Mail Thread Index

• Date Index

• [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS, Martin
• [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server, Martin
• Windows PowerShell ISE / Filename Parsing Flaw Remote Code Execution 0day, apparitionsec
• [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310), matthias . deeg
• 2019 Public Bug bounty launched, Reports
• [Newsletter/Marketing] [ISN] Attackers Used Red-Team, Pen-Testing Tools to Hack Wipro, InfoSec News
• [Newsletter/Marketing] [ISN] MITRE asks vendors to do more to detect stealthy hacks, InfoSec News
• [Newsletter/Marketing] [ISN] Going Toe-to-Toe With Ukraine's Separatist Hackers, InfoSec News
• [Newsletter/Marketing] [ISN] Wall Street spending big to protect against hacking: report, InfoSec News
• [Newsletter/Marketing] [ISN] Subscribing and Unsubscribing from InfoSec News, InfoSec News
• [Newsletter/Marketing] [ISN] After account hacks, Twitch streamers take security into their own hands, InfoSec News
• [Newsletter/Marketing] [ISN] DHS Orders Agencies to Patch Critical Vulnerabilities Within 15 Days, InfoSec News
• [Newsletter/Marketing] [ISN] Executive Order on America's Cybersecurity Workforce, InfoSec News
• [Newsletter/Marketing] [ISN] Hackers Steal and Ransom Financial Data Related to Some of the World's Largest Companies, InfoSec News
• [Newsletter/Marketing] [ISN] Why local governments are a hot target for cyberattacks, InfoSec News
• [Newsletter/Marketing] [ISN] Hundreds of Orpak gas station systems can be easily hacked thanks to hardcoded passwords, InfoSec News
• [Newsletter/Marketing] [ISN] Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are -- oh no, wait, it's Cisco again, InfoSec News
• [Newsletter/Marketing] [ISN] Spot the not-Fed: A day at AvengerCon, the Army's answer to hacker conferences, InfoSec News
• [SECURITY] [DSA 4438-1] atftp security update, Salvatore Bonaccorso
• SEC Consult SA-20190509-0 :: Multiple Vulnerabilities in Gemalto (Thales Group) DS3 Authentication Server / Ezio Server, SEC Consult Vulnerability Lab
• dotCMS v5.1.1 Vulnerabilities, John Martinelli
• [SECURITY] [DSA 4439-1] postgresql-9.6 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4440-1] bind9 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4441-1] symfony security update, Sebastien Delafond
• SEC Consult SA-20190510-0 :: Unauthenticated SQL Injection vulnerability in OpenProject, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4442-1] ghostscript security update, Salvatore Bonaccorso
• SEC Consult SA-20190513-0 :: Cleartext message spoofing in supplementary Go Cryptography Libraries (@sec_consult), SEC Consult Vulnerability Lab
• Re: System Down: A systemd-journald exploit, Qualys Security Advisory
• APPLE-SA-2019-5-13-1 iOS 12.3, Apple Product Security
• APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, Apple Product Security
• APPLE-SA-2019-5-13-3 tvOS 12.3, Apple Product Security
• APPLE-SA-2019-5-13-4 watchOS 5.2.1, Apple Product Security
• APPLE-SA-2019-5-13-6 Apple TV Software 7.3, Apple Product Security
• APPLE-SA-2019-5-13-5 Safari 12.1.1, Apple Product Security
• [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services, Joshua Mulliken
  • <Possible follow-ups>
  • [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services, joshua
• [SECURITY] [DSA 4443-1] samba security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4442-2] cups-filters regression update, Salvatore Bonaccorso
• [SECURITY] [DSA 4445-1] drupal7 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4444-1] linux security update, Salvatore Bonaccorso
• [SECURITY] [DSA 4446-1] lemonldap-ng security update, Moritz Muehlenhoff
• FreeBSD Security Advisory FreeBSD-SA-19:03.wpa, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:05.pf, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:06.pf, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:04.ntp, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-19:07.mds, FreeBSD Security Advisories
  • <Possible follow-ups>
  • FreeBSD Security Advisory FreeBSD-SA-19:07.mds, FreeBSD Security Advisories
• [SECURITY] [DSA 4447-1] intel-microcode security update, Moritz Muehlenhoff
• SEC Consult SA-20190515-0 :: Authorization Bypass in RSA NetWitness (@sec_consult), SEC Consult Vulnerability Lab
• FreeBSD Security Advisory FreeBSD-SA-19:07.mds [REVISED], FreeBSD Security Advisories
• [slackware-security] rdesktop (SSA:2019-135-01), Slackware Security Team
• [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway, RedTeam Pentesting GmbH
• local privilege escalation via CDE dtprintinfo, Marco Ivaldi
• Emerson Network Power Cross Site Scripting(XSS) Vulnerability, Kubilay Onur Gungor
• Advisory: security controls configured in php.ini could be bypassed on Linux, Imre Rad
• WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003, Michael Catanzaro
• CSRF in Darktrace Enterprise Immune System <=3.0.10, Gerwout Van der Veen
• [REVIVE-SA-2019-002] Revive Adserver Vulnerability, Matteo Beccati
• [slackware-security] mozilla-firefox (SSA:2019-141-01), Slackware Security Team
• [SYSS-2019-002] Blue Prism Robotic Process Automation (RPA) - Privilege Escalation, benjamin . hess
• Anviz M3 RFID Access Control security issues, Marco
• [SECURITY] [DSA 4448-1] firefox-esr security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4449-1] ffmpeg security update, Moritz Muehlenhoff
• Bitbucket Server security advisory 2019-05-22, Anton Black
• [slackware-security] curl (SSA:2019-142-01), Slackware Security Team
• [CVE-2019-11604] Quest KACE Systems Management Appliance <= 9.0 kbot_service_notsoap.php METHOD Reflected Cross-Site Scripting, RCE Security
• [SECURITY] [DSA 4450-1] wpa security update, Yves-Alexis Perez
• MacOS X GateKeeper Bypass, Filippo Cavallarin
• CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication, Kevin Kotas
• [SECURITY] [DSA 4451-1] thunderbird security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4452-1] jackson-databind security update, Moritz Muehlenhoff
• Crowd Security Advisory - 2019-05-22, Atlassian
• APPLE-SA-2019-5-28-2 iCloud for Windows 7.12, Apple Product Security
• APPLE-SA-2019-5-28-1 iTunes for Windows 12.9.5, Apple Product Security
• [SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321), matthias . deeg
• [SYSS-2019-013]: Siemens LOGO! 8 - Missing Authentication for Critical Function (CWE-306), matthias . deeg
• [SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257), matthias . deeg
• [SECURITY] [DSA 4453-1] openjdk-8 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4454-1] qemu security update, Moritz Muehlenhoff
• APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1, Apple Product Security
• Unauthorized Access Vulnerability in ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)), Onur Onur
  • <Possible follow-ups>
  • Unauthorized Access Vulnerability in ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)), Onur Onur