Apple Security Advisory 2019-3-25-3 - tvOS 12.2 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
f64ca23fdfdf301253dce16367ff35a30c4a58a061de08297d12e90b0d0dbf58Apple Security Advisory 2019-3-25-4 - Safari 12.1 is now available and addresses code execution and cross site scripting vulnerabilities.
b8d0aa06fff0d1fd93078d701d89414366c69904a2e82bca94287376c9a91312Apple Security Advisory 2019-3-25-7 - Xcode 10.2 is now available and addresses a code execution vulnerability.
12dadc26d93ad05182074b6ac03add53394e49aafee52487ac6a0f09e1735c5bApple Security Advisory 2019-3-25-2 - macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses buffer overflow, bypass, and code execution vulnerabilities.
4586dd3e324e2c849bc6d37ff1b93dc1a83271a7faa1f2cab7ddccce107730f5Red Hat Security Advisory 2019-0641-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service and use-after-free vulnerabilities.
9059cdcb369bd96cb1c0d25c239372e2e539ff777183cd9b073e46245df44d40Red Hat Security Advisory 2019-0638-01 - Openwsman is a project intended to provide an open source implementation of the Web Services Management specification and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Issues addressed include an arbitrary file disclosure vulnerability.
a9b36ba93ad492975799317b96fc3168dc9e55d34fe0935cd633cdceb90f49b2Red Hat Security Advisory 2019-0640-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP30. Issues addressed include a buffer overflow vulnerability.
431bcb0ca92a58776aa627496b18259e09e52a1b66054e9d14b8c9bc1fa9c885PCMan FTP Server version 2.0 CDUP remote buffer overflow exploit.
5193c9c7ef87fabef737e23277dccde5d538f2d7940f5fe0df6a7f460410adeaThis whitepaper discusses highlights of findings related to remote code execution leveraging JMX/RMI.
c1c6d49b75e30398fa5a7dacd39a13e739823cc3f93d713506d4b6e32f8da33dSPIP CMS versions 2.x and 3.x suffer from unauthenticated add administrator and arbitrary file upload vulnerabilities.
a7387c189d176bff2a0e9afc63e2bfada0350e829685bdc4a61f682b38596b2dZeeways Jobsite CMS suffers from a remote SQL injection vulnerability.
b86c15d7beb8a1f874fb91247c64488e7f941ad5470cb7ab6bc52fccdacf82acZeeways Matrimony CMS suffers from a remote SQL injection vulnerability.
16ad90accba954a01ee8e7fc948b0220da4eeed1706668be61cdc36a5cf0334eThomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present and that the implemented rolling codes are predictable. By exploiting these two security issues, an attacker can simply desynchronize a wireless remote control by observing the current rolling code state, generating many valid rolling codes, and use them before the original wireless remote control. The Secvest wireless alarm system will ignore sent commands by the wireless remote control until the generated rolling code happens to match the window of valid rolling code values again. Depending on the number of used rolling codes by the attacker, a resynchronization without actually reconfiguring the wireless remote control could take quite a lot of time and effectless button presses. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.
1e8bdcc2aac5543c46a47138bfd7aaeba7d32444b036b9f6db96a45e4987806aThomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present at all. Thus, an attacker observing radio signals of an ABUS FUBE50014 wireless remote control is able to see all sensitive data of transmitted packets as cleartext and can analyze the used packet format and the communication protocol. For instance, this security issue could successfully be exploited to observe the current rolling code state of the wireless remote control and deduce the cryptographically weak used rolling code algorithm. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.
4fb6b1bb33c005b26a8192228bc5ffdcbbcb440ba5889e85c120133752973a41Ubuntu Security Notice 3919-1 - Two security issues were discovered in the JavaScript engine in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code.
ecb14fcd081b173399f246fce8890179bcb0a41de018aa2cecf0b53f8006c215Ubuntu Security Notice 3918-2 - USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.
baa25a5f9ae8648296e1f99c1966e7547781f61b5bdbdab8d20e439a175726f1The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user which results in the elevated process sharing resources such as COM registrations with the normal user who can modify the registry to force an arbitrary DLL to be loaded into the VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.
032bc0791aa032c4cf3fd94b8d7db2846f5bc0d3465f7a023e94a81286eb18ffThe VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user and follows the common pattern of impersonating the user while calling CreateProcessAsUser. This is an issue as the user has the ability to replace any drive letter for themselves, which allows a non-admin user to hijack the path to the VMX executable, allowing the user to get arbitrary code running as a trusted VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.0.2.
770beade272f39c1d6868fdb30316cb00f9c1a560eb4acdbffe3b9df7efe3b3bThomas Detert found out that the rolling codes implemented as replay protection in the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA50000) and its remote control (FUBE50014, FUB50015) is cryptographically weak.
92648a845f9e728c6b9724e16f7b0148e4f4b7d7c8d97744a46937db2cabc861Atlassian Confluence versions 6.6.0 up to 6.6.12, 6.12.0 up to 6.12.3, 6.13.0 up to 6.13.3, and 6.14.0 up to 6.14.2 suffer from a server-side request forgery vulnerability via WebDAV and a remote code execution vulnerability via the Widget Connector macro.
6815f5ede86e6165662c3fa9e98b1bc174808159c2c011d507237ad6bf678d74Debian Linux Security Advisory 4416-1 - It was discovered that Wireshark, a network traffic analyzer, contained several vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE, ISAKMP, TCAP, ASN.1 BER and RPCAP, which could result in denial of service.
4923164315ffe830992b78c8a35bfbda2fe22b2efad866ef9a249b31f9b8e128Debian Linux Security Advisory 4417-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
5e827118d4314ce38b8836b0d62ca89321473ccc11177fb9d6e74b7283c8566aDebian Linux Security Advisory 4415-1 - An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed through passenger-status.
9f057adda00e1dddddac99f3a6b2a364e00a4afe17f66947a1eafacbfce8d8c0Debian Linux Security Advisory 4414-1 - Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication.
52726faf9972bdc40520b09e2dba843e9c6c6e50405257ad5e1b837a3c5deaa6Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
66af6d11ff1524600d3da7dd5b27b137b12a933dc70ed079ecfcc9f2d8333f71
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed