BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 57 min 4 sec ago

CSNC-2018-016 - ownCloud iOS Application - Cross-Site Scripting

2 hours 5 min ago

Posted by Advisories on Aug 15

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: ownCloud iOS Application (owncloud.iosapp) [1]
# Vendor: ownCloud Gmbh
# CSNC ID: CSNC-2018-016
# CVE ID: N/A
# Subject: Cross-Site Scripting in ownCloud iOS Application's WebViews
# Risk: Low
# Effect:...
Categories:

CSNC-2018-023 - Atmosphere Framework - Reflected Cross-Site Scripting (XSS)

2 hours 9 min ago

Posted by Advisories on Aug 15

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Atmosphere [1]
# Vendor: Async-IO.org
# CSNC ID: CSNC-2018-023
# Subject: Reflected Cross-Site Scripting (XSS)
# Risk: High
# Effect: Remotely exploitable
# Author: Lukasz D. (advisories ()...
Categories:

FreeBSD Security Advisory FreeBSD-SA-18:11.hostapd

4 hours 51 min ago

Posted by FreeBSD Security Advisories on Aug 14

=============================================================================
FreeBSD-SA-18:11.hostapd Security Advisory
The FreeBSD Project

Topic: Unauthenticated EAPOL-Key Decryption Vulnerability

Category: contrib
Module: wpa
Announced: 2018-08-14
Credits: Mathy Vanhoef of the imec-DistriNet research group of...
Categories:

FreeBSD Security Advisory FreeBSD-SA-18:10.ip

4 hours 56 min ago

Posted by FreeBSD Security Advisories on Aug 14

=============================================================================
FreeBSD-SA-18:10.ip Security Advisory
The FreeBSD Project

Topic: Resource exhaustion in IP fragment reassembly

Category: core
Module: inet
Announced: 2018-08-14
Credits: Juha-Matti Tilli <juha-matti.tilli () iki fi> from...
Categories:

FreeBSD Security Advisory FreeBSD-SA-18:09.l1tf

4 hours 59 min ago

Posted by FreeBSD Security Advisories on Aug 14

=============================================================================
FreeBSD-SA-18:09.l1tf Security Advisory
The FreeBSD Project

Topic: L1 Terminal Fault (L1TF) Kernel Information Disclosure

Category: core
Module: Kernel
Announced: 2018-08-14
Affects: All supported versions of FreeBSD.
Corrected:...
Categories:

FreeBSD Security Advisory FreeBSD-SA-18:08.tcp

5 hours 3 min ago

Posted by FreeBSD Security Advisories on Aug 14

=============================================================================
FreeBSD-SA-18:08.tcp Security Advisory
The FreeBSD Project

Topic: Resource exhaustion in TCP reassembly

Category: core
Module: inet
Announced: 2018-08-06
Credits: Juha-Matti Tilli <juha-matti.tilli () iki fi> from...
Categories:

[slackware-security] openssl (SSA:2018-226-01)

5 hours 25 min ago

Posted by Slackware Security Team on Aug 14

[slackware-security] openssl (SSA:2018-226-01)

New openssl packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2p-i586-1_slack14.2.txz: Upgraded.
This update fixes two low severity security issues:
Client DoS due to large DH parameter.
Cache timing vulnerability in RSA Key Generation.
For more...
Categories:

[SECURITY] [DSA 4272-1] linux security update

5 hours 29 min ago

Posted by Salvatore Bonaccorso on Aug 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4272-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2018-5391

CVE-2018-5391...
Categories:

Defense in depth -- the Microsoft way (part 57): all the latest MSVCRT installers allow escalation of privilege

August 14, 2018 - 11:11am

Posted by Stefan Kanthak on Aug 14

Hi @ll,

about 6 weeks ago, Microsoft updated their MSKB article
<https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads>,
listing the current/lastest downloads of their MSVCRT alias
Microsoft Visual C++ Redistributable for Visual Studio 201x

Guess what Microsoft used to build the executable installers
offered on that page: COMPLETELY outdated versions 3.7.3813.0
(and before) of Wix Toolset, which NOBODY...
Categories:

X41 D-Sec GmbH Security Advisory X41-2018-005: Multiple Vulnerabilities in Apple smartcardservices

August 14, 2018 - 9:41am

Posted by X41 D-Sec GmbH Advisories on Aug 14

X41 D-Sec GmbH Security Advisory: X41-2018-005

Multiple Vulnerabilities in Apple smartcardservices
===================================================

Overview
--------
Confirmed Affected Versions: e3eb96a6eff9d02497a51b3c155a10fa5989021f
Confirmed Patched Versions: 8eef01a5e218ae78cc358de32213b50a601662de
Vendor: Apple
Vendor URL: https://smartcardservices.github.io/
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:...
Categories:

X41 D-Sec GmbH Security Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC

August 14, 2018 - 9:40am

Posted by X41 D-Sec GmbH Advisories on Aug 14

X41 D-Sec GmbH Security Advisory: X41-2018-002

Multiple Vulnerabilities in OpenSC
==================================

Overview
--------
Confirmed Affected Versions: 0.18.0
Confirmed Patched Versions: possibly 0.19.0
Vendor: OpenSC
Vendor URL: https://github.com/OpenSC/OpenSC
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/

Summary and Impact
------------------...
Categories:

X41 D-Sec GmbH Security Advisory X41-2018-003: Multiple Vulnerabilities in pam_pkcs11

August 14, 2018 - 9:38am

Posted by X41 D-Sec GmbH Advisories on Aug 14

X41 D-Sec GmbH Security Advisory: X41-2018-003

Multiple Vulnerabilities in pam_pkcs11
======================================

Overview
--------
Confirmed Affected Versions: 0.6.9
Confirmed Patched Versions: -
Vendor: Unmaintained
Vendor URL: https://github.com/OpenSC/pampkcs11
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-003-pampkcs11/

Summary and Impact
------------------...
Categories:

X41 D-Sec GmbH Security Advisory X41-2018-004: Multiple Vulnerabilities in Yubico libykneomgr

August 14, 2018 - 9:37am

Posted by X41 D-Sec GmbH Advisories on Aug 14

X41 D-Sec GmbH Security Advisory: X41-2018-004

Multiple Vulnerabilities in Yubico libykneomgr
==============================================

Overview
--------
Confirmed Affected Versions: 0.1.9
Confirmed Patched Versions: -
Vendor: Yubico / Depreciated
Vendor URL: https://www.yubico.com/
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/

Summary and Impact...
Categories:

X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv

August 14, 2018 - 9:31am

Posted by X41 D-Sec GmbH Advisories on Aug 14

X41 D-Sec GmbH Security Advisory: X41-2018-001

Multiple Vulnerabilities in Yubico Piv
======================================

Overview
--------
Confirmed Affected Versions: 1.5.0
Confirmed Patched Versions: 1.6.0
Vendor: Yubico
Vendor URL: https://www.yubico.com/
Vendor Advisory URL: https://www.yubico.com/support/security-advisories
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:...
Categories:

[SECURITY] [DSA 4271-1] samba security update

August 14, 2018 - 9:27am

Posted by Salvatore Bonaccorso on Aug 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4271-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : samba
CVE ID : CVE-2018-10858 CVE-2018-10919...
Categories:

ASUSTOR NAS ADM - 3.1.0 Remote Command Execution, SQL Injections

August 14, 2018 - 3:48am

Posted by kyle Lovett on Aug 14

Product - ASUSTOR ADM - 3.1.0.RFQ3 and all previous builds
Vendor - https://www.asustor.com/
Patch Notes - http://download.asustor.com/download/docs/releasenotes/RN_ADM_3.1.3.RHU2.pdf

Issue: The Asustor NAS appliance on ADM 3.1.0 and before suffer from
multiple critical vulnerabilities. The vulnerabilities were submitted
to Asustor in January and February 2018. Several follow-up requests
were made in an attempt to obtain vendor acknowledgement,...
Categories:

[SECURITY] [DSA 4267-1] kamailio security update

August 8, 2018 - 11:59pm

Posted by Salvatore Bonaccorso on Aug 08

-------------------------------------------------------------------------
Debian Security Advisory DSA-4267-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 08, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : kamailio
CVE ID : CVE-2018-14767

Henning...
Categories:

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

August 8, 2018 - 10:10am

Posted by Joachim De Zutter on Aug 08

CVE ID: CVE-2018-12584

TIMELINE

Bug report with test code sent to main reSIProcate developers: 2018-06-15
Patch created by Scott Godin: 2018-06-18
CVE ID assigned: 2018-06-19
Patch committed to reSIProcate repository: 2018-06-21
Advisory first published on website: 2018-06-22
Advisory sent to Bugtraq mailing list: 2018-08-08

DESCRIPTION

A heap overflow can be triggered in the reSIProcate SIP stack when TLS is
enabled....
Categories:

CA20180802-01: Security Notice for CA API Developer Portal

August 8, 2018 - 8:55am

Posted by Kotas, Kevin J on Aug 08

CA20180802-01: Security Notice for CA API Developer Portal

Issued: August 2, 2018
Last Updated: August 2, 2018

CA Technologies Support is alerting customers to a potential risk
with CA API Developer Portal. A medium risk vulnerability exists that
can allow a remote attacker to conduct reflected cross-site scripting
attacks. CA published solutions to address the vulnerability.

The vulnerability, CVE-2018-6590, occurs due to insufficient...
Categories:

[CVE-2018-14429] man-cgi < 1.16 Local File Include

August 8, 2018 - 8:53am

Posted by eL_Bart0 on Aug 08

man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a
Parameter (e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd) the Script will read and return the local file. This
is happening because of the way the Script calls the "man" command. Tests have shown that "man /some/random/file"
(depending on it's configuration) will first try to locate a manual...
Categories: