Mail Thread Index

• Date Index

• [security bulletin] MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities, security-alert
• Asserts considered harmful (or GMP spills its sensitive information), Jeffrey Walton
• [KIS-2018-01] Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability, Egidio Romano
• [KIS-2018-02] SugarCRM (WorkFlow module) PHP Code Injection Vulnerability, Egidio Romano
• [KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability, Egidio Romano
• [KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability, Egidio Romano
• [KIS-2018-03] SugarCRM (portal_get_related_notes) SQL Injection Vulnerability, Egidio Romano
• [KIS-2018-07] SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability, Egidio Romano
• [KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability, Egidio Romano
• [KIS-2018-05] SugarCRM (SaveDropDown) PHP Code Injection Vulnerability, Egidio Romano
• [SECURITY] [DSA 4362-1] thunderbird security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4363-1] python-django security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4364-1] ruby-loofah security update, Moritz Muehlenhoff
• System Down: A systemd-journald exploit, Qualys Security Advisory
• SEC Consult SA-20190109-0 :: Multiple Vulnerabilities in Cisco VoIP Phones (88xx series), SEC Consult Vulnerability Lab
• X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser, X41 D-Sec GmbH Advisories
• [SECURITY] [DSA 4365-1] tmpreaper security update, Moritz Muehlenhoff
• [SYSS-2018-011] Portier - SQL Injection, christian . pappas
• [SYSS-2018-011] Portier - Cryptographic Issues, christian . pappas
• [SYSS-2018-042] XSS in HMS Netbiter WS100 - CVE-2018-19694, Micha Borrmann
• [slackware-security] irssi (SSA:2019-011-01), Slackware Security Team
• [SECURITY] [DSA 4366-1] vlc security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4367-1] systemd security update, Salvatore Bonaccorso
• [slackware-security] zsh (SSA:2019-013-01), Slackware Security Team
• [SECURITY] [DSA 4368-1] zeromq3 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4369-1] xen security update, Moritz Muehlenhoff
• Microsoft Windows VCF File Insufficient UI Warning Remote Code Execution 0day ZDI-CAN-6920, apparitionsec
  • <Possible follow-ups>
  • Microsoft Windows VCF File Insufficient UI Warning Remote Code Execution 0day ZDI-CAN-6920, apparitionsec
• CVE-2018-13798 Siemens - SICAM A8000 Series Webinterface XXE DoS, Advisories
• [SECURITY] [DSA 4367-2] systemd regression update, Salvatore Bonaccorso
• [SYSS-2018-041] Mozilla Firefox - Information Exposure, vladimir . bostanov
• [SYSS-2018-043] Authentication Bypass in Kentix MultiSensor LAN - CVE-2018-19783, Micha Borrmann
• [SECURITY] [DSA 4370-1] drupal7 security update, Moritz Muehlenhoff
• Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability, Stefan Kanthak
• CA20190117-01: Security Notice for CA Service Desk Manager, Kevin Kotas
• [Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE, Pedro Ribeiro
• [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets, Security Explorations
• [SECURITY] [DSA 4371-1] apt security update, Yves-Alexis Perez
• APPLE-SA-2019-1-22-1 iOS 12.1.3, Apple Product Security
• APPLE-SA-2019-1-22-6 iCloud for Windows 7.10, Apple Product Security
• APPLE-SA-2019-1-22-5 Safari 12.0.3, Apple Product Security
• APPLE-SA-2019-1-22-3 watchOS 5.1.3, Apple Product Security
• APPLE-SA-2019-1-22-4 tvOS 12.1.2, Apple Product Security
• CVE-2018-13042 - 1Password Android < 7.0 - Denial Of Service, Valerio Brussani
• APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, Apple Product Security
• [slackware-security] httpd (SSA:2019-022-01), Slackware Security Team
• [RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export, RedTeam Pentesting GmbH
• [RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval, RedTeam Pentesting GmbH
• [RT-SA-2018-004] Cisco RV320 Command Injection, RedTeam Pentesting GmbH
• APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows, Apple Product Security
• SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI), SEC Consult Vulnerability Lab
• CVE-2019-6690: Improper Input Validation in python-gnupg, Stig Palmquist
• [SECURITY] [DSA 4372-1] ghostscript security update, Salvatore Bonaccorso
• Microsoft Windows ".contact" File HTML Injection Mailto: Link Remote Code Execution 0day ZDI-CAN-75, apparitionsec
• [SECURITY] [DSA 4373-1] coturn security update, Yves-Alexis Perez
• [SECURITY] [DSA 4374-1] qtbase-opensource-src security update, Sebastien Delafond
• Fwd: CA20190124-01: Security Notice for CA Automic Workload Automation, James Williams
• [SECURITY] [DSA 4375-1] spice security update, Salvatore Bonaccorso
• [slackware-security] mozilla-firefox (SSA:2019-029-01), Slackware Security Team
• [SECURITY] [DSA 4376-1] firefox-esr security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4377-1] rssh security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4378-1] php-pear security update, Salvatore Bonaccorso
• [slackware-security] Slackware 14.2 kernel (SSA:2019-030-01), Slackware Security Team