Mail Index

• Thread Index

• Microsoft Windows .Group File / URL Field Code Execution
  • From: apparitionsec
• [RT-SA-2019-016] IceWarp: Cross-Site Scripting in Notes
  • From: RedTeam Pentesting GmbH
• [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information)
  • From: Thierry Zoller
• [TZO-02-2020] Kaspersyk Generic Malformed Archive Bypass (ZIP GFlag)
  • From: Thierry Zoller
• [TZO-01-2020] AVIRA Generic Malformed Container bypass (ISO)
  • From: Thierry Zoller
• [RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts
  • From: RedTeam Pentesting GmbH
• [TZO-04-2020] Bitdefender Generic Malformed Archive Bypass (BZ2)
  • From: Thierry Zoller
• [SECURITY] [DSA 4597-1] netty security update
  • From: Salvatore Bonaccorso
• [slackware-security] mozilla-firefox (SSA:2020-006-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4599-1] wordpress security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 4598-1] python-django security update
  • From: Salvatore Bonaccorso
• [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)
  • From: Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2020-009-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4600-1] firefox-esr security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4601-1] ldm security update
  • From: Moritz Muehlenhoff
• [TZO-07-2020] Bitdefender Generic Malformed Archive Bypass (RAR HOST_OS)
  • From: Thierry Zoller
• [TZO-05-2020] Kaspersky Generic Malformed Archive Bypass (ZIP Compressed Size)
  • From: Thierry Zoller
• [TZO-06-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)
  • From: Thierry Zoller
• [TZO-08-2020] Bitdefender Generic Malformed Archive Bypass (ZIP GPFLAG)
  • From: Thierry Zoller
• [slackware-security] mozilla-thunderbird (SSA:2020-010-01)
  • From: Slackware Security Team
• [TZO-10-2020] - Bitdefender Malformed Archive bypass (RAR Compression Information)
  • From: Thierry Zoller
• [TZO-09-2020] - Bitdefender Malformed Archive bypass (RAR Uncompressed Size)
  • From: Thierry Zoller
• [SECURITY] [DSA 4602-1] xen security update
  • From: Moritz Muehlenhoff
• CVE-2020-2696 - Local privilege escalation via CDE dtsession
  • From: Marco Ivaldi
• CVE-2020-2656 - Low impact information disclosure via Solaris xlock
  • From: Marco Ivaldi
• [SECURITY] [DSA 4605-1] openjdk-11 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4604-1] cacti security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4603-1] thunderbird security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4606-1] chromium security update
  • From: Michael Gilbert
• Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357
  • From: apparitionsec
• Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697
  • From: apparitionsec
• Neowise CarbonFTP v1.4 Insecure Proprietary Password Encryption CVE-2020-6857
  • From: apparitionsec
• [SECURITY] [DSA 4607-1] openconnect security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 4608-1] tiff security update
  • From: Moritz Muehlenhoff
• [REVIVE-SA-2020-001] Revive Adserver Vulnerability
  • From: Matteo Beccati
• SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus
  • From: SEC Consult Vulnerability Lab
• SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4609-1] python-apt security update
  • From: Moritz Muehlenhoff
• WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001
  • From: Carlos Alberto Lopez Perez
• [slackware-security] mozilla-thunderbird (SSA:2020-024-01)
  • From: Slackware Security Team
• CVE - CVE-2020-7799 - FusionAuth command execution via Apache Freemarker Template
  • From: Gianluca Baldi
• LPE and RCE in OpenSMTPD (CVE-2020-7247)
  • From: Qualys Security Advisory
• Defense in depth -- the Microsoft way (part 61): security features are built to fail (or documented wrong)
  • From: Stefan Kanthak
• APPLE-SA-2020-1-28-6 iTunes for Windows 12.10.4
  • From: Apple Product Security
• APPLE-SA-2020-1-28-5 Safari 13.0.5
  • From: Apple Product Security
• APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1
  • From: Apple Product Security
• FreeBSD Security Advisory FreeBSD-SA-20:03.thrmisc
  • From: FreeBSD Security Advisories
• APPLE-SA-2020-1-28-3 watchOS 6.1.2
  • From: Apple Product Security
• APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra
  • From: Apple Product Security
• APPLE-SA-2020-1-28-4 tvOS 13.3.1
  • From: Apple Product Security
• FreeBSD Security Advisory FreeBSD-SA-20:01.libfetch
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-20:02.ipsec
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 4611-1] opensmtpd security update
  • From: Moritz Muehlenhoff
• APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2
  • From: Apple Product Security
• APPLE-SA-2020-1-29-1 iCloud for Windows 7.17
  • From: Apple Product Security
• [SECURITY] [DSA 4610-1] webkit2gtk security update
  • From: Moritz Muehlenhoff
• [CVE-2019-20358] CVE-2019-9491 in Trend Micro Anti-Threat Toolkit (ATTK) was NOT properly FIXED
  • From: Stefan Kanthak
• Executable installers are vulnerable^WEVIL (case 58): Intel® Processor Identification Utility - Windows* Version - arbitrary code execution with escalation of privilege
  • From: Stefan Kanthak