Re: [FD] System Down: A systemd-journald exploit

2019-05-13 Thread Qualys Security Advisory
Hi all, Our systemd-journald exploit for CVE-2018-16865 and CVE-2018-16866 is now available at: https://www.qualys.com/2019/05/09/system-down/system-down.tar.gz It is also attached to this email. A few notes about this exploit: - It supports several targets by default (vulnerable versions of

[FD] APPLE-SA-2019-5-13-5 Safari 12.1.1

2019-05-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-13-5 Safari 12.1.1 Safari 12.1.1 is now available and addresses the following: WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and included in macOS Mojave 10.14.5 Impact: Processing maliciously crafted web

[FD] APPLE-SA-2019-5-13-6 Apple TV Software 7.3

2019-05-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-13-6 Apple TV Software 7.3 Apple TV Software 7.3 is now available and addresses the following: Bluetooth Available for: Apple TV (3rd generation) Impact: A remote attacker may cause an unexpected application termination or

[FD] APPLE-SA-2019-5-13-4 watchOS 5.2.1

2019-05-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-13-4 watchOS 5.2.1 watchOS 5.2.1 is now available and addresses the following: AppleFileConduit Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges

[FD] APPLE-SA-2019-5-13-3 tvOS 12.3

2019-05-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-13-3 tvOS 12.3 tvOS 12.3 is now available and addresses the following: AppleFileConduit Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with system privileges Description: A

[FD] APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra

2019-05-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra are now available and addresses the

[FD] APPLE-SA-2019-5-13-1 iOS 12.3

2019-05-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-13-1 iOS 12.3 iOS 12.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary

[FD] [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services

2019-05-13 Thread Joshua Mulliken
=== Title: [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services Author: Joshua Mulliken < jos...@mulliken.net > Thanks to: Carnegie Mellon University CERT Coordination Center Date Found: Dec. 17, 2018 Vendor:

[FD] TOR browser / Firefox telemetry data

2019-05-13 Thread Bipin Gautam
POC: tl;dr run just Firefox browser / TOR and just nothing and tcpdump the computing device / network firewall BLOCK all IP/A names, gradually... that shows up in tcpdump when you do not using firefox but it connects automatically (if you block something firefox hops to something else, 3-5+

[FD] SEC Consult SA-20190513-0 :: Cleartext message spoofing in supplementary Go Cryptography Libraries (@sec_consult)

2019-05-13 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20190513-0 > === title: Cleartext message spoofing product: Supplementary Go Cryptography Libraries vulnerable version: