Hi all,
Our systemd-journald exploit for CVE-2018-16865 and CVE-2018-16866 is
now available at:
https://www.qualys.com/2019/05/09/system-down/system-down.tar.gz
It is also attached to this email. A few notes about this exploit:
- It supports several targets by default (vulnerable versions of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-5-13-5 Safari 12.1.1
Safari 12.1.1 is now available and addresses the following:
WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
included in macOS Mojave 10.14.5
Impact: Processing maliciously crafted web
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-5-13-6 Apple TV Software 7.3
Apple TV Software 7.3 is now available and addresses the following:
Bluetooth
Available for: Apple TV (3rd generation)
Impact: A remote attacker may cause an unexpected application
termination or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-5-13-4 watchOS 5.2.1
watchOS 5.2.1 is now available and addresses the following:
AppleFileConduit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-5-13-3 tvOS 12.3
tvOS 12.3 is now available and addresses the following:
AppleFileConduit
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update
2019-003 High Sierra, Security Update 2019-003 Sierra
macOS Mojave 10.14.5, Security Update 2019-003 High Sierra,
Security Update 2019-003 Sierra are now available and
addresses the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-5-13-1 iOS 12.3
iOS 12.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary
===
Title: [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web
Tailor and Banner Enterprise Identity Services
Author: Joshua Mulliken <
jos...@mulliken.net
>
Thanks to: Carnegie Mellon University CERT Coordination Center
Date Found: Dec. 17, 2018
Vendor:
POC:
tl;dr
run just Firefox browser / TOR and just nothing
and tcpdump the computing device / network
firewall BLOCK all IP/A names, gradually... that shows up in tcpdump
when you do not using firefox but it connects automatically (if you
block something firefox hops to something else, 3-5+
SEC Consult Vulnerability Lab Security Advisory < 20190513-0 >
===
title: Cleartext message spoofing
product: Supplementary Go Cryptography Libraries
vulnerable version:
10 matches
Mail list logo