Security Alerts

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 33 sec ago

Jira Server - Template injection in various resources - CVE-2019-11581

Mon, 07/22/2019 - 04:18

Posted by Anton Black on Jul 22

This email refers to the advisory found at
https://confluence.atlassian.com/x/AzoGOg .

CVE ID:

* CVE-2019-11581.

Product: Jira Server and Data Center.

Affected Jira Server and Data Center product versions:

4.0.0 <= version < 7.6.14
7.13.0 <= version < 7.13.5
8.0.0 <= version < 8.0.3
8.1.0 <= version < 8.1.2
8.2.0 <= version < 8.2.3

Fixed Jira Server and Data Center product versions:

* Jira Server and Data...
Categories: Security

[slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)

Mon, 07/22/2019 - 04:15

Posted by Slackware Security Team on Jul 22

[slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.182/*: Upgraded.
These updates fix various bugs and many minor security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be...
Categories: Security

[SECURITY] [DSA 4486-1] openjdk-11 security update

Mon, 07/22/2019 - 04:11

Posted by Moritz Muehlenhoff on Jul 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-4486-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 21, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-11
CVE ID : CVE-2019-2745 CVE-2019-2762...
Categories: Security

[SECURITY] [DSA 4485-1] openjdk-8 security update

Mon, 07/22/2019 - 04:08

Posted by Moritz Muehlenhoff on Jul 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-4485-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 21, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-8
CVE ID : CVE-2019-2745 CVE-2019-2762...
Categories: Security

[SECURITY] [DSA 4484-1] linux security update

Mon, 07/22/2019 - 04:04

Posted by Salvatore Bonaccorso on Jul 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-4484-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2019-13272

Jann Horn discovered...
Categories: Security

CVE-2019-13577 / MAPLE Computer WBT SNMP Administrator v2.0.195.15 / Unauthenticated Remote Buffer Overflow Code Execution 0day

Thu, 07/18/2019 - 05:01

Posted by apparitionsec on Jul 18

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MAPLE-WBT-SNMP-ADMINISTRATOR-v2.0.195.15-REMOTE-BUFFER-OVERFLOW-CODE-EXECUTION-0DAY.txt
[+] ISR: Apparition Security

[Vendor]
www.computerlab.com

[Product]
MAPLE Computer WBT SNMP Administrator (Thin Client Administrator)
v2.0.195.15...
Categories: Security

[SECURITY] [DSA 4483-1] libreoffice security update

Tue, 07/16/2019 - 20:44

Posted by Moritz Muehlenhoff on Jul 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4483-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9848 CVE-2019-9849...
Categories: Security

Deutsche Telekom CERT Advisory [DTC-A-20170323-001]

Tue, 07/16/2019 - 04:15

Posted by cert on Jul 16

Deutsche Telekom CERT Advisory [DTC-A-20170323-001]

Summary:
Information leakage found in FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box 7490)

Recommendation:
Update to the newest Version of FRITZ!OS

Details:
a) application
b) problem
c) CVSS
d) detailed description
e) credits...
Categories: Security

[**Fixed Typo] Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity

Tue, 07/16/2019 - 04:12

Posted by apparitionsec on Jul 16

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Compiled HTML Help "hh.exe"

Microsoft Compiled HTML Help is a Microsoft proprietary online help format, consisting of a collection...
Categories: Security

Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity

Tue, 07/16/2019 - 04:09

Posted by apparitionsec on Jul 16

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Compiled HTML Help "hh.exe"

Microsoft Compiled HTML Help is a Microsoft proprietary online help format, consisting of a collection...
Categories: Security

[SYSS-2019-024] FANUC Robotics Virtual Robot Controller - Stack-based Buffer Overflow (CWE-121)

Mon, 07/15/2019 - 13:51

Posted by Sebastian Hamann on Jul 15

Advisory ID: SYSS-2019-024
Product: FANUC Robotics Virtual Robot Controller
Manufacturer: FANUC Robotics America, Inc.
Affected Version(s): V8.23
Tested Version(s): V8.23
Vulnerability Type: Stack-based Buffer Overflow (CWE-121)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-05-22
Solution Date: ?
Public Disclosure: 2019-07-15
CVE Reference: CVE-2019-13585
Author of Advisory: Sebastian Hamann, SySS GmbH...
Categories: Security

[SYSS-2019-025] FANUC Robotics Virtual Robot Controller - Path Traversal (CWE-22)

Mon, 07/15/2019 - 13:47

Posted by Sebastian Hamann on Jul 15

Advisory ID: SYSS-2019-025
Product: FANUC Robotics Virtual Robot Controller
Manufacturer: FANUC Robotics America, Inc.
Affected Version(s): V8.23
Tested Version(s): V8.23
Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2019-05-22
Solution Date: ?
Public Disclosure: 2019-07-15
CVE Reference: CVE-2019-13584
Author...
Categories: Security

[slackware-security] bzip2 (SSA:2019-195-01)

Mon, 07/15/2019 - 03:45

Posted by Slackware Security Team on Jul 15

[slackware-security] bzip2 (SSA:2019-195-01)

New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bzip2-1.0.8-i586-1_slack14.2.txz: Upgraded.
Fixes security issues:
bzip2recover: Fix use after free issue with outFile.
Make sure nSelectors is not out of range.
For more information, see:...
Categories: Security

[SECURITY] [DSA 4482-1] thunderbird security update

Mon, 07/15/2019 - 03:42

Posted by Moritz Muehlenhoff on Jul 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4482-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-9811 CVE-2019-11709...
Categories: Security

[SECURITY] [DSA 4481-1] ruby-mini-magick security update

Mon, 07/15/2019 - 03:38

Posted by Salvatore Bonaccorso on Jul 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4481-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-mini-magick
CVE ID : CVE-2019-13574
Debian Bug...
Categories: Security

FreeBSD Security Advisory FreeBSD-SA-19:10.ufs

Wed, 07/03/2019 - 08:11

Posted by FreeBSD Security Advisories on Jul 03

=============================================================================
FreeBSD-SA-19:10.ufs Security Advisory
The FreeBSD Project

Topic: Kernel stack disclosure in UFS/FFS

Category: core
Module: Kernel
Announced: 2019-07-02
Credits: David G. Lawrence <dg () dglawrence com>
Affects: All supported...
Categories: Security

[SYSS-2019-017] EBK BKS Buskoppler - Unauthenticated Remote Code Execution

Wed, 07/03/2019 - 08:09

Posted by sebastian . auwaerter on Jul 03

Advisory ID: SYSS-2019-017
Product: BKS EBK Ethernet-Buskoppler Pro
Manufacturer: BKS GmbH
Affected Version(s): < 3.01
Vulnerability Type: Unrestricted Upload of File with Dangerous Type (CWE-434)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: April 23, 2019
Solution Date: June 14, 2019
Public Disclosure: July 03, 2019
CVE Reference: CVE-2019-12971
Author of Advisory: Sebastian Auwaerter, SySS GmbH...
Categories: Security

FreeBSD Security Advisory FreeBSD-SA-19:11.cd_ioctl

Wed, 07/03/2019 - 08:05

Posted by FreeBSD Security Advisories on Jul 03

=============================================================================
FreeBSD-SA-19:11.cd_ioctl Security Advisory
The FreeBSD Project

Topic: Privilege escalation in cd(4) driver

Category: core
Module: kernel
Announced: 2019-07-02
Credits: Alex Fortune
Affects: All supported versions of FreeBSD.
Corrected:...
Categories: Security

FreeBSD Security Advisory FreeBSD-SA-19:09.iconv

Wed, 07/03/2019 - 08:01

Posted by FreeBSD Security Advisories on Jul 03

=============================================================================
FreeBSD-SA-19:09.iconv Security Advisory
The FreeBSD Project

Topic: iconv buffer overflow

Category: core
Module: libc
Announced: 2019-07-02
Credits: Andrea Venturoli <security () netfence it>, NetFence
Affects: All supported...
Categories: Security

[SECURITY] [DSA 4475-1] openssl security update

Mon, 07/01/2019 - 22:36

Posted by Moritz Muehlenhoff on Jul 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-4475-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2019-1543

Joran Dirk Greef...
Categories: Security