Introduction
ZX Security identified several vulnerabilities the Squiz Matrix CMS that
can be chained together to gain pre-authenticated remote code execution in
some circumstances.
Affected Versions
=
The issues in this advisory affect the following versions of Squiz
Issue: CSV injection vulnerability
CVE:CVE-2019-13181
Security researcher:Richard Tan @ The Missing Link Security
Product name: Serv-U FTP Server
Product version:Tested on 15.1.7
Fixed in: Serv-U 15.1.7 Hotfix 2
#
Issue: Stored Cross-Site Scripting
CVE:CVE-2019-13182
Security researcher:Richard Tan @ The Missing Link Security
Product name: Serv-U FTP Server
Product version:Tested on 15.1.7
Fixed in: Serv-U 15.1.7 Hotfix 2
#
Qualys Security Advisory
Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726)
==
Contents
==
Summary
Analysis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-12-10-8 watchOS 6.1.1
watchOS 6.1.1 is now available and addresses the following:
CallKit
Available for: Apple Watch Series 1 and later
Impact: Calls made using Siri may be initiated using the wrong
cellular plan on devices with two
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-12-10-7 Xcode 11.3
Xcode 11.3 is now available and addresses the following:
ld64
Available for: macOS Mojave 10.14.4 and later
Impact: Compiling with untrusted sources may lead to arbitrary code
execution with user privileges
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-12-10-6 Safari 13.0.4
Safari 13.0.4 is now available and addresses the following:
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-12-10-5 tvOS 13.3
tvOS 13.3 is now available and addresses the following:
CFNetwork Proxies
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to gain elevated privileges
Description: This issue was
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update
2019-002 Mojave, Security Update 2019-007 High Sierra
macOS Catalina 10.15.2, Security Update 2019-002 Mojave,
Security Update 2019-007 High Sierra is now available and
addresses the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-12-10-4 watchOS 5.3.4
watchOS 5.3.4 is now available and addresses the following:
FaceTime
Available for: Apple Watch Series 1, Apple Watch Series 2, Apple
Watch Series 3, and Apple Watch Series 4 when paired to a device with
iOS 12
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-12-10-2 iOS 12.4.4
iOS 12.4.4 is now available and addresses the following:
FaceTime
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch 6th generation
Impact: Processing malicious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3
iOS 13.3 and iPadOS 13.3 is now available and addresses the
following:
CallKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
CA20191210-01: Security Notice for CA Automic Sysload
Issued: December 10th, 2019
Last Updated: December 10th, 2019
CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Automic Sysload in the File Server
Both parts of our exploitation write-ups are now available at our labs website.
Part1:
https://labs.nettitude.com/blog/cve-2019-12750-symantec-endpoint-protection-local-privilege-escalation-part-1/
Part2:
14 matches
Mail list logo