BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 3 min ago

[SECURITY] [DSA 4370-1] drupal7 security update

January 18, 2019 - 3:55am

Posted by Moritz Muehlenhoff on Jan 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4370-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : not yet available

Two...
Categories:

[SYSS-2018-043] Authentication Bypass in Kentix MultiSensor LAN - CVE-2018-19783

January 18, 2019 - 3:51am

Posted by Micha Borrmann on Jan 18

Advisory ID: SYSS-2018-043
Product: MultiSensor-LAN
Manufacturer: Kentix GmbH
Affected Version(s): 5.63.00 <=
Tested Version(s): 5.60.01, 5.63.00
Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel (CWE-288)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2018-12-03
Solution Date: -
Public...
Categories:

[SYSS-2018-041] Mozilla Firefox - Information Exposure

January 16, 2019 - 9:20pm

Posted by vladimir . bostanov on Jan 16

Advisory ID: SYSS-2018-041
Product: Firefox
Manufacturer: Mozilla
Affected Versions: <= 64
Tested Versions: 61, 62, 63, 64
Vulnerability Type: Information Exposure (CWE-200)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2018-07-19
Solution Date: -
Public Disclosure: 2019-01-16
CVE Reference: Not yet assigned
Author of Advisory: Dr. Vladimir Bostanov, SySS GmbH...
Categories:

[SECURITY] [DSA 4367-2] systemd regression update

January 16, 2019 - 9:17pm

Posted by Salvatore Bonaccorso on Jan 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4367-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : systemd

The Qualys Research Labs reported that the...
Categories:

CVE-2018-13798 Siemens - SICAM A8000 Series Webinterface XXE DoS

January 16, 2019 - 9:13pm

Posted by Advisories on Jan 16

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: SICAM A8000 Series
# Vendor: Siemens
# CSNC ID: CSNC-2019-002
# CVE ID: CVE-2018-13798
# Subject: SICAM Webinterface XXE DoS
# Risk: Medium (CVSS 3.0 Base Score: 5.3)
# CVSS 3.0:...
Categories:

Microsoft Windows VCF File Insufficient UI Warning Remote Code Execution 0day ZDI-CAN-6920

January 15, 2019 - 12:07am

Posted by apparitionsec on Jan 14

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt
[+] ISR: ApparitionSec
[+] Zero Day Initiative Program

[Vendor]
www.microsoft.com

[Product]
A VCF file is a standard file format for storing contact information for a person or business.
Microsoft Outlook supports the vCard and...
Categories:

Microsoft Windows VCF File Insufficient UI Warning Remote Code Execution 0day ZDI-CAN-6920

January 15, 2019 - 12:06am

Posted by apparitionsec on Jan 14

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt
[+] ISR: ApparitionSec
[+] Zero Day Initiative Program

[Vendor]
www.microsoft.com

[Product]
A VCF file is a standard file format for storing contact information for a person or business.
Microsoft Outlook supports the vCard and...
Categories:

[SECURITY] [DSA 4369-1] xen security update

January 15, 2019 - 12:03am

Posted by Moritz Muehlenhoff on Jan 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4369-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2018-19961 CVE-2018-19962...
Categories:

[SECURITY] [DSA 4368-1] zeromq3 security update

January 14, 2019 - 11:59pm

Posted by Moritz Muehlenhoff on Jan 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4368-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : zeromq3
CVE ID : CVE-2019-6250

Guido Vranken...
Categories:

[slackware-security] zsh (SSA:2019-013-01)

January 14, 2019 - 3:29am

Posted by Slackware Security Team on Jan 14

[slackware-security] zsh (SSA:2019-013-01)

New zsh packages are available for Slackware 14.0, 14.1, and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/zsh-5.6.2-i586-1_slack14.2.txz: Upgraded.
This release fixes security issues, including ones that could allow a local
attacker to execute arbitrary code.
For more information, see:...
Categories:

[SECURITY] [DSA 4367-1] systemd security update

January 13, 2019 - 11:19pm

Posted by Salvatore Bonaccorso on Jan 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4367-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : systemd
CVE ID : CVE-2018-16864 CVE-2018-16865...
Categories:

[SECURITY] [DSA 4366-1] vlc security update

January 13, 2019 - 11:18pm

Posted by Moritz Muehlenhoff on Jan 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4366-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vlc
CVE ID : CVE-2018-19857

An integer underflow...
Categories:

[slackware-security] irssi (SSA:2019-011-01)

January 13, 2019 - 11:16pm

Posted by Slackware Security Team on Jan 13

[slackware-security] irssi (SSA:2019-011-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/irssi-1.1.2-i586-1_slack14.2.txz: Upgraded.
This update addresses bugs including security and stability issues:
A NULL pointer dereference occurs for an "empty" nick.
Certain nick...
Categories:

[SYSS-2018-042] XSS in HMS Netbiter WS100 - CVE-2018-19694

January 13, 2019 - 11:15pm

Posted by Micha Borrmann on Jan 13

Advisory ID: SYSS-2018-042
Product: Netbiter WS100
Manufacturer: HMS Industrial Networks AB
Affected Version(s): 3.30.5 <=
Tested Version(s): 3.30.5
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Low
Solution Status: Fixed
Manufacturer Notification: 2018-11-29
Solution Date: 2018-12-20
Public Disclosure: 2019-01-11...
Categories:

[SYSS-2018-011] Portier - Cryptographic Issues

January 13, 2019 - 11:07pm

Posted by christian . pappas on Jan 13

Advisory ID: SYSS-2018-011
Product: PORTIER
Affected Version(s): 4.4.4.2, 4.4.4.6
Tested Version(s): 4.4.4.2, 4.4.4.6
Vulnerability Type: Cryptographic Issues (CWE-310)
Risk Level: HIGH
Solution Status: Open
Manufacturer Notification: 2018-06-13
Solution Date: -
Public Disclosure: 2018-01-09
CVE Reference: CVE-2019-5723
Author of Advisory: Christian Pappas, SySS GmbH...
Categories:

[SYSS-2018-011] Portier - SQL Injection

January 13, 2019 - 11:04pm

Posted by christian . pappas on Jan 13

Advisory ID: SYSS-2018-012
Product: PORTIER
Affected Version(s): 4.4.4.2, 4.4.4.6
Tested Version(s): 4.4.4.2, 4.4.4.6
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: HIGH
Solution Status: Open
Manufacturer Notification: 2018-06-13
Solution Date: -
Public Disclosure: 2018-01-09
CVE Reference: CVE-2019-5722
Author of Advisory: Christian Pappas, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...
Categories: