Security Alerts

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 22 hours 29 min ago

[SYSS-2019-017] EBK BKS Buskoppler - Unauthenticated Remote Code Execution

Wed, 07/03/2019 - 08:09

Posted by sebastian . auwaerter on Jul 03

Advisory ID: SYSS-2019-017
Product: BKS EBK Ethernet-Buskoppler Pro
Manufacturer: BKS GmbH
Affected Version(s): < 3.01
Vulnerability Type: Unrestricted Upload of File with Dangerous Type (CWE-434)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: April 23, 2019
Solution Date: June 14, 2019
Public Disclosure: July 03, 2019
CVE Reference: CVE-2019-12971
Author of Advisory: Sebastian Auwaerter, SySS GmbH...
Categories: Security

FreeBSD Security Advisory FreeBSD-SA-19:11.cd_ioctl

Wed, 07/03/2019 - 08:05

Posted by FreeBSD Security Advisories on Jul 03

=============================================================================
FreeBSD-SA-19:11.cd_ioctl Security Advisory
The FreeBSD Project

Topic: Privilege escalation in cd(4) driver

Category: core
Module: kernel
Announced: 2019-07-02
Credits: Alex Fortune
Affects: All supported versions of FreeBSD.
Corrected:...
Categories: Security

FreeBSD Security Advisory FreeBSD-SA-19:09.iconv

Wed, 07/03/2019 - 08:01

Posted by FreeBSD Security Advisories on Jul 03

=============================================================================
FreeBSD-SA-19:09.iconv Security Advisory
The FreeBSD Project

Topic: iconv buffer overflow

Category: core
Module: libc
Announced: 2019-07-02
Credits: Andrea Venturoli <security () netfence it>, NetFence
Affects: All supported...
Categories: Security

[SECURITY] [DSA 4475-1] openssl security update

Mon, 07/01/2019 - 22:36

Posted by Moritz Muehlenhoff on Jul 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-4475-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2019-1543

Joran Dirk Greef...
Categories: Security

[SECURITY] [DSA 4474-1] firefox-esr security update

Mon, 07/01/2019 - 22:33

Posted by Moritz Muehlenhoff on Jul 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-4474-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-11708

A sandbox...
Categories: Security

[RT-SA-2019-012] Information Disclosure in REDDOXX Appliance

Mon, 07/01/2019 - 22:29

Posted by RedTeam Pentesting GmbH on Jul 01

Advisory: Information Disclosure in REDDOXX Appliance

RedTeam Pentesting discovered an Information Disclosure vulnerability in
the REDDOXX appliance software, which allows unauthenticated attackers
to gain information about the internal network the appliance is part of.

Details
=======

Product: REDDOXX Appliance
Affected Versions: 2032-SP2 up to hotfix 51
Fixed Versions: 2032-SP2 hotfix 53
Vulnerability Type: Information Disclosure
Security...
Categories: Security

[SYSS-2019-016] SquirrelMail script filter bypass/XSS

Mon, 07/01/2019 - 07:20

Posted by Moritz Bechler on Jul 01

Advisory ID: SYSS-2019-016
Product: SquirrelMail
Manufacturer: The SquirrelMail Project
Affected Version(s): 1.4.22, SVN
Tested Version(s): SVN
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-04-17
Solution Date: N/A
Public Disclosure: 2019-07-01
CVE Reference: CVE-2019-12970
Author of Advisory: Moritz Bechler, SySS GmbH...
Categories: Security

[slackware-security] irssi (SSA:2019-180-01)

Sun, 06/30/2019 - 23:56

Posted by Slackware Security Team on Jun 30

[slackware-security] irssi (SSA:2019-180-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/irssi-1.1.3-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue: Use after free when sending SASL login
to the server found by ilbelkyr. May affect the stability of Irssi. SASL...
Categories: Security

[SECURITY] [DSA 4473-1] rdesktop security update

Sun, 06/30/2019 - 23:46

Posted by Salvatore Bonaccorso on Jun 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4473-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : rdesktop
Debian Bug : 930387

Multiple security issues...
Categories: Security

[SECURITY] [DSA 4472-1] expat security update

Fri, 06/28/2019 - 08:45

Posted by Salvatore Bonaccorso on Jun 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-4472-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : expat
CVE ID : CVE-2018-20843
Debian Bug :...
Categories: Security

[SYSS-2019-006] Adobe Coldfusion (Windows) - Remote Code Execution through JNBridge listener

Wed, 06/26/2019 - 07:05

Posted by Moritz Bechler on Jun 26

Advisory ID: SYSS-2019-006
Product: Coldfusion/JNBridge
Manufacturer: Adobe/JNBridge LLC
Affected Version(s): Coldfusion 2016,2018, JNBridge all versions
Tested Version(s): 2018
Vulnerability Type: Remote Code Execution
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-03-27
Solution Date: 2019-06-11
Public Disclosure: 2019-06-24
CVE Reference: CVE-2019-7839
Author of Advisory: Moritz Bechler, SySS GmbH...
Categories: Security

[SECURITY] [DSA 4471-1] thunderbird security update

Tue, 06/25/2019 - 09:47

Posted by Moritz Muehlenhoff on Jun 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-4471-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-11707 CVE-2019-11708...
Categories: Security