|
|
Colapse all |
Post message
Local information disclosure in OpenSMTPD (CVE-2020-8793) 2020-02-24 Qualys Security Advisory (qsa qualys com) Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components 2020-02-24 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, since Microsoft Server 2003 R2, Microsoft dares to ship and install the abomination known as .NET Framework with every new version of Windows. Among other components current versions of Windows and .NET Framework include C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, [ more ] [ reply ] LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) 2020-02-24 Qualys Security Advisory (qsa qualys com) Qualys Security Advisory LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) ======================================================================== ====== Contents ======================================================================== ====== Summary Analysis ... Acknowledgments ===== [ more ] [ reply ] Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888) 2020-02-25 Jamie R (jamie blacktraffic co uk) I've quoted the Cisco summary below as it's pretty accurate. tl;dr is an admin user on the web console can gain command execution and then escalate to root. If this is an issue in your environment, then please patch. Thanks to Cisco PSIRT who were responsive and professional. Shouts to Andrew, Da [ more ] [ reply ] [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass 2020-02-24 Thierry Zoller (thierry zoller lu) ________________________________________________________________________ From the lets-try-it-this-way Department Qihoo360 | GDATA | Rising | Webroot | Dr Web Generic Archive Bypass ________________________________________________________________________ Release mode : Vendors do n [ more ] [ reply ] [TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) 2020-02-24 Thierry Zoller (thierry zoller lu) [slackware-security] proftpd (SSA:2020-051-01) 2020-02-21 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] proftpd (SSA:2020-051-01) New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/pac [ more ] [ reply ] [SECURITY] [DSA 4629-1] python-django security update 2020-02-19 Sebastien Delafond (seb debian org) [TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP) 2020-02-18 Thierry Zoller (thierry zoller lu) [TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN) 2020-02-17 Thierry Zoller (thierry zoller lu) [TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR) 2020-02-14 Thierry Zoller (thierry zoller lu) WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002 2020-02-14 Carlos Alberto Lopez Perez (clopez igalia com) [slackware-security] libarchive (SSA:2020-043-01) 2020-02-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libarchive (SSA:2020-043-01) New libarchive packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/pack [ more ] [ reply ] CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability 2020-02-14 Imre Rad (radimre83 gmail com) The TrustedInstaller service running on the Windows operating system hosts a COM service called Sxs Store Class; its ISxsStore interface provides methods to install/uninstall assemblies via application manifests files into the WinSxS store. These API methods were meant to be available for users with [ more ] [ reply ] [TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum) 2020-02-13 Thierry Zoller (thierry zoller lu) [EnumJavaLibs]_ Remote Java classpath enumerator 2020-02-13 RedTimmy Security (redazione segfault it) (1 replies) Hi, we have just released EnumJavaLibs to perform java classes enumeration against java services. To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding calls to readObject() and finding a way for user input to reach that function. In case [ more ] [ reply ] Web Application Firewall bypass via Bluecoat device 2020-02-16 RedTimmy Security (redazione segfault it) [SECURITY] [DSA 4623-1] postgresql-11 security update 2020-02-13 Moritz Muehlenhoff (jmm debian org) [slackware-security] mozilla-firefox (SSA:2020-042-01) 2020-02-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2020-042-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [SECURITY] [DSA 4622-1] postgresql-9.6 security update 2020-02-13 Moritz Muehlenhoff (jmm debian org) [slackware-security] mozilla-thunderbird (SSA:2020-042-02) 2020-02-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2020-042-02) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ p [ more ] [ reply ] [SECURITY] [DSA 4269-1] postgresql-9.6 security update 2018-08-10 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA 4267-1] kamailio security update 2018-08-08 Salvatore Bonaccorso (carnil debian org) [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08 Joachim De Zutter (dezutterjoachim gmail com) CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CA20180802-01: Security Notice for CA API Developer Portal Issued: August 2, 2018 Last Updated: August 2, 2018 CA Technologies Support is alerting customers to a potential risk with CA API Developer Portal. A medium risk vulnerability exists that ca [ more ] [ reply ] [CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08 eL_Bart0 (eL_Bart0 protonmail ch) man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a Parameter (e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd) the Script will read and return the local file. This is happening because of the way the Script calls the "man" comm [ more ] [ reply ] WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08 Michael Catanzaro (mcatanzaro igalia com) New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability 2018-08-07 VMware Security Response Center (security vmware com) RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06 Andrius Duksta (duk danskebank lt) Sorry, but the viable/practical attack vector on this one is practically non-existent. I really can't see anyone actually using this as a real-life attack. The circumstances required to succeed are such that if this attack works, it's waaay too late to blame Rufus as your system was obviously alread [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-18:08.tcp 2018-08-06 FreeBSD Security Advisories (security-advisories freebsd org) [SECURITY] [DSA 4265-1] xml-security-c security update 2018-08-05 Moritz Muehlenhoff (jmm debian org) [slackware-security] lftp (SSA:2018-214-01) 2018-08-02 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] lftp (SSA:2018-214-01) New lftp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ [ more ] [ reply ] [SECURITY] [DSA 4260-1] libmspack security update 2018-08-02 Salvatore Bonaccorso (carnil debian org) Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installer of VMware Player 12.5.9, published in January 2018, available from <https://download3.vmware.com/software/player/file/VMware-player-12.5.9- 7535481.exe>, is vulnerable. JFTR: VMware Player 12.5.9 is the last version which runs on 32-bit Windows, and the last t [ more ] [ reply ] [slackware-security] blueman (SSA:2018-213-01) 2018-08-02 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] blueman (SSA:2018-213-01) New blueman packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/blueman [ more ] [ reply ] CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, on February 13, 2016, I sent a vulnerability report regarding the then current executable installer of VMware-player 7.1.3 to its vendor. On September 14, 2016, VMware published <http://blogs.vmware.com/security/2016/09/vmsa-2016-0014.html> and <http://www.vmware.com/security/advisories/VM [ more ] [ reply ] [slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2018-212-02) New seamonkey packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/seam [ more ] [ reply ] [slackware-security] file (SSA:2018-212-01) 2018-07-31 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] file (SSA:2018-212-01) New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/f [ more ] [ reply ] secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 2018-07-30 Tobias Glemser (tglemser secuvera de) secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 Affected Products: Microsoft Wireless Display Adapter V2: - Microsoft Wireless Display Adapter V2 Softwareversion 2.0.8350 to 2.0.8372 have been tested an [ more ] [ reply ] [slackware-security] Slackware 14.2 kernel (SSA:2018-208-01) 2018-07-27 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-208-01) New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4. [ more ] [ reply ] [SECURITY] [DSA 4256-1] chromium-browser security update 2018-07-27 Michael Gilbert (mgilbert debian org) [CORE-2018-0009] - SoftNAS Cloud OS Command Injection 2018-07-26 Core Security Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. *Advisory Information* Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: http://www.coresecurity.com/advisories/softnas-cloudnas-OS-command-injec tion Date pu [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25 Defense Code (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities Advisory ID: DC-2018-05-007 Advisory Title: WordPress Strong Testimonials Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25 Defense Code (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability Advisory ID: DC-2018-05-008 Advisory Title: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Gwol [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities 2018-07-25 Defense Code (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities Advisory ID: DC-2018-05-006 Advisory Title: WordPress Snazzy Maps Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress S [ more ] [ reply ] [SECURITY] [DSA 4254-1] slurm-llnl security update 2018-07-24 Salvatore Bonaccorso (carnil debian org) FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-07-24 Branco, Rodrigo (rodrigo branco intel com) CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 [ - Introduction - ] It is a pleasure to invite you to submit abstracts to iSecCon 2018, the annual Security Conference at Intel. This prestigious conference aims to bring together esteemed speakers from the industry, government and acad [ more ] [ reply ] [SECURITY] [DSA 4253-1] network-manager-vpnc security update 2018-07-23 Salvatore Bonaccorso (carnil debian org) APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 iOS 11.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be a [ more ] [ reply ] APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 tvOS 11.4 addresses the following: Bluetooth Available for: Apple TV 4K Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic D [ more ] [ reply ] APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1 watchOS 4.3.1 addresses the following: Bluetooth Not impacted: Apple Watch Series 3 Impact: An attacker in a privileged network position may be able to intercept Blu [ more ] [ reply ] APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and Security Update 2018 [ more ] [ reply ] APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-0 [ more ] [ reply ] Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235 2018-07-23 Anton Black (ablack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This email refers to the advisory found at https://confluence.atlassian.com/sourcetreekb/sourcetree-security-adviso ry-2018-07-18-953674465.html . CVE ID: * CVE-2018-11235. * CVE-2018-13385. * CVE-2018-13386. Product: Sourcetree. Affected Sourcet [ more ] [ reply ] [slackware-security] php (SSA:2018-201-01) 2018-07-20 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2018-201-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php [ more ] [ reply ] Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20 Secunia Research (remove-vuln secunia com) Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20 Secunia Research (remove-vuln secunia com) Secunia Research: LibRaw "parse_minolta()" Infinite Loop Denial of Service Vulnerability 2018-07-19 Secunia Research (remove-vuln secunia com) Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-07-19 Secunia Research (remove-vuln secunia com) Adobe Systems - Arbitrary Code Injection Vulnerability 2018-07-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2018/07/19/ha [ more ] [ reply ] [slackware-security] httpd (SSA:2018-199-01) 2018-07-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2018-199-01) New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] GhostMail - (Status Message) Persistent Web Vulnerability 2018-07-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== GhostMail - (Status Message) Persistent Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1470 Release Date: ============= 2018-06-27 Vulnerability Laboratory ID (VL-ID): ============================= [ more ] [ reply ] Binance v1.5.0 - Insecure File Permission Vulnerability 2018-07-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Binance v1.5.0 - Insecure File Permission Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2135 Release Date: ============= 2018-07-17 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] GhostMail - (filename to link) POST Inject Web Vulnerability 2018-07-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== GhostMail - (filename to link) POST Inject Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1471 Release Date: ============= 2018-06-26 Vulnerability Laboratory ID (VL-ID): ========================== [ more ] [ reply ] Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability 2018-07-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=662 Release Date: ============= 2018-07-18 Vulnerability Laboratory ID (VL-ID): =========================== [ more ] [ reply ] Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability 2018-07-18 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Microsoft released <https://support.microsoft.com/en-us/help/4336919> "Description of the security update for the remote code execution vulnerability in Visual Studio 2010 Service Pack 1: July 10, 2018" some days ago. The executable installer VS10SP1-KB4336919-x86.exe offered for download [ more ] [ reply ] [slackware-security] mutt (SSA:2018-198-01) 2018-07-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mutt (SSA:2018-198-01) New mutt packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/m [ more ] [ reply ] [CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper 2018-07-17 Justin Bull (me justinbull ca) Good morning everyone, A security bulletin for all of you. Software: -------- Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper) Description: ---------- Doorkeeper is an OAuth 2 provider for Rails written in Ruby. Affected Versions: --------------- 4.2.0 - 4.3.2 5.0.0.rc1 Fixed Versions: [ more ] [ reply ] Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities 2018-07-17 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Microsoft released <https://support.microsoft.com/en-us/help/4340040/> "July 2018 servicing release for Microsoft Desktop Optimization Pack" some days ago. <https://www.microsoft.com/en-us/download/details.aspx?id=57157> offers three executable installers to update existing installations: [ more ] [ reply ] [SECURITY] [DSA 4247-1] ruby-rack-protection security update 2018-07-16 Moritz Muehlenhoff (jmm debian org) Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability 2018-07-13 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2132 Security ID: huawei-sa-20180309-01-ensp https://nvd.nist.gov/vuln/detail/CVE-2017-17321 https://cve.mitre.org/c [ more ] [ reply ] Secunia Research: Clam AntiVirus "parsehwp3_paragraph()" Denial of Service Vulnerability 2018-07-12 Secunia Research (remove-vuln secunia com) SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS 2018-07-12 SEC Consult Vulnerability Lab (research sec-consult com) [security bulletin] MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities 2018-07-12 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM032010 85 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03201085 Version: 1 MFSBGN03811 rev.1 [ more ] [ reply ] Barracuda ADC v5.x - Multiple Persistent Vulnerabilities 2018-07-12 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Barracuda ADC v5.x - Multiple Persistent Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1424 Release Date: ============= 2018-07-12 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability 2018-07-12 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Lenovo SU v5.07 - Buffer Overflow & Code Execution Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2131 Lenovo Security ID: LEN-19625 https://nvd.nist.gov/vuln/detail/CVE-2018-9063 https://cve.mitre.org/ [ more ] [ reply ] |
|
Privacy Statement |
Qualys Security Advisory
Local information disclosure in OpenSMTPD (CVE-2020-8793)
========================================================================
======
Contents
========================================================================
======
Summary
Analysis
Exploitation
POKE 47196, 201
[ more ] [ reply ]