Riasztások

Calling all breakers & builders: BlueHat Seattle registration is open!

Exciting changes are coming to BlueHat Seattle 2019! If you’d like to attend this premier security conference, we have good news for you: registration for BlueHat Seattle is now open and we hope you register.   Wait, isn’t BlueHat invitation-only? It is…but if we haven’t sent you an invitation, we encourage you to request a seat. Visit our registration site and tell us a little bit about yourself. We’re reviewing all application requests and will send a confirmation if you are selected.   The BlueHat conference team is creating an engaging two-day agenda to provide a …

Calling all breakers & builders: BlueHat Seattle registration is open! Read More »

The post Calling all breakers & builders: BlueHat Seattle registration is open! appeared first on Microsoft Security Response Center.

Linux security Advisories · 2019. szeptember 16.

Fedora 30: kmplayer FEDORA-2019-9b1da08d62

- Update to 0.12.0b - Clean up SPEC - Remove patches - Use sed for make Phonon default - Use KF5 instead of KDE4 - Renew URLs - CVE-2019-9133
Linux security Advisories · 2019. szeptember 16.

RedHat: RHSA-2019-2777:01 Important: qpid-proton security update

An update for qpid-proton is now available for Red Hat Satellite 6.5 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Linux security Advisories · 2019. szeptember 16.

openSUSE: 2019:2143-1: moderate: podman

An update that fixes one vulnerability is now available.
Linux security Advisories · 2019. szeptember 16.

openSUSE: 2019:2142-1: moderate: samba

An update that solves one vulnerability and has one errata is now available.
Cisco Security Advisories · 2019. szeptember 16.

Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

A vulnerability in the IP Version 6 (IPv6) packet processing functions of multiple Cisco products could allow an unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device.

The vulnerability is due to insufficient processing logic for crafted IPv6 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 Neighbor Discovery (ND) packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to stop processing IPv6 traffic, leading to a DoS condition on the device.

This vulnerability is not Cisco specific: any IPv6 processing unit not capable of dropping such packets early in the processing path or in hardware is affected by this vulnerability.

Cisco will release software updates that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
Security Impact Rating: High
CVE: CVE-2016-1409
NVD: all CVE · 2019. szeptember 16.

CVE-2019-4147

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
NVD: all CVE · 2019. szeptember 16.

CVE-2019-5481

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
NVD: all CVE · 2019. szeptember 16.

CVE-2019-5482

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
NVD: fully analised CVE · 2019. szeptember 16.

CVE-2019-8368 (openemr)

OpenEMR v5.0.1-6 allows XSS.
NVD: all CVE · 2019. szeptember 16.

CVE-2019-15741

An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
NVD: all CVE · 2019. szeptember 16.

CVE-2019-16370

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.
NVD: all CVE · 2019. szeptember 16.

CVE-2019-16371

LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be bypassed via clickjacking.
NVD: all CVE · 2019. szeptember 16.

CVE-2019-8368 (openemr)

OpenEMR v5.0.1-6 allows XSS.
NVD: all CVE · 2019. szeptember 16.

CVE-2019-15734

An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.
NVD: all CVE · 2019. szeptember 16.

CVE-2019-15736

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.
NVD: all CVE · 2019. szeptember 16.

CVE-2019-15737

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.
NVD: all CVE · 2019. szeptember 16.

CVE-2019-15738

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.
NVD: all CVE · 2019. szeptember 16.

CVE-2019-15739

An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
NVD: all CVE · 2019. szeptember 16.

CVE-2019-15740

An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.