Security Alerts

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 5 days 23 hours ago

APPLE-SA-2019-5-28-2 iCloud for Windows 7.12

Wed, 05/29/2019 - 00:38

Posted by Apple Product Security on May 28

APPLE-SA-2019-5-28-2 iCloud for Windows 7.12

iCloud for Windows 7.12 is now available and addresses the following:

SQLite
Available for: Windows 7 and later
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved
memory handling.
CVE-2019-8577: Omer Gull of Checkpoint Research

SQLite
Available for: Windows 7 and later
Impact: A maliciously crafted SQL query may lead to...
Categories: Security

Crowd Security Advisory - 2019-05-22

Mon, 05/27/2019 - 04:23

Posted by Atlassian on May 27

This email refers to the advisory found at
https://confluence.atlassian.com/x/3ADVOQ .

CVE ID:

* CVE-2019-11580.

Product: Crowd and Crowd Data Center.

Affected Crowd and Crowd Data Center product versions:

2.1.0 <= version < 3.0.5
3.1.0 <= version < 3.1.6
3.2.0 <= version < 3.2.8
3.3.0 <= version < 3.3.5
3.4.0 <= version < 3.4.4

Fixed Crowd and Crowd Data Center product versions:

* Crowd and Crowd Data Center...
Categories: Security

[SECURITY] [DSA 4452-1] jackson-databind security update

Mon, 05/27/2019 - 04:19

Posted by Moritz Muehlenhoff on May 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-4452-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jackson-databind
CVE ID : CVE-2018-11307...
Categories: Security

[SECURITY] [DSA 4451-1] thunderbird security update

Mon, 05/27/2019 - 04:17

Posted by Moritz Muehlenhoff on May 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-4451-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2018-18511 CVE-2019-5798...
Categories: Security

CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication

Mon, 05/27/2019 - 04:16

Posted by Kevin Kotas on May 27

CA20190523-01: Security Notice for CA Risk Authentication and CA
Strong Authentication

Issued: May 23, 2019
Last Updated: May 23, 2019

The Support team for CA Technologies, A Broadcom Company, is alerting
customers to multiple potential risks with CA Risk Authentication and
CA Strong Authentication. Multiple vulnerabilities exist that can
allow a remote attacker to gain additional access in certain
configurations or possibly gain sensitive...
Categories: Security

MacOS X GateKeeper Bypass

Mon, 05/27/2019 - 04:12

Posted by Filippo Cavallarin on May 27

MacOS X GateKeeper Bypass

OVERVIEW

On MacOS X version <= 10.14.5 (at time of writing) is it possible to easily bypass Gatekeeper in order to
execute untrusted code without any warning or user's explicit permission.

Gatekeeper is a mechanism developed by Apple and included in MacOS X since 2012 that enforces code
signing and verifies downloaded applications before allowing them to run.
For example, if a user donwloads an application...
Categories: Security