Bugtraq

• Date Index

• On Second Thought..., alias
• BugTraq Shutdown, alias
  • <Possible follow-ups>
  • Re: BugTraq Shutdown, tommypickle
• Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components, Stefan Kanthak
• Local information disclosure in OpenSMTPD (CVE-2020-8793), Qualys Security Advisory
• LPE and RCE in OpenSMTPD's default install (CVE-2020-8794), Qualys Security Advisory
• [SECURITY] [DSA 4633-1] curl security update, Alessandro Ghedini
• Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888), Jamie R
• [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass, Thierry Zoller
• [TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP), Thierry Zoller
• [slackware-security] proftpd (SSA:2020-051-01), Slackware Security Team
• [SECURITY] [DSA 4628-1] php7.0 security update, Moritz Muehlenhoff
  • <Possible follow-ups>
  • Re: [SECURITY] [DSA 4628-1] php7.0 security update, Timesportsall
• [SECURITY] [DSA 4629-1] python-django security update, Sebastien Delafond
• [TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP), Thierry Zoller
• [TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN), Thierry Zoller
• [SECURITY] [DSA 4626-1] php7.3 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4627-1] webkit2gtk security update, Moritz Muehlenhoff
• WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002, Carlos Alberto Lopez Perez
• [SECURITY] [DSA 4620-1] firefox-esr security update, Moritz Muehlenhoff
• [slackware-security] libarchive (SSA:2020-043-01), Slackware Security Team
• [SECURITY] [DSA 4621-1] openjdk-8 security update, Moritz Muehlenhoff
• [TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR), Thierry Zoller
• CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability, Imre Rad
• [SECURITY] [DSA 4624-1] evince security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4625-1] thunderbird security update, Moritz Muehlenhoff
• [TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum), Thierry Zoller
• [EnumJavaLibs]_ Remote Java classpath enumerator, RedTimmy Security
  • Web Application Firewall bypass via Bluecoat device, RedTimmy Security
• [TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG), Thierry Zoller
• [slackware-security] mozilla-firefox (SSA:2020-042-01), Slackware Security Team
• [SECURITY] [DSA 4623-1] postgresql-11 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4622-1] postgresql-9.6 security update, Moritz Muehlenhoff
• [slackware-security] mozilla-thunderbird (SSA:2020-042-02), Slackware Security Team
• [SECURITY] [DSA 4618-1] libexif security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4619-1] libxmlrpc3-java security update, Salvatore Bonaccorso
• xglance-bin exploit (CVE-2014-2630), redazione
• [SECURITY] [DSA 4617-1] qtbase-opensource-src security update, Moritz Muehlenhoff
• [slackware-security] sudo (SSA:2020-031-01), Slackware Security Team
• [SECURITY] [DSA 4612-1] prosody-modules security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4613-1] libidn2 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4614-1] sudo security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4615-1] spamassassin security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4616-1] qemu security update, Moritz Muehlenhoff
• Executable installers are vulnerable^WEVIL (case 58): Intel® Processor Identification Utility - Windows* Version - arbitrary code execution with escalation of privilege, Stefan Kanthak
• [CVE-2019-20358] CVE-2019-9491 in Trend Micro Anti-Threat Toolkit (ATTK) was NOT properly FIXED, Stefan Kanthak
• [SECURITY] [DSA 4610-1] webkit2gtk security update, Moritz Muehlenhoff
• APPLE-SA-2020-1-29-1 iCloud for Windows 7.17, Apple Product Security
• APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2, Apple Product Security
• [SECURITY] [DSA 4611-1] opensmtpd security update, Moritz Muehlenhoff
• FreeBSD Security Advisory FreeBSD-SA-20:01.libfetch, FreeBSD Security Advisories
• APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1, Apple Product Security
• FreeBSD Security Advisory FreeBSD-SA-20:03.thrmisc, FreeBSD Security Advisories
• APPLE-SA-2020-1-28-3 watchOS 6.1.2, Apple Product Security
• APPLE-SA-2020-1-28-4 tvOS 13.3.1, Apple Product Security
• APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra, Apple Product Security
• FreeBSD Security Advisory FreeBSD-SA-20:02.ipsec, FreeBSD Security Advisories
• APPLE-SA-2020-1-28-5 Safari 13.0.5, Apple Product Security
• APPLE-SA-2020-1-28-6 iTunes for Windows 12.10.4, Apple Product Security
• Defense in depth -- the Microsoft way (part 61): security features are built to fail (or documented wrong), Stefan Kanthak
• LPE and RCE in OpenSMTPD (CVE-2020-7247), Qualys Security Advisory
• CVE - CVE-2020-7799 - FusionAuth command execution via Apache Freemarker Template, Gianluca Baldi
• [slackware-security] mozilla-thunderbird (SSA:2020-024-01), Slackware Security Team
• WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001, Carlos Alberto Lopez Perez
• [SECURITY] [DSA 4609-1] python-apt security update, Moritz Muehlenhoff
• SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS, SEC Consult Vulnerability Lab
• SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus, SEC Consult Vulnerability Lab
• [REVIVE-SA-2020-001] Revive Adserver Vulnerability, Matteo Beccati
• [SECURITY] [DSA 4608-1] tiff security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4607-1] openconnect security update, Salvatore Bonaccorso
• Neowise CarbonFTP v1.4 Insecure Proprietary Password Encryption CVE-2020-6857, apparitionsec
• Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697, apparitionsec
• Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357, apparitionsec
• [SECURITY] [DSA 4606-1] chromium security update, Michael Gilbert
• [SECURITY] [DSA 4603-1] thunderbird security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4604-1] cacti security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4605-1] openjdk-11 security update, Moritz Muehlenhoff
• CVE-2020-2656 - Low impact information disclosure via Solaris xlock, Marco Ivaldi
• CVE-2020-2696 - Local privilege escalation via CDE dtsession, Marco Ivaldi
• [SECURITY] [DSA 4602-1] xen security update, Moritz Muehlenhoff
• [TZO-09-2020] - Bitdefender Malformed Archive bypass (RAR Uncompressed Size), Thierry Zoller
• [TZO-10-2020] - Bitdefender Malformed Archive bypass (RAR Compression Information), Thierry Zoller
• [slackware-security] mozilla-thunderbird (SSA:2020-010-01), Slackware Security Team
• [TZO-08-2020] Bitdefender Generic Malformed Archive Bypass (ZIP GPFLAG), Thierry Zoller
• [TZO-06-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN), Thierry Zoller
• [TZO-05-2020] Kaspersky Generic Malformed Archive Bypass (ZIP Compressed Size), Thierry Zoller
• [TZO-07-2020] Bitdefender Generic Malformed Archive Bypass (RAR HOST_OS), Thierry Zoller
• [SECURITY] [DSA 4601-1] ldm security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4600-1] firefox-esr security update, Moritz Muehlenhoff
• [slackware-security] mozilla-firefox (SSA:2020-009-01), Slackware Security Team
• [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01), Slackware Security Team
• [SECURITY] [DSA 4598-1] python-django security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4599-1] wordpress security update, Sebastien Delafond
• [slackware-security] mozilla-firefox (SSA:2020-006-01), Slackware Security Team
• [SECURITY] [DSA 4597-1] netty security update, Salvatore Bonaccorso
• [TZO-04-2020] Bitdefender Generic Malformed Archive Bypass (BZ2), Thierry Zoller
• [TZO-01-2020] AVIRA Generic Malformed Container bypass (ISO), Thierry Zoller
• [RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts, RedTeam Pentesting GmbH
• [TZO-02-2020] Kaspersyk Generic Malformed Archive Bypass (ZIP GFlag), Thierry Zoller
• [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information), Thierry Zoller
• [RT-SA-2019-016] IceWarp: Cross-Site Scripting in Notes, RedTeam Pentesting GmbH
• Microsoft Windows .Group File / URL Field Code Execution, apparitionsec
• Microsoft Exchange Server, External Service Interaction (DNS), Alphan YAVAS
• [SECURITY] [DSA 4593-1] freeimage security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4592-1] mediawiki security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4594-1] openssl1.0 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4595-1] debian-lan-config security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4596-1] tomcat8 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4591-1] cyrus-sasl2 security update, Salvatore Bonaccorso
• CA20191218-01: Security Notice for CA Client Automation Agent for Windows, Kevin Kotas
• [slackware-security] tigervnc (SSA:2019-354-02), Slackware Security Team
• [slackware-security] openssl (SSA:2019-354-01), Slackware Security Team
• [SECURITY] [DSA 4590-1] cyrus-imapd security update, Moritz Muehlenhoff
• [slackware-security] wavpack (SSA:2019-353-01), Slackware Security Team
• Confluence Server and Data Center Security Advisory - 2019-12-18 - CVE-2019-15006, Alexander Minozhenko
• Deutsche Bahn Ticket Vending Machine Windows XP - Local Kiosk Privilege Escalation Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 4589-1] debian-edu-config security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4588-1] python-ecdsa security update, Sebastien Delafond
• [SECURITY] [DSA 4586-1] ruby2.5 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4587-1] ruby2.3 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4582-1] davical security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4583-1] spip security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4565-2] intel-microcode security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4584-1] spamassassin security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4585-1] thunderbird security update, Moritz Muehlenhoff
• Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726), Qualys Security Advisory
• SEC Consult SA-20191211-0 :: File Extension Spoofing in Windows Defender Antivirus, SEC Consult Vulnerability Lab
• APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra, Apple Product Security
• APPLE-SA-2019-12-10-4 watchOS 5.3.4, Apple Product Security
• APPLE-SA-2019-12-10-2 iOS 12.4.4, Apple Product Security
• APPLE-SA-2019-12-10-5 tvOS 13.3, Apple Product Security
• APPLE-SA-2019-12-10-6 Safari 13.0.4, Apple Product Security
• APPLE-SA-2019-12-10-7 Xcode 11.3, Apple Product Security
• APPLE-SA-2019-12-10-8 watchOS 6.1.1, Apple Product Security
• CA20191209-01: Security Notice for CA Nolio (Release Automation), Kevin Kotas
• [SECURITY] [DSA 4581-1] git security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4579-1] nss security update, Moritz Muehlenhoff
• [SYSS-2019-045] "Scoutnet Kalender" for WordPress - Cross-Site Scripting, simon . moser
• [SECURITY] [DSA 4580-1] firefox-esr security update, Moritz Muehlenhoff
• CVE-2019-17554 - Apache Olingo OData 4.0 - XML External Entity Resolution (XXE), Advisories
• External Service Interaction (DNS) on Skype for Business, Alphan YAVAS
  • <Possible follow-ups>
  • External Service Interaction (DNS) on Skype for Business, Alphan YAVAS
• Authentication vulnerabilities in OpenBSD, Qualys Security Advisory
• BeeGFS Privilege Escalation (CVE-2019-15897), john
• [slackware-security] mozilla-firefox (SSA:2019-337-01), Slackware Security Team
• SEC Consult SA-20191203-0 :: Multiple vulnerabilites in Fronius Solar Inverter Series, SEC Consult Vulnerability Lab
• Microsoft Windows Media Center XXE MotW Bypass (Anniversary Edition), apparitionsec
• SEC Consult SA-20191202-0 :: Multiple Critical Vulnerabilities in SALTO ProAccess SPACE, SEC Consult Vulnerability Lab
• NAPC Xinet Elegant 6 Asset Library Web Interface v6.1.655 Pre-Auth SQL Injection 0Day CVE-2019-19245, apparitionsec
• Max Secure Anti Virus Plus v19.0.4.020 Insecure Permissions CVE-2019-19382, apparitionsec
• Microsoft Excel 2016 v1901 Import Error XML External Entity Injection, apparitionsec
• [SECURITY] [DSA 4577-1] haproxy security update, Sebastien Delafond
• [SECURITY] [DSA 4578-1] libvpx security update, Moritz Muehlenhoff
• Anhui Huami Mi Fit Android Application - Unencrypted Update Check, David Coomber
• pari/gp on debian stable allow arbitrary file write, Georgi Guninski
• [SECURITY] [DSA 4576-1] php-imagick security update, Salvatore Bonaccorso
• SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products, SEC Consult Vulnerability Lab
  • Re: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4571-2] enigmail update, Moritz Muehlenhoff
• [SECURITY] [DSA 4575-1] chromium security update, Michael Gilbert
• AST-2019-007: AMI user could execute system commands., Asterisk Security Team
• AST-2019-008: Re-invite with T.38 and malformed SDP causes crash., Asterisk Security Team
• AST-2019-006: SIP request can change address of a SIP peer., Asterisk Security Team
• [slackware-security] bind (SSA:2019-324-01), Slackware Security Team
• [SECURITY] [DSA 4574-1] redmine security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4572-1] slurm-llnl security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4573-1] symfony security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4568-1] postgresql-common security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4569-1] ghostscript security update, Salvatore Bonaccorso
• [slackware-security] Slackware 14.2 kernel (SSA:2019-320-01), Slackware Security Team
• [SECURITY] [DSA 4570-1] mosquitto security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4571-1] thunderbird security update, Moritz Muehlenhoff
• Vulnerability Disclosure and CVE assign, Alphan YAVAS
• Vulnerability Disclosure, Alphan YAVAS
• [SECURITY] [DSA 4563-1] webkit2gtk security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4567-1] dpdk security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4566-1] qemu security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4565-1] intel-microcode security update, Salvatore Bonaccorso
• FreeBSD Security Advisory FreeBSD-SA-19:25.mcepsc, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:26.mcu, FreeBSD Security Advisories
• [SECURITY] [DSA 4564-1] linux security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4562-1] chromium security update, Moritz Muehlenhoff
• Minor security issue in punbb with SQLite, Georgi Guninski
• WebKitGTK and WPE WebKit Security Advisory WSA-2019-0006, Carlos Alberto Lopez Perez
• [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01), Slackware Security Team
• [SECURITY] [DSA 4561-1] fribidi security update, Salvatore Bonaccorso
• Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004, Alexander Minozhenko
• [SECURITY] [DSA 4560-1] simplesamlphp security update, Thijs Kinkhorst
• [SECURITY] [DSA 4559-1] proftpd-dfsg security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4558-1] webkit2gtk security update, Moritz Muehlenhoff
• [slackware-security] libtiff (SSA:2019-308-01), Slackware Security Team
• [SECURITY] [DSA 4556-1] qtbase-opensource-src security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4557-1] libarchive security update, Moritz Muehlenhoff
• APPLE-SA-2019-11-01-1 Xcode 11.2, Apple Product Security
• Security Advisory for Jira Plug-in: In-App & Desktop Notification, erik . steltzner
• [SECURITY] [DSA 4549-1] firefox-esr security update, Moritz Muehlenhoff
• [SYSS-2019-009]: Fujitsu Wireless Keyboard Set LX390 - Missing Protection against Replay Attacks (CVE-2019-18199), matthias . deeg
• [SYSS-2019-010]: Fujitsu Wireless Keyboard Set LX390 - Missing Encryption of Sensitive Data (CWE-311) (CVE-2019-18201), matthias . deeg
• [SYSS-2019-011]: Fujitsu Wireless Keyboard Set LX390 - Keystroke Injection Vulnerability (CVE-2019-18200), matthias . deeg
• [slackware-security] mozilla-firefox (SSA:2019-295-01), Slackware Security Team
• [SECURITY] [DSA 4545-1] mediawiki security update, Moritz Muehlenhoff
• Trend Micro Anti-Threat Toolkit <= v1.62.0.1218 / Remote Code Execution 0day, apparitionsec
• [SECURITY] [DSA 4546-1] openjdk-11 security update, Moritz Muehlenhoff
• [slackware-security] python (SSA:2019-293-01), Slackware Security Team
• [SECURITY] [DSA 4547-1] tcpdump security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4548-1] openjdk-8 security update, Moritz Muehlenhoff
• CA20191015-01: Security Notice for CA Performance Management, Kevin Kotas
• CVE-2019-5533 - VMware VeloCloud Authorization Bypass, Advisories
• [SECURITY] [DSA 4509-3] apache2 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4544-1] unbound security update, Sebastien Delafond
• CVE-2019-3010 - Local privilege escalation on Solaris 11.x via xscreensaver, Marco Ivaldi
• [SECURITY] [DSA 4543-1] sudo security update, Salvatore Bonaccorso
• [slackware-security] sudo (SSA:2019-287-01), Slackware Security Team
• SEC Consult SA-20191014-0 :: Reflected XSS vulnerability in OpenProject, SEC Consult Vulnerability Lab
• APPLE-SA-2019-10-11-1 Swift 5.1.1 for Ubuntu, Apple Product Security
• [SECURITY] [DSA 4539-3] openssl regression update, Salvatore Bonaccorso
• [SYSS-2019-033]: Microsoft Designer Bluetooth Desktop - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key), matthias . deeg
• [SYSS-2019-034]: Microsoft Surface Keyboard - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key), matthias . deeg
• [SYSS-2019-035]: Microsoft Surface Mouse - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key), matthias . deeg
• PBS Professional MoM Authentication Bypass (CVE-2019-15719), john
• [SECURITY] [DSA 4539-2] openssh regression update, Salvatore Bonaccorso
• APPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1, Apple Product Security
• APPLE-SA-2019-10-07-3 iCloud for Windows 10.7, Apple Product Security
• APPLE-SA-2019-10-07-1 macOS Catalina 10.15, Apple Product Security
• APPLE-SA-2019-10-07-4 iCloud for Windows 7.14, Apple Product Security
• [SECURITY] [DSA 4541-1] libapreq2 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4542-1] jackson-databind security update, Sebastien Delafond
• CVE-2019-10181, CVE-2019-10182, CVE-2019-10185: IcedTea-Web vulnerabilities leading to RCE, Imre Rad
• CA20190930-01: Security Notice for CA Network Flow Analysis, Kevin Kotas
• [SECURITY] [DSA 4509-2] subversion update, Moritz Muehlenhoff
• [slackware-security] tcpdump (SSA:2019-274-01), Slackware Security Team
• [SECURITY] [DSA 4539-1] openssl security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4540-1] openssl1.0 security update, Moritz Muehlenhoff
• APPLE-SA-2019-9-27-1 iOS 13.1.1 and iPadOS 13.1.1, Apple Product Security
• [SECURITY] [DSA 4534-1] golang-1.11 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4535-1] e2fsprogs security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4536-1] exim4 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4537-1] file-roller security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4538-1] wpa security update, Yves-Alexis Perez
• APPLE-SA-2019-9-26-1 iOS 12.4.2, Apple Product Security
• APPLE-SA-2019-9-26-5 watchOS 6, Apple Product Security
• APPLE-SA-2019-9-26-2 macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra, Apple Product Security
• APPLE-SA-2019-9-26-3 iOS 13, Apple Product Security
• APPLE-SA-2019-9-26-4 Safari 13, Apple Product Security
• APPLE-SA-2019-9-26-6 tvOS 13, Apple Product Security
• APPLE-SA-2019-9-26-7 Xcode 11.0, Apple Product Security
• APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1, Apple Product Security
• APPLE-SA-2019-9-26-9 Safari 13.0.1, Apple Product Security
• [SECURITY] [DSA 4533-1] lemonldap-ng security update, Moritz Muehlenhoff
• [slackware-security] mozilla-thunderbird (SSA:2019-268-01), Slackware Security Team
• SEC Consult SA-20190926-0 :: Multiple SQL Injection vulnerabilities in eBrigade, SEC Consult Vulnerability Lab
• Bitbucket Server security advisory 2019-09-18, Atlassian
• Jira Security Advisory - 2019-09-18 - CVE-2019-15001, Atlassian
• [SECURITY] [DSA 4531-1] linux security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4532-1] spip security update, Sebastien Delafond
• Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994, Brian Adeloye
• [SECURITY] [DSA 4529-1] php7.0 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4530-1] expat security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4526-1] opendmarc security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4527-1] php7.3 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4528-1] bird security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4525-1] ibus security update, Salvatore Bonaccorso
• SEC Consult SA-20190918-0 :: Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4524-1] dino-im security update, Moritz Muehlenhoff
• [slackware-security] expat (SSA:2019-259-01), Slackware Security Team
• [SECURITY] [DSA 4523-1] thunderbird security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4522-1] faad2 security update, Moritz Muehlenhoff
• SEC Consult SA-20190912-0 :: Stored and reflected XSS vulnerabilities in LimeSurvey, SEC Consult Vulnerability Lab
• [slackware-security] mozilla-thunderbird (SSA:2019-254-02), Slackware Security Team
• [slackware-security] openssl (SSA:2019-254-03), Slackware Security Team
• [slackware-security] curl (SSA:2019-254-01), Slackware Security Team
• [CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS, Info
• [SECURITY] [DSA 4521-1] docker.io security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4520-1] trafficserver security update, Moritz Muehlenhoff
• [CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections, Info
• Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 4519-1] libreoffice security update, Moritz Muehlenhoff
• NtFileSins v2.1 Windows NTFS Privileged File Access Enumeration Tool, apparitionsec
• NtFileSins / Windows NTFS Privileged File Access Enumeration Tool, apparitionsec
• [SECURITY] [DSA 4518-1] ghostscript security update, Salvatore Bonaccorso
• CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA), Kevin Kotas
• Windows NTFS / Privileged File Access Enumeration, apparitionsec
• [SECURITY] [DSA 4517-1] exim4 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4516-1] firefox-esr security update, Moritz Muehlenhoff
• AST-2019-005: Remote Crash Vulnerability in audio transcoding, Asterisk Security Team
• AST-2019-004: Crash when negotiating for T.38 with a declined stream, Asterisk Security Team
• [slackware-security] seamonkey (SSA:2019-247-01), Slackware Security Team
• SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4515-1] webkit2gtk security update, Moritz Mühlenhoff
• [SECURITY] [DSA 4514-1] varnish security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4513-1] samba security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4512-1] qemu security update, Moritz Muehlenhoff
• Wolters Kluwer TeamMate+ Cross-Site Request Forgery (CSRF) vulnerability, bhdresh
• [SECURITY] [DSA 4511-1] nghttp2 security update, Moritz Muehlenhoff
• Advisory for Confluence Server Local File Disclosure Vulnerability (CVE-2019-3394), Ming Chang
• SEC Consult SA-20190829-1 :: External DNS Requests in Zyxel USG/UAG/ATP/VPN/NXC series, SEC Consult Vulnerability Lab
• SEC Consult SA-20190829-0 :: Hardcoded FTP Credentials in Zyxel NWA/NAP/WAC wireless access point series, SEC Consult Vulnerability Lab
• WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004, Adrian Perez de Castro
• [SECURITY] [DSA 4510-1] dovecot security update, Salvatore Bonaccorso
• Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root, Pedro Ribeiro
• [slackware-security] Slackware 14.2 kernel (SSA:2019-238-01), Slackware Security Team
• [SECURITY] [DSA 4509-1] apache2 security update, Salvatore Bonaccorso
• APPLE-SA-2019-8-26-3 tvOS 12.4.1, Akila Srinivasan
• APPLE-SA-2019-8-26-2 macOS Mojave 10.14.6 Supplemental Update, Akila Srinivasan
• APPLE-SA-2019-8-26-1 iOS 12.4.1, Akila Srinivasan
• [SECURITY] [DSA 4508-1] h2o security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4507-1] squid security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4506-1] qemu security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4505-1] nginx security update, Moritz Muehlenhoff
• FreeBSD Security Advisory FreeBSD-SA-19:23.midi [REVISED], FreeBSD Security Advisories
• SEC Consult SA-20190822-0 :: Multiple Vulnerabilities in OpenPGP.js, SEC Consult Vulnerability Lab
• SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4504-1] vlc security update, Moritz Muehlenhoff
• FreeBSD Security Advisory FreeBSD-SA-19:24.mqueuefs, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:23.midi, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:22.mbuf, FreeBSD Security Advisories
• [SECURITY] [DSA 4503-1] golang-1.11 security update, Moritz Muehlenhoff
• [CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3, Justin Bull
• [SECURITY] [DSA 4502-1] ffmpeg security update, Moritz Muehlenhoff
• Details about recent GNU patch vulnerabilities, Imre Rad
• [SECURITY] [DSA 4501-1] libreoffice security update, Moritz Muehlenhoff
• [slackware-security] mozilla-firefox (SSA:2019-226-02), Slackware Security Team
• APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4, Apple Product Security
• APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4, Apple Product Security
• [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01), Slackware Security Team
• APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0, Apple Product Security
• APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3, Apple Product Security
• APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, Apple Product Security
• TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 4500-1] chromium security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4497-1] linux security update, Salvatore Bonaccorso
• Dlink-CVE-2019-13101, Devendra Solanki
• [SECURITY] [DSA 4499-1] ghostscript security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4498-1] python-django security update, Sebastien Delafond
• [SECURITY] [DSA 4496-1] pango1.0 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4495-1] linux security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4494-1] kconfig security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4493-1] postgresql-11 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4492-1] postgresql-9.6 security update, Moritz Muehlenhoff
• [slackware-security] kdelibs (SSA:2019-220-01), Slackware Security Team
• [waraxe-2019-SA#110] - Reflected XSS in MapProxy 1.11.0, come2waraxe
• FreeBSD Security Advisory FreeBSD-SA-19:21.bhyve, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:20.bsnmp, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:19.mldv2, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2, FreeBSD Security Advisories
• [SECURITY] [DSA 4491-1] proftpd-dfsg security update, Moritz Muehlenhoff
• Microsoft Windows PowerShell Unsanitized Filename Command Execution, apparitionsec
• [slackware-security] mariadb (SSA:2019-213-01), Slackware Security Team
• [SECURITY] [DSA 4490-1] subversion security update, Salvatore Bonaccorso
• CVE-2019-13635: Directory traversal in WP Fastest Cache 0.8.9.5 and below, Imre Rad
• [SECURITY] [DSA 4489-1] patch security update, Salvatore Bonaccorso
• [SYSS-2019-004]: ABUS Secvest (FUAA50000) - Message Transmission - Unchecked Error Condition (CWE-391), matthias . deeg
• [SECURITY] [DSA 4488-1] exim4 security update, Salvatore Bonaccorso
• FreeBSD Security Advisory FreeBSD-SA-19:17.fd, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:15.mqueuefs, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:16.bhyve, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:14.freebsd32, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:12.telnet, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:13.pts, FreeBSD Security Advisories
• APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6, Apple Product Security
• Trend Micro Deep Discovery Inspector IDS / Percent Encoding IDS Bypass, apparitionsec
• APPLE-SA-2019-7-23-1 iCloud for Windows 7.13, Apple Product Security
• APPLE-SA-2019-7-23-3 iCloud for Windows 10.6, Apple Product Security
• [SECURITY] [DSA 4487-1] neovim security update, Moritz Muehlenhoff
• APPLE-SA-2019-7-22-3 Safari 12.1.2, Apple Product Security
• APPLE-SA-2019-7-22-5 tvOS 12.4, Apple Product Security
• APPLE-SA-2019-7-22-4 watchOS 5.3, Apple Product Security
• APPLE-SA-2019-7-22-1 iOS 12.4, Apple Product Security
• [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01), Slackware Security Team
• Jira Server - Template injection in various resources - CVE-2019-11581, Anton Black
• [SECURITY] [DSA 4486-1] openjdk-11 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4485-1] openjdk-8 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4484-1] linux security update, Salvatore Bonaccorso
• CVE-2019-13577 / MAPLE Computer WBT SNMP Administrator v2.0.195.15 / Unauthenticated Remote Buffer Overflow Code Execution 0day, apparitionsec
• [SECURITY] [DSA 4483-1] libreoffice security update, Moritz Muehlenhoff
• Deutsche Telekom CERT Advisory [DTC-A-20170323-001], cert
• [**Fixed Typo] Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity, apparitionsec
• Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity, apparitionsec
• [SYSS-2019-024] FANUC Robotics Virtual Robot Controller - Stack-based Buffer Overflow (CWE-121), Sebastian Hamann
• [SYSS-2019-025] FANUC Robotics Virtual Robot Controller - Path Traversal (CWE-22), Sebastian Hamann
• [slackware-security] bzip2 (SSA:2019-195-01), Slackware Security Team
• [SECURITY] [DSA 4482-1] thunderbird security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4481-1] ruby-mini-magick security update, Salvatore Bonaccorso
• AST-2019-002: Remote crash vulnerability with MESSAGE messages, Asterisk Security Team
• [SECURITY] [DSA 4480-1] redis security update, Moritz Muehlenhoff
• AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver, Asterisk Security Team
• [SECURITY] [DSA 4479-1] firefox-esr security update, Moritz Muehlenhoff
• [slackware-security] mozilla-firefox (SSA:2019-191-01), Slackware Security Team
• [SECURITY] [DSA 4478-1] dosbox security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4477-1] zeromq3 security update, Salvatore Bonaccorso
• Two vulnerabilities found in Sony Bravia Smart TVs, xen1thLabs
• Cisco Data Center Manager multiple vulns; RCE as root, Pedro Ribeiro
• [SECURITY] [DSA 4476-1] python-django security update, Moritz Muehlenhoff
• [SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321), manuel . stotz
• Microsoft File Checksum Integrity Verifier "fciv.exe" v2.05 / DLL Hijack Arbitrary Code Execution, apparitionsec
• [SYSS-2019-017] EBK BKS Buskoppler - Unauthenticated Remote Code Execution, sebastian . auwaerter
• FreeBSD Security Advisory FreeBSD-SA-19:10.ufs, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:11.cd_ioctl, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:09.iconv, FreeBSD Security Advisories
• [SECURITY] [DSA 4475-1] openssl security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4474-1] firefox-esr security update, Moritz Muehlenhoff
• [RT-SA-2019-012] Information Disclosure in REDDOXX Appliance, RedTeam Pentesting GmbH
• [SYSS-2019-016] SquirrelMail script filter bypass/XSS, Moritz Bechler
  • [SYSS-2019-016] SquirrelMail script filter bypass/XSS (update), Moritz Bechler
• [slackware-security] irssi (SSA:2019-180-01), Slackware Security Team
• [SECURITY] [DSA 4473-1] rdesktop security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4472-1] expat security update, Salvatore Bonaccorso
• [SYSS-2019-006] Adobe Coldfusion (Windows) - Remote Code Execution through JNBridge listener, Moritz Bechler
• [SECURITY] [DSA 4471-1] thunderbird security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4470-1] pdns security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4469-1] libvirt security update, Salvatore Bonaccorso
• [slackware-security] mozilla-thunderbird (SSA:2019-172-02), Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2019-172-01), Slackware Security Team
• [SECURITY] [DSA 4467-2] vim regression update, Moritz Muehlenhoff
• [SECURITY] [DSA 4468-1] php-horde-form security update, Salvatore Bonaccorso
• APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1, Apple Product Security
• [slackware-security] bind (SSA:2019-171-01), Slackware Security Team
• [SECURITY] [DSA 4447-2] intel-microcode security update, Moritz Muehlenhoff
• FreeBSD Security Advisory FreeBSD-SA-19:08.rack, FreeBSD Security Advisories
• [SECURITY] [DSA 4465-1] linux security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4464-1] thunderbird security update, Moritz Muehlenhoff
• Microsoft Word (2016) Deceptive File Reference ZDI-CAN-7949, apparitionsec
• [SECURITY] [DSA 4463-1] znc security update, Salvatore Bonaccorso
• [SE-2019-01] Java Card vulnerabilities (post shutdown release), Adam Gowdiak
• [slackware-security] mozilla-thunderbird (SSA:2019-164-01), Slackware Security Team
• X41 D-Sec GmbH Security Advisory X41-2019-004: Type confusion in Thunderbird, X41 D-Sec GmbH Advisories
• X41 D-Sec GmbH Security Advisory X41-2019-003: Stack-based buffer overflow in Thunderbird, X41 D-Sec GmbH Advisories
• X41 D-Sec GmbH Security Advisory X41-2019-002: Heap-based buffer overflow in Thunderbird, X41 D-Sec GmbH Advisories
• [SECURITY] [DSA 4462-1] dbus security update, Salvatore Bonaccorso
• X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird, X41 D-Sec GmbH Advisories
  • <Possible follow-ups>
  • X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird, X41 D-Sec GmbH Advisories
• SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4461-1] zookeeper security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4460-1] mediawiki security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4459-1] vlc security update, Moritz Muehlenhoff
• CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8, Imre Rad
• [SECURITY] [DSA 4458-1] cyrus-imapd security update, Salvatore Bonaccorso
• Newly releases IoT security issues, stevesim84
• [SECURITY] [DSA 4457-1] evolution security update, Sebastien Delafond
• [SECURITY] [DSA 4454-2] qemu regression update, Salvatore Bonaccorso
• [SECURITY] [DSA 4456-1] exim4 security update, Salvatore Bonaccorso
• [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability, matthias . deeg
• [SYSS-2019-008]: Inateck 2.4 GHz Wearable Wireless Presenter WP2002 - Keystroke Injection Vulnerability, matthias . deeg
• [SYSS-2019-007]: Inateck 2.4 GHz Wireless Presenter WP1001 - Keystroke Injection Vulnerability, matthias . deeg
• [SECURITY] [DSA 4455-1] heimdal security update, Salvatore Bonaccorso
• Rapid7’s Windows InsightIDR Agent: Local Privilege Escalation, Florian Bogner
• Unauthorized Access Vulnerability in ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)), Onur Onur
  • <Possible follow-ups>
  • Unauthorized Access Vulnerability in ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)), Onur Onur
• APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1, Apple Product Security
• [SECURITY] [DSA 4454-1] qemu security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4453-1] openjdk-8 security update, Moritz Muehlenhoff
• [SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257), matthias . deeg
• [SYSS-2019-013]: Siemens LOGO! 8 - Missing Authentication for Critical Function (CWE-306), matthias . deeg
• [SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321), matthias . deeg
• APPLE-SA-2019-5-28-1 iTunes for Windows 12.9.5, Apple Product Security
• APPLE-SA-2019-5-28-2 iCloud for Windows 7.12, Apple Product Security
• [SECURITY] [DSA 4452-1] jackson-databind security update, Moritz Muehlenhoff
• Crowd Security Advisory - 2019-05-22, Atlassian
• [SECURITY] [DSA 4451-1] thunderbird security update, Moritz Muehlenhoff
• CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication, Kevin Kotas
• MacOS X GateKeeper Bypass, Filippo Cavallarin
• [SECURITY] [DSA 4450-1] wpa security update, Yves-Alexis Perez
• [CVE-2019-11604] Quest KACE Systems Management Appliance <= 9.0 kbot_service_notsoap.php METHOD Reflected Cross-Site Scripting, RCE Security
• [slackware-security] curl (SSA:2019-142-01), Slackware Security Team
• Bitbucket Server security advisory 2019-05-22, Anton Black
• [SECURITY] [DSA 4449-1] ffmpeg security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4448-1] firefox-esr security update, Moritz Muehlenhoff
• Anviz M3 RFID Access Control security issues, Marco
• [SYSS-2019-002] Blue Prism Robotic Process Automation (RPA) - Privilege Escalation, benjamin . hess
• [slackware-security] mozilla-firefox (SSA:2019-141-01), Slackware Security Team
• [REVIVE-SA-2019-002] Revive Adserver Vulnerability, Matteo Beccati
• CSRF in Darktrace Enterprise Immune System <=3.0.10, Gerwout Van der Veen
• WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003, Michael Catanzaro
• Advisory: security controls configured in php.ini could be bypassed on Linux, Imre Rad
• Emerson Network Power Cross Site Scripting(XSS) Vulnerability, Kubilay Onur Gungor
• local privilege escalation via CDE dtprintinfo, Marco Ivaldi
• [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway, RedTeam Pentesting GmbH
• [slackware-security] rdesktop (SSA:2019-135-01), Slackware Security Team
• FreeBSD Security Advisory FreeBSD-SA-19:07.mds [REVISED], FreeBSD Security Advisories
• [SECURITY] [DSA 4447-1] intel-microcode security update, Moritz Muehlenhoff
• SEC Consult SA-20190515-0 :: Authorization Bypass in RSA NetWitness (@sec_consult), SEC Consult Vulnerability Lab
• FreeBSD Security Advisory FreeBSD-SA-19:06.pf, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:05.pf, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:07.mds, FreeBSD Security Advisories
  • <Possible follow-ups>
  • FreeBSD Security Advisory FreeBSD-SA-19:07.mds, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:04.ntp, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:03.wpa, FreeBSD Security Advisories
• [SECURITY] [DSA 4446-1] lemonldap-ng security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4444-1] linux security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4445-1] drupal7 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4443-1] samba security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4442-2] cups-filters regression update, Salvatore Bonaccorso
• [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services, Joshua Mulliken
  • <Possible follow-ups>
  • [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services, joshua
• APPLE-SA-2019-5-13-5 Safari 12.1.1, Apple Product Security
• APPLE-SA-2019-5-13-6 Apple TV Software 7.3, Apple Product Security
• APPLE-SA-2019-5-13-4 watchOS 5.2.1, Apple Product Security
• APPLE-SA-2019-5-13-3 tvOS 12.3, Apple Product Security
• APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, Apple Product Security
• APPLE-SA-2019-5-13-1 iOS 12.3, Apple Product Security
• SEC Consult SA-20190513-0 :: Cleartext message spoofing in supplementary Go Cryptography Libraries (@sec_consult), SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4442-1] ghostscript security update, Salvatore Bonaccorso
• SEC Consult SA-20190510-0 :: Unauthenticated SQL Injection vulnerability in OpenProject, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4441-1] symfony security update, Sebastien Delafond
• [SECURITY] [DSA 4440-1] bind9 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4439-1] postgresql-9.6 security update, Moritz Muehlenhoff
• dotCMS v5.1.1 Vulnerabilities, John Martinelli
• SEC Consult SA-20190509-0 :: Multiple Vulnerabilities in Gemalto (Thales Group) DS3 Authentication Server / Ezio Server, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4438-1] atftp security update, Salvatore Bonaccorso
• [Newsletter/Marketing] [ISN] Hundreds of Orpak gas station systems can be easily hacked thanks to hardcoded passwords, InfoSec News
• [Newsletter/Marketing] [ISN] Executive Order on America's Cybersecurity Workforce, InfoSec News
• [Newsletter/Marketing] [ISN] Why local governments are a hot target for cyberattacks, InfoSec News
• [Newsletter/Marketing] [ISN] Hackers Steal and Ransom Financial Data Related to Some of the World's Largest Companies, InfoSec News
• [Newsletter/Marketing] [ISN] Spot the not-Fed: A day at AvengerCon, the Army's answer to hacker conferences, InfoSec News
• [Newsletter/Marketing] [ISN] After account hacks, Twitch streamers take security into their own hands, InfoSec News
• [Newsletter/Marketing] [ISN] Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are -- oh no, wait, it's Cisco again, InfoSec News
• [Newsletter/Marketing] [ISN] Subscribing and Unsubscribing from InfoSec News, InfoSec News
• [Newsletter/Marketing] [ISN] DHS Orders Agencies to Patch Critical Vulnerabilities Within 15 Days, InfoSec News
• [Newsletter/Marketing] [ISN] Going Toe-to-Toe With Ukraine's Separatist Hackers, InfoSec News
• [Newsletter/Marketing] [ISN] Wall Street spending big to protect against hacking: report, InfoSec News
• [Newsletter/Marketing] [ISN] MITRE asks vendors to do more to detect stealthy hacks, InfoSec News
• [Newsletter/Marketing] [ISN] Attackers Used Red-Team, Pen-Testing Tools to Hack Wipro, InfoSec News
• 2019 Public Bug bounty launched, Reports
• [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310), matthias . deeg
• Windows PowerShell ISE / Filename Parsing Flaw Remote Code Execution 0day, apparitionsec
• [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server, Martin
• [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS, Martin
• [Newsletter/Marketing] [ISN] Augusta cyber-attacker sought more than $100,000 in ransom, InfoSec News
• [Newsletter/Marketing] [ISN] Microsoft Patch Alert: April patches have sharp edges, with several missing, others reappearing, InfoSec News
• [Newsletter/Marketing] [ISN] Ransomware: The key lesson Maersk learned from battling the NotPetya attack, InfoSec News
• [Newsletter/Marketing] [ISN] Man who allegedly leaked CIA hacking tools says he's been tortured and is owed $50 billion, InfoSec News
• [Newsletter/Marketing] [ISN] Russian Hackers Were 'In a Position' to Alter Florida Voter Rolls, Rubio Confirms, InfoSec News
• [Newsletter/Marketing] [ISN] 'A Goldmine for Identity Thieves': Unprotected Database Puts 65% of American Households At Risk, InfoSec News
• [Newsletter/Marketing] [ISN] Docker Hacked: 190,000 Accounts Breached, InfoSec News
• [SECURITY] [DSA 4437-1] gst-plugins-base1.0 security update, Moritz Muehlenhoff
• [REVIVE-SA-2019-001] Revive Adserver - Multiple vulnerabilities, Matteo Beccati
• [SECURITY] [DSA 4436-1] imagemagick security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4435-1] libpng1.6 security update, Salvatore Bonaccorso
• [slackware-security] bind (SSA:2019-116-01), Slackware Security Team
• Multiple vulnerabilities in Sony Smart TVs, xen1thLabs
• Confluence Security Advisory - 2019-04-17, Atlassian
• [SECURITY] [DSA 4434-1] drupal7 security update, Salvatore Bonaccorso
• WordPress Plugin Contact Form Builder [CSRF → LFI], Panagiotis Vagenas
• [slackware-security] libpng (SSA:2019-107-01), Slackware Security Team
• [SECURITY] [DSA 4433-1] ruby2.3 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4432-1] ghostscript security update, Salvatore Bonaccorso
• [SE-2019-01] Gemalto SIM card applet loading vulnerability, Security Explorations
• [SECURITY] [DSA 4431-1] libssh2 security update, Salvatore Bonaccorso
• [**UPDATED] Microsoft Internet Explorer v11 / XML External Entity Injection 0day, apparitionsec
• [SECURITY] [DSA 4430-1] wpa security update, Yves-Alexis Perez
• Microsoft Internet Explorer v11 XML External Entity Injection 0day, apparitionsec
• WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002, Michael Catanzaro
• [SECURITY] [DSA 4429-1] spip security update, Sebastien Delafond
• [SECURITY] [DSA 4428-1] systemd security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4427-1] samba security update, Sebastien Delafond
• [SECURITY] [DSA 4426-1] tryton-server security update, Moritz Muehlenhoff
• CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition, Rodrigo Rubira Branco (BSDaemon)
  • RE: [EXTERNAL] CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition, Michael Artemio Go Rebultan
• [slackware-security] httpd (SSA:2019-096-01), Slackware Security Team
• [slackware-security] wget (SSA:2019-095-02), Slackware Security Team
• [slackware-security] openjpeg (SSA:2019-095-01), Slackware Security Team
• [SECURITY] [DSA 4425-1] wget security update, Salvatore Bonaccorso
• WordPress plugin Contact Form by WD [CSRF → LFI], Panagiotis Vagenas
• WordPress Plugin Form Maker by WD [CSRF → LFI], Panagiotis Vagenas
• [SECURITY] [DSA 4424-1] pdns security update, Sebastien Delafond
• Various vulnerabilities in Lupusec XT2 Plus home alarm system, Dan Fabian
• [SECURITY] [DSA 4423-1] putty security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4422-1] apache2 security update, Salvatore Bonaccorso
• [slackware-security] ghostscript (SSA:2019-092-01), Slackware Security Team
• [slackware-security] wget (SSA:2019-092-02), Slackware Security Team
• [SECURITY] [DSA 4421-1] chromium security update, Michael Gilbert
• [SECURITY] [DSA 4420-1] thunderbird security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4419-1] twig security update, Sebastien Delafond
• [SECURITY] [DSA 4418-1] dovecot security update, Salvatore Bonaccorso
• [SAUTH-2019-0002] - Pydio 8 Multiple Vulnerabilities, SecureAuth Advisories
• [slackware-security] gnutls (SSA:2019-086-01), Slackware Security Team
• APPLE-SA-2019-3-27-1 watchOS 5.2, Apple Product Security
• [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval, RedTeam Pentesting GmbH
• [RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval, RedTeam Pentesting GmbH
• [RT-SA-2019-003] Cisco RV320 Unauthenticated Configuration Export, RedTeam Pentesting GmbH
• [RT-SA-2019-007] Code Execution via Insecure Shell Function getopt_simple, RedTeam Pentesting GmbH
• APPLE-SA-2019-3-25-1 iOS 12.2, Apple Product Security
• [article2pdf (Wordpress plug-in)] Multiple vulnerabilities (CVE-2019-1000031, CVE-2019-1010257), Christian Lerrahn
• Recon 2019 Call For Papers - June 28 - 30, 2019 - Montreal, Canada, cfp
• [slackware-security] mozilla-thunderbird (SSA:2019-084-01), Slackware Security Team
• APPLE-SA-2019-3-25-4 Safari 12.1, Apple Product Security
• APPLE-SA-2019-3-25-6 iCloud for Windows 7.11, Apple Product Security
• APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows, Apple Product Security
• APPLE-SA-2019-3-25-3 tvOS 12.2, Apple Product Security
• APPLE-SA-2019-3-25-7 Xcode 10.2, Apple Product Security
• APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, Apple Product Security
• Multiple vulnerabilities in DASAN H660RM GPON router firmware, Krzysztof Burghardt
• Atlassian - Confluence Security Advisory - 2019-03-20, Atlassian
• [SYSS-2018-036]: ABUS Secvest Remote Control - Denial of Service - Uncontrolled Resource Consumption (CWE-400), matthias . deeg
• [SYSS-2018-035]: ABUS Secvest Remote Control - Missing Encryption of Sensitive Data (CWE-311), matthias . deeg
• [SYSS-2018-034]: ABUS Secvest - Rolling Code - Predictable from Observable State (CWE-341), matthias . deeg
• [SECURITY] [DSA 4417-1] firefox-esr security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4416-1] wireshark security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4415-1] passenger security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4414-1] libapache2-mod-auth-mellon security update, Thijs Kinkhorst
• [slackware-security] mozilla-firefox (SSA:2019-081-01), Slackware Security Team
• [SECURITY] [DSA 4413-1] ntfs-3g security update, Salvatore Bonaccorso
• March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities, Erin Jensby
• [SECURITY] [DSA 4412-1] drupal7 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4411-1] firefox-esr security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4410-1] openjdk-8 security update, Moritz Muehlenhoff
• [SE-2019-01] Java Card vulnerabilities, Security Explorations
• [slackware-security] libssh2 (SSA:2019-077-01), Slackware Security Team
• [SECURITY] [DSA 4409-1] neutron security update, Moritz Muehlenhoff
• Gitea 1.7.3 stored HTML injection (XSS), Anti Räis
• [SECURITY] [DSA 4408-1] liblivemedia security update, Moritz Muehlenhoff
• NEW: VMSA-2019-0003 - VMware Horizon update addresses Connection Server information disclosure vulnerability, VMware Security Response Center
• NEW: VMSA-2019-0002 - VMware Workstation update addresses elevation of privilege issues., VMware Security Response Center
• [SYSS-2018-033]: Fujitsu Wireless Keyboard Set LX901 - Keystroke Injection Vulnerability, matthias . deeg
• IPv6 Security for IPv4 Engineers, Fernando Gont
• Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723), David Coomber
• [SECURITY] [DSA 4407-1] xmltooling security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4406-1] waagent security update, Moritz Muehlenhoff
• Microsoft Windows .Reg File Dialog Box Message Spoofing 0day, apparitionsec
• [**UPDATED] Microsoft Windows .Reg File Dialog Box Message Spoofing 0day, apparitionsec
• FlexPaper <= 2.3.6 Remote Command Execution, Red Timmy Sec -
  • CVE-2019-7727 - JMX/RMI Nice ENGAGE <= 6.5 Remote Command Execution, Red Timmy Sec -
  • CVE-2018-2879 - anniversary, Red Timmy Sec -
• [SECURITY] [DSA 4405-1] openjpeg2 security update, Luciano Bello
• [SECURITY] [DSA 4404-1] chromium security update, Michael Gilbert
• [SECURITY] [DSA 4403-1] php7.0 security update, Moritz Muehlenhoff
• [slackware-security] ntp (SSA:2019-067-01), Slackware Security Team
• [SECURITY] [DSA 4402-1] mumble security update, Moritz Muehlenhoff
• SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS), Ece örsel
  • <Possible follow-ups>
  • SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS), Ece örsel
• SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS), Ece örsel
• [slackware-security] python (SSA:2019-062-01), Slackware Security Team
• [SECURITY] [DSA 4387-2] openssh security update, Yves-Alexis Perez
• [slackware-security] infozip (SSA:2019-060-01), Slackware Security Team
• [SECURITY] [DSA 4401-1] wordpress security update, Sebastien Delafond
• [SECURITY] [DSA 4399-1] ikiwiki security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4400-1] openssl1.0 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4398-1] php7.0 security update, Moritz Muehlenhoff
• AST-2019-001: Remote crash vulnerability with SDP protocol violation, Asterisk Security Team
• [SECURITY] [DSA 4397-1] ldb security update, Salvatore Bonaccorso
• [CORE-2018-0012] - Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2, advisories
• [SECURITY] [DSA 4395-2] chromium regression update, Michael Gilbert
• [slackware-security] openssl (slackware 14.2) (SSA:2019-057-01), Slackware Security Team
• SHAREit for Android Authentication Bypass and Remote File Download, RedForce Advisory
• Defense in depth -- the Microsoft way (part 60): same old sins and incompetence!, Stefan Kanthak
• [slackware-security] file (SSA:2019-054-01), Slackware Security Team
• [SECURITY] [DSA 4377-3] rssh security update, Moritz Muehlenhoff
• [SRP-2018-02] Details of a vulnerability in STMicroelectronics' chipset, Adam Gowdiak
• [SAUTH-2019-0001] - Micro Focus Filr Multiple Vulnerabilities, advisories
• [SECURITY] [DSA 4396-1] ansible security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4395-1] chromium security update, Michael Gilbert
• [SECURITY] [DSA 4394-1] rdesktop security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4393-1] systemd security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4388-2] mosquitto regression update, Salvatore Bonaccorso
• CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape, Stig Palmquist
• [SECURITY] [DSA 4392-1] thunderbird security update, Moritz Muehlenhoff
• DASAN H665 has vendor backdoor built into BusyBox’s /bin/login, Krzysztof Burghardt
• [slackware-security] mozilla-thunderbird (SSA:2019-045-01), Slackware Security Team
• [SECURITY] [DSA 4391-1] firefox-esr security update, Moritz Muehlenhoff
• [slackware-security] mozilla-firefox (SSA:2019-044-01), Slackware Security Team
• Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702), David Coomber
• [slackware-security] lxc (SSA:2019-043-01), Slackware Security Team
• CA20190212-01: Security Notice for CA Privileged Access Manager, Kevin Kotas
• [SECURITY] [DSA 4390-1] flatpak security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4377-2] rssh regression update, Salvatore Bonaccorso
• [SECURITY] [DSA 4389-1] libu2f-host security update, Sebastien Delafond