Colapse all |
Post message
On Second Thought... 2021-01-17 alias securityfocus com Bugtraq has been a valuable institution within the Cyber Security community for almost 30 years. Many of our own people entered the industry by subscribing to it and learning from it. So, based on the feedback weâ??ve received both from the community-at-large and internally, weâ??ve decided to keep [ more ] [ reply ] BugTraq Shutdown 2021-01-15 alias securityfocus com 2020 was quite the year, one that saw many changes. As we begin 2021, we wanted to send one last note to our friends and supporters at the SecurityFocus BugTraq mailing list. As many of you know, assets of Symantec were acquired by Broadcom in late 2019, and some of those assets were then acquired [ more ] [ reply ] Local information disclosure in OpenSMTPD (CVE-2020-8793) 2020-02-24 Qualys Security Advisory (qsa qualys com) Qualys Security Advisory Local information disclosure in OpenSMTPD (CVE-2020-8793) ======================================================================== ====== Contents ======================================================================== ====== Summary Analysis Exploitation POKE 47196, 201 [ more ] [ reply ] Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components 2020-02-24 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, since Microsoft Server 2003 R2, Microsoft dares to ship and install the abomination known as .NET Framework with every new version of Windows. Among other components current versions of Windows and .NET Framework include C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, [ more ] [ reply ] LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) 2020-02-24 Qualys Security Advisory (qsa qualys com) Qualys Security Advisory LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) ======================================================================== ====== Contents ======================================================================== ====== Summary Analysis ... Acknowledgments ===== [ more ] [ reply ] Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888) 2020-02-25 Jamie R (jamie blacktraffic co uk) I've quoted the Cisco summary below as it's pretty accurate. tl;dr is an admin user on the web console can gain command execution and then escalate to root. If this is an issue in your environment, then please patch. Thanks to Cisco PSIRT who were responsive and professional. Shouts to Andrew, Da [ more ] [ reply ] [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass 2020-02-24 Thierry Zoller (thierry zoller lu) ________________________________________________________________________ From the lets-try-it-this-way Department Qihoo360 | GDATA | Rising | Webroot | Dr Web Generic Archive Bypass ________________________________________________________________________ Release mode : Vendors do n [ more ] [ reply ] [TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) 2020-02-24 Thierry Zoller (thierry zoller lu) [slackware-security] proftpd (SSA:2020-051-01) 2020-02-21 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] proftpd (SSA:2020-051-01) New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/pac [ more ] [ reply ] [SECURITY] [DSA 4629-1] python-django security update 2020-02-19 Sebastien Delafond (seb debian org) [TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP) 2020-02-18 Thierry Zoller (thierry zoller lu) [TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN) 2020-02-17 Thierry Zoller (thierry zoller lu) [TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR) 2020-02-14 Thierry Zoller (thierry zoller lu) WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002 2020-02-14 Carlos Alberto Lopez Perez (clopez igalia com) [slackware-security] libarchive (SSA:2020-043-01) 2020-02-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libarchive (SSA:2020-043-01) New libarchive packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/pack [ more ] [ reply ] CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability 2020-02-14 Imre Rad (radimre83 gmail com) The TrustedInstaller service running on the Windows operating system hosts a COM service called Sxs Store Class; its ISxsStore interface provides methods to install/uninstall assemblies via application manifests files into the WinSxS store. These API methods were meant to be available for users with [ more ] [ reply ] [TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum) 2020-02-13 Thierry Zoller (thierry zoller lu) [EnumJavaLibs]_ Remote Java classpath enumerator 2020-02-13 RedTimmy Security (redazione segfault it) (1 replies) Hi, we have just released EnumJavaLibs to perform java classes enumeration against java services. To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding calls to readObject() and finding a way for user input to reach that function. In case [ more ] [ reply ] Web Application Firewall bypass via Bluecoat device 2020-02-16 RedTimmy Security (redazione segfault it) |
Privacy Statement |
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4628-1 security (at) debian (dot) org [ema
[ more ] [ reply ]