CVE-2017

Bomgar Remote Support - Local Privilege Escalation (CVE-2017-5996)

2017-10-26 Thread VSR Advisories
: CVE-2017-5996     Reference: https://www.vsecurity.com/download/advisories/20171026-1.txt =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Product Description ~-~ From Bomgar's website [1]: "The fastest, most secure way for experts to

FreeBSD Security Advisory FreeBSD-SA-17:07.wpa [REVISED]

2017-10-18 Thread FreeBSD Security Advisories
) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above

Advisory X41-2017-010: Command Execution in Shadowsocks-libev

2017-10-15 Thread X41 D-Sec GmbH Advisories
/shadowsocks-libev Vector: Local Credit: X41 D-Sec GmbH, Niklas Abel Status: Public CVE: not yet assigned Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/ Summary and Impact -- Shadowsocks-libev offers local command execution per configuration

Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks

2017-10-15 Thread X41 D-Sec GmbH Advisories
/shadowsocks/shadowsocks/tree/master Vector: Network Credit: X41 D-Sec GmbH, Niklas Abel Status: Public Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2017-008-shadowsocks/ Summary and Impact -- Several issues have been identified, which allow attackers to manipulate log files

X41-2017-005 - Multiple Vulnerabilities in peplink balance routers

2017-06-05 Thread X41 D-Sec GmbH Advisories
(Abovo IT) Status: Public Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/ Summary and Impact -- Several issues have been identified, which allow attackers to access the administrative web interface with admin credentials, delete files, perform CSRF and XSS

PingID (MFA) - Reflected Cross-Site Scripting

2017-05-17 Thread Advisories
# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # # # # Product: PingID (MFA) [1] # Vendor: Ping Identity Corporation # CSNC ID: CSNC

[CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability

2017-05-10 Thread Core Security Advisories Team
1. *Advisory Information* Title: SAP SAPCAR Heap Based Buffer Overflow Vulnerability Advisory ID: CORE-2017-0001 Advisory URL: http://www.coresecurity.com/advisories/sap-sapcar- heap-based-buffer-overflow-vulnerability Date published: 2017-05-10 Date of last update: 2017-05-10 Vendors contacted

  1   2   3   4   5   6   7   8   9   10   >