BugTraq Mode:
(Page 1 of 1747)  1 2 3 4 5 6 7 8 9 10 11  Next >
Local information disclosure in OpenSMTPD (CVE-2020-8793) 2020-02-24
Qualys Security Advisory (qsa qualys com)

Qualys Security Advisory

Local information disclosure in OpenSMTPD (CVE-2020-8793)

========================================================================
======
Contents
========================================================================
======

Summary
Analysis
Exploitation
POKE 47196, 201

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components 2020-02-24
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

since Microsoft Server 2003 R2, Microsoft dares to ship and install the
abomination known as .NET Framework with every new version of Windows.

Among other components current versions of Windows and .NET Framework
include

C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe,

[ more ]  [ reply ]
LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) 2020-02-24
Qualys Security Advisory (qsa qualys com)

Qualys Security Advisory

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

========================================================================
======
Contents
========================================================================
======

Summary
Analysis
...
Acknowledgments

=====

[ more ]  [ reply ]
[SECURITY] [DSA 4633-1] curl security update 2020-02-24
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4633-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
February 22, 2020

[ more ]  [ reply ]
Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888) 2020-02-25
Jamie R (jamie blacktraffic co uk)
I've quoted the Cisco summary below as it's pretty accurate.

tl;dr is an admin user on the web console can gain command execution
and then escalate to root. If this is an issue in your environment,
then please patch.

Thanks to Cisco PSIRT who were responsive and professional.

Shouts to Andrew, Da

[ more ]  [ reply ]
[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass 2020-02-24
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the lets-try-it-this-way Department
Qihoo360 | GDATA | Rising | Webroot | Dr Web Generic Archive Bypass
________________________________________________________________________

Release mode : Vendors do n

[ more ]  [ reply ]
[TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) 2020-02-24
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the low-hanging-fruit-department
F-SECURE Generic Malformed Container bypass (GZIP)
________________________________________________________________________

Ref : [TZO-16-2020] - F-SECURE Ge

[ more ]  [ reply ]
[slackware-security] proftpd (SSA:2020-051-01) 2020-02-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] proftpd (SSA:2020-051-01)

New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/pac

[ more ]  [ reply ]
[SECURITY] [DSA 4628-1] php7.0 security update 2020-02-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4628-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2020

[ more ]  [ reply ]
[SECURITY] [DSA 4629-1] python-django security update 2020-02-19
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4629-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 19, 2020

[ more ]  [ reply ]
[TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP) 2020-02-18
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the low-hanging-fruit-department
Bitdefender Generic Malformed Archive Bypass (GZIP)
________________________________________________________________________

Release mode : Silent Patch
Ref

[ more ]  [ reply ]
[TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN) 2020-02-17
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the low-hanging-fruit-department
Kaspersky Generic Malformed Archive Bypass (ZIP Filename Length)
________________________________________________________________________

Release mode : Coordinate

[ more ]  [ reply ]
[SECURITY] [DSA 4626-1] php7.3 security update 2020-02-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4626-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 17, 2020

[ more ]  [ reply ]
[SECURITY] [DSA 4627-1] webkit2gtk security update 2020-02-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4627-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alberto Garcia
February 17, 2020

[ more ]  [ reply ]
[SECURITY] [DSA 4621-1] openjdk-8 security update 2020-02-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4621-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020

[ more ]  [ reply ]
[SECURITY] [DSA 4620-1] firefox-esr security update 2020-02-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4620-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020

[ more ]  [ reply ]
[TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR) 2020-02-14
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the low-hanging-fruit-department
F-SECURE Generic Malformed Container bypass (RAR)
________________________________________________________________________

Ref : [TZO-15-2020] - F-SECURE

[ more ]  [ reply ]
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002 2020-02-14
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002
------------------------------------------------------------------------

Date reported : February 14, 2020
Advisory ID : WSA-2020-0

[ more ]  [ reply ]
[slackware-security] libarchive (SSA:2020-043-01) 2020-02-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libarchive (SSA:2020-043-01)

New libarchive packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/pack

[ more ]  [ reply ]
CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability 2020-02-14
Imre Rad (radimre83 gmail com)
The TrustedInstaller service running on the Windows operating system
hosts a COM service called Sxs Store Class; its ISxsStore interface
provides methods to install/uninstall assemblies via application
manifests files into the WinSxS store. These API methods were meant to
be available for users with

[ more ]  [ reply ]
[SECURITY] [DSA 4624-1] evince security update 2020-02-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4624-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 14, 2020

[ more ]  [ reply ]
[SECURITY] [DSA 4625-1] thunderbird security update 2020-02-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4625-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 15, 2020

[ more ]  [ reply ]
[TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG) 2020-02-13
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the low-hanging-fruit-department
AVIRA Generic Malformed Container bypass (ZIP GPFLAG)
________________________________________________________________________

Release mode : No Patch - Coordinated o

[ more ]  [ reply ]
[TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum) 2020-02-13
Thierry Zoller (thierry zoller lu)
________________________________________________________________________

From the low-hanging-fruit-department
ESET Generic Malformed Archive Bypass (BZ2 Checksum)
________________________________________________________________________

Release mode : Coordinated D

[ more ]  [ reply ]
[EnumJavaLibs]_ Remote Java classpath enumerator 2020-02-13
RedTimmy Security (redazione segfault it) (1 replies)
Hi,
we have just released EnumJavaLibs to perform java classes enumeration against java services.

To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding calls to readObject() and finding a way for user input to reach that function. In case

[ more ]  [ reply ]
Web Application Firewall bypass via Bluecoat device 2020-02-16
RedTimmy Security (redazione segfault it)
[SECURITY] [DSA 4623-1] postgresql-11 security update 2020-02-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4623-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2020-042-01) 2020-02-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2020-042-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 4622-1] postgresql-9.6 security update 2020-02-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4622-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2020-042-02) 2020-02-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2020-042-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
(Page 1 of 1747)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus