-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4442-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 12, 2019
SEC Consult Vulnerability Lab Security Advisory < 20190510-0 >
===
title: Unauthenticated SQL Injection vulnerability
product: OpenProject
vulnerable version: 5.0.0 - 8.3.1
fixed version: 8.3.2 &
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4441-1 secur...@debian.org
https://www.debian.org/security/ Sebastien Delafond
May 10, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4440-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4439-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2019
Hello,
I identified several vulnerabilities in dotCMS v5.1.1 due to vulnerable
open source dependencies.
Full security write up:
http://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/
The details:
/ROOT/html/js/scriptaculous/prototype.js
↳ prototypejs 1.5.0
prototypejs
SEC Consult Vulnerability Lab Security Advisory < 20190509-0 >
===
title: Multiple Vulnerabilities
product: Gemalto (Thales Group) DS3 Authentication Server / Ezio
Server
vulnerable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4438-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 07, 2019
https://arstechnica.com/information-technology/2019/05/spot-the-not-fed-a-day-at-avengercon-the-armys-answer-to-hacker-conferences/
By Sean Gallagher
Ars Technica
5/2/2019
FORT MEADE, Maryland -- Late last year, I was invited to a relatively new
hacker event in Maryland. Chris Eagle, a
https://www.whitehouse.gov/presidential-actions/executive-order-americas-cybersecurity-workforce/
Issued on: May 2, 2019
By the authority vested in me as President by the Constitution and the laws of
the United States of America, and to better ensure continued American economic
prosperity and
https://www.theregister.co.uk/2019/05/02/cisco_vulnerabilities/
By Iain Thomson in San Francisco
The Register
2 May 2019
Right on cue, Cisco on Wednesday patched a security vulnerability in some of
its network switches that can be exploited by miscreants to commandeer the IT
equipment and spy
https://www.csoonline.com/article/3391589/why-local-governments-are-a-hot-target-for-cyberattacks.html
By Cynthia Brumfield
CSO
May 01, 2019
Over the course of the past few weeks, a seemingly stepped-up wave of malware
and ransomware infections has struck a number of municipalities across the
https://techcrunch.com/2019/05/02/orpak-gas-station-password/
By Zack Whittaker
TechCrunch
May 2, 2019
Homeland Security’s cybersecurity agency says a popular gas station software
contains several security vulnerabilities that require “low skill” to exploit.
The advisory, posted by the
https://techcrunch.com/2019/04/30/twitch-account-hacks/
By Zack Whittaker
TechCrunch
April 30, 2019
Twitch has an account hacking problem.
After the breach of popular browser game Town of Salem in January, some 7.8
million stolen passwords quickly became the weakest link not only for the game
https://www.securityweek.com/dhs-orders-agencies-patch-critical-flaws-within-15-days
By Eduard Kovacs
SecurityWeek
May 01, 2019
The U.S. Department of Homeland Security (DHS) this week issued a new Binding
Operational Directive (BOD) instructing federal agencies and departments to act
more
Forwarded from: William Knowles
Its come to my attention someone either subscribed or forwarded a day of
InfoSec News to Bugtraq as I've been fielding a number of nastygrams and
Tweets.
I am not personally subscribed to Bugtraq but would appreciate if you do plan
on emailing me to include
https://nypost.com/2019/05/01/wall-street-spending-big-to-protect-against-hacking-report/
By Kevin Dugan
New York Post
May 1, 2019
Wall Street’s biggest companies are pumping more cash into cybersecurity, as
the industry’s brass openly frets that hackers are the next major threat to the
https://motherboard.vice.com/en_us/article/d3np4y/hackers-steal-ransom-citycomp-airbus-volkswagen-oracle-valuable-companies
By Joseph Cox
Motherboard.vice.com
April 30, 2019
Hackers have broken into an internet infrastructure firm that provides services
to dozens of the world's largest and most
https://foreignpolicy.com/2019/05/01/going-toe-to-toe-with-ukraines-separatist-hackers-cyber-russia/
By Elias Groll
Foreign Policy
May 1, 2019
The hacker realized that he was being watched.
The spy software he was attempting to run against the Ukrainian government had
infected the wrong
https://www.cyberscoop.com/mitre-asks-vendors-detect-stealthy-hacks/
By Sean Lyngaas
CYBERSCOOP
MAY 1, 2019
As hackers continue to use native programming tools to blend into target
networks, Mitre Corp. is beginning to test vendors’ ability to detect those
techniques.
The federally-funded,
https://www.darkreading.com/attacks-breaches/attackers-used-red-team-pen-testing-tools-to-hack-wipro/d/d-id/1334586
By Robert Lemos
Dark Reading
5/1/2019
The breach of outsourcing firm Wipro is a cybercriminal operation using tools
common to red teams and penetration testers and has likely been
Greetings *,
We are happy to say that we are live with our public bug bounty located
at http://bugbounty.firosolutions.com,
We welcome everyone to participate and hack the bug bounty.
Ciao!
Firo Solutions Staff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2019-005
Product: ABUS Secvest (FUAA5)
Manufacturer: ABUS
Affected Version(s): v3.01.01
Tested Version(s): v3.01.01
Vulnerability Type: Cryptographic Issues (CWE-310)
Risk Level: Medium
Solution Status: Open
Manufacturer
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WINDOWS-POWERSHELL-ISE-FILENAME-PARSING-FLAW-RCE-0DAY.txt
[+] ISR: ApparitionSec
[+] Zero Day Initiative Program
[Vendor]
www.microsoft.com
CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server
Severity: Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Archiva 2.0.0 - 2.2.3
The unsupported versions 1.x are also affected.
It is possible to write files to the archiva server at
CVE-2019-0213: Apache Archiva Stored XSS
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Archiva 2.0.0 - 2.2.3
The unsupported versions 1.x are also affected.
It may be possible to store malicious XSS code into central configuration
entries, i.e. the
https://www.computerworld.com/article/3216425/microsoft-patch-alert-april-patches-have-sharp-edges-with-several-missing-others-reappearing.html
By Woody Leonhard
Columnist
Computerworld
April 29, 2019
You have to wonder who’s testing this stuff.
Admins, in particular, have had a tough month.
https://www.centralmaine.com/2019/04/28/augusta-cyber-attacker-sought-more-than-100k-in-ransom/
By Keith Edwards
Kennebec Journal
April 28, 2019
AUGUSTA -- The apparent, and still unknown, source of a cyberattack that shut
down the city's computer network and forced the closure of Augusta City
https://www.cyberscoop.com/vault-7-joshua-schulte-wikileaks-civil-rights-violation-50-billion/
By Jeff Stone
CYBERSCOOP
April 29, 2019
A former CIA computer engineer compared himself to a victim of the Nazis and
said the government has caused him to lose more than $50 billion in income in a
https://www.nytimes.com/2019/04/26/us/florida-russia-hacking-election.html
By Frances Robles
The New York Times
April 26, 2019
It was the day before the 2016 presidential election, and at the Volusia County
elections office, near Florida’s Space Coast, workers were so busy that they
had
http://fortune.com/2019/04/29/security-gap-personal-information-breach/
By Chris Morris
Fortune.com
April 29, 2019
A pair of security experts has discovered an online, unprotected database that
hosts personal data for 80 million American households. And, perhaps even more
concerning, they’re
https://www.cbronline.com/news/docker-hacked
By Ed Targett
Editor
Computer Business Review
April 29, 2019
Docker, the company behind an open platform for building and running distributed
applications, said on Friday that hackers had breached one of its databases,
potentially giving them access
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4437-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 29, 2019
Revive Adserver Security Advisory REVIVE-SA-2019-001
https://www.revive-adserver.com/security/revive-sa-2019-001
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4435-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] bind (SSA:2019-116-01)
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4436-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2019
UNCLASSIFIED
## ADVISORY INFORMATION
TITLE: Multiple vulnerabilities in Sony Smart TVs
ADVISORY URL:
https://www.darkmatter.ae/blogs/security-flaws-uncovered-in-sony-smart-tvs/
DATE PUBLISHED: 23/04/2019
AFFECTED VENDORS: Sony
RELEASE MODE: Coordinated release
CVE: CVE-2019-10886,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
This email refers to the advisory found at
https://confluence.atlassian.com/x/d5e8OQ .
CVE ID:
* CVE-2019-3398.
Product: Confluence Server and Confluence Data Center.
Affected Confluence Server and Confluence Data Center versions:
6.6.0 <=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4434-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 20, 2019
# Exploit Title: Contact Form Builder [CSRF → LFI]
# Date: 2019-03-17
# Exploit Author: Panagiotis Vagenas
# Vendor Homepage: http://web-dorado.com/
# Software Link: https://wordpress.org/plugins/contact-form-builder
# Version: 1.0.67
# Tested on: WordPress 5.1.1
Description
---
Plugin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] libpng (SSA:2019-107-01)
New libpng packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4433-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 16, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4432-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 16, 2019
For the anniversary of the discovery of CVE-2018-2879 by Sec Consult
(https://sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/)
we have decided to release OAMbuster, a multi-thread implementation of
CVE-2018-2879.
Link of the exploit:
Hello All,
On Mar 20, 2019 Security Explorations reported a security vulnerability
(Issue 19) to Gemalto [1], that made it possible to achieve read, write
and native code execution access on company's card (GemXplore 3G v3.0).
On Mar 30, 2019, Gemalto provided is with the results of its
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4431-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 13, 2019
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
[+] ISR: ApparitionSec
[Vendor]
www.microsoft.com
[Product]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4430-1 secur...@debian.org
https://www.debian.org/security/Yves-Alexis Perez
April 10, 2019
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
[+] ISR: ApparitionSec
[Vendor]
www.microsoft.com
[Product]
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002
Date reported : April 10, 2019
Advisory ID : WSA-2019-0002
WebKitGTK Advisory URL :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4429-1 secur...@debian.org
https://www.debian.org/security/ Sebastien Delafond
April 10, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4428-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 08, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4427-1 secur...@debian.org
https://www.debian.org/security/ Sebastien Delafond
April 08, 2019
Hi Rodrigo:
Thank you so much for this CFP. Kindly see attached from my end.
In my talk on the incoming "2019 Industrial Control Systems (ICS) Cyber
Security Conference | Singapore"
(https://www.icscybersecurityconference.com/singapore/), I will be covering
Zero-day & fileless malware hunting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] httpd (SSA:2019-096-01)
New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4426-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 07, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] wget (SSA:2019-095-02)
New wget packages are available for Slackware 14.2 and -current to fix a
security issue.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] openjpeg (SSA:2019-095-01)
New openjpeg packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4425-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 05, 2019
# Exploit Title: Contact Form by WD [CSRF → LFI]
# Date: 2019-03-17
# Exploit Author: Panagiotis Vagenas
# Vendor Homepage: http://web-dorado.com/
# Software Link: https://wordpress.org/plugins/contact-form-maker
# Version: 1.13.1
# Tested on: WordPress 5.1.1
Description
---
Plugin
# Title: Form Maker by WD [CSRF → LFI]
# Date: 2019-03-17
# Exploit Author: Panagiotis Vagenas
# Vendor Homepage: http://web-dorado.com/
# Software Link: https://wordpress.org/plugins/form-maker
# Version: 1.13.2
# Tested on: WordPress 5.1
Description
---
Plugin implements the following
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4424-1 secur...@debian.org
https://www.debian.org/security/ Sebastien Delafond
April 04, 2019
===
title: Multiple Vulnerabilities
product: Lupusec XT2 Plus Main Panel
version: Firmware 0.0.2.19E
homepage: https://www.lupus-electronics.de/
found: 01/2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4423-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 03, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4422-1 secur...@debian.org
https://www.debian.org/security/ Stefan Fritsch
April 03, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] ghostscript (SSA:2019-092-01)
New ghostscript packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] wget (SSA:2019-092-02)
New wget packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
Description
===
NICE Engage is an interaction recording platform. The default configuration in
versions <= 6.5 (and possible higher) binds an unauthenticated JMX/RMI
interface to all network interfaces, without restricting registration of
MBeans, which allows remote attackers to execute
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4421-1 secur...@debian.org
https://www.debian.org/security/ Michael Gilbert
March 31, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4420-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 30, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4419-1 secur...@debian.org
https://www.debian.org/security/ Sebastien Delafond
March 29, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4418-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 28, 2019
SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/
Pydio 8 Multiple Vulnerabilities
1. *Advisory Information*
Title: Pydio 8 Multiple Vulnerabilities
Advisory ID: SAUTH-2019-0002
Advisory URL:
https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities
Date
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] gnutls (SSA:2019-086-01)
New gnutls packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-27-1 watchOS 5.2
watchOS 5.2 is now available and addresses the following:
CFString
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A
Advisory: Cisco RV320 Unauthenticated Configuration Export
RedTeam Pentesting discovered that the configuration of a Cisco RV320
router can still be exported without authentication via the device's web
interface due to an inadequate fix by the vendor.
Details
===
Product: Cisco RV320 Dual
Advisory: Cisco RV320 Command Injection
RedTeam Pentesting discovered a command injection vulnerability in the
web-based certificate generator feature of the Cisco RV320 router which
was inadequately patched by the vendor.
Details
===
Product: Cisco RV320 Dual Gigabit WAN VPN Router,
Advisory: Cisco RV320 Unauthenticated Diagnostic Data Retrieval
RedTeam Pentesting discovered that the Cisco RV320 router still exposes
sensitive diagnostic data without authentication via the device's web
interface due to an inadequate fix by the vendor.
Details
===
Product: Cisco RV320
Advisory: Code Execution via Insecure Shell Function getopt_simple
RedTeam Pentesting discovered that the shell function "getopt_simple",
as presented in the "Advanced Bash-Scripting Guide", allows execution of
attacker-controlled commands.
Details
===
Product: Advanced Bash-Scripting
Recon Montreal - Call For Papers - June 28 - 30 - 2019
Welcome to TeleMate!
ATDT1514XXX
CONNECT 300
..
DATAPAC :
DATAPAC: Call connected to
This is a private system. Access attempts are logged. Unauthorized
access may result in prosecution.
Bienvenue!
+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] mozilla-thunderbird (SSA:2019-084-01)
New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-1 iOS 12.2
iOS 12.2 is now available and addresses the following:
CFString
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-6 iCloud for Windows 7.11
iCloud for Windows 7.11 is now available and addresses the following:
CoreCrypto
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A
Product: article2pdf (Wordpress plug-in)
Product Website: https://wordpress.org/plugins/article2pdf/
Affected Versions: 0.24 and greater
The following vulnerabilities were found in a code review of the
plug-in. An attempt to contact the
plug-in maintainer on 8 December 2018 was unsuccessful.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-3 tvOS 12.2
tvOS 12.2 is now available and addresses the following:
CFString
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows
iTunes 12.9.4 for Windows is now available and addresses the
following:
CoreCrypto
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-4 Safari 12.1
Safari 12.1 is now available and addresses the following:
Safari Reader
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Enabling the Safari Reader feature on a maliciously
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-7 Xcode 10.2
Xcode 10.2 is now available and addresses the following:
Kernel
Available for: macOS 10.13.6 or later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update
2019-002 High Sierra, Security Update 2019-002 Sierra
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra are now available and
addresses the
Hi!
CVE-2019-9974: diag_tool.cgi on DASAN H660RM devices with firmware
1.03-0022 allows spawning ping processes without any authorization
leading to information disclosure and DoS attacks
Remote attacker could enumerate hosts on LAN interface sending
requests to /cgi-bin/diag_tool.cgi with ip
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
This email refers to the advisory found at
https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+-+2019-03-20
.
CVE ID:
* CVE-2019-3395.
* CVE-2019-3396.
Product: Confluence Server and Confluence Data Center.
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2018-036
Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015)
Manufacturer: ABUS
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Denial of Service - Uncontrolled Resource Consumption
(CWE-400)
Risk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2018-035
Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015)
Manufacturer: ABUS
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Missing Encryption of Sensitive Data (CWE-311)
Risk Level: High
Solution
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2018-034
Product: ABUS Secvest (FUAA5)
Manufacturer: ABUS
Affected Version(s): v3.01.01
Tested Version(s): v3.01.01
Vulnerability Type: Rolling Code - Predictable from Observable State (CWE-341)
Risk Level: High
Solution
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4417-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 24, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4416-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 24, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4415-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 24, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-4414-1 secur...@debian.org
https://www.debian.org/security/ Thijs Kinkhorst
March 23, 2019
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] mozilla-firefox (SSA:2019-081-01)
New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
501 - 600 of 45408 matches
Mail list logo