IS Security CERT Global

• VU#790507: Oracle Solaris vulnerable to arbitrary code execution via /proc/self
  The process file system(/proc)in Oracle Solaris 11 and Solaris 10 provides a self/alias that refers to the current executing process's PID subdirectory with state information about the process. Protection mechanisms ... read more
• JVN: LLVM の Arm バックエンドにおいてスタック保護機構が機能しなくなる問題
  LLVM の Arm バックエンドにおいて、スタック保護機構が正常に機能せずバッファオーバーフローが検知できなくなる問題があります。続きを読む ... read more
• Aggiornamenti di sicurezza critici per prodotti Oracle (luglio 2019)
  Oracle ha rilasciato la Critical Patch Update di luglio 2019, che contiene un totale di 319 fix di sicurezza per decine di prodotti e componenti Oracle. ... read more
• Flertalet kritiska sårbarheter i Oracle-produkter
  Oracle har släppt 319 stycken säkerhetsuppdateringar för 119 olika produkter [1]. Av dessa har 52 stycken ett CVSS-värde 9.0 eller högre och kan därför klassas som kritiska. Sårbarheterna möjliggör ... read more
• Vulnerabilidad de omisión de seguridad en Windows Defender Application Control (WDAC)
  Fecha de publicación: 17/07/2019 Importancia: Alta Recursos afectados: PowerShell Core versiones 6.1 y 6.2. Descripción: Microsoft ha corregido una vulnerabilidad fuera de ciclo, que afectaba a su ... read more
• Actualizaciones críticas en Oracle (julio 2019)
  Fecha de publicación: 17/07/2019 Importancia: Crítica Recursos afectados: Application Express, versiones 5.1, 18.2; Diagnostic Assistant, versiones anteriores a 2.12.36; Enterprise Manager Base Platform, versiones 12.1.0.5.0, 13.2.0.0.0, 13.3.0.0.0; Enterprise ... read more
• Actualizaciones críticas en Oracle (julio 2019)
  Publication date: 07/17/2019 Importance: Crítica Affected resources: Application Express, versiones 5.1, 18.2; Diagnostic Assistant, versiones anteriores a 2.12.36; Enterprise Manager Base Platform, versiones 12.1.0.5.0, 13.2.0.0.0, 13.3.0.0.0; Enterprise Manager ... read more
• Vulnerabilidad de omisión de seguridad en Windows Defender Application Control (WDAC)
  Publication date: 07/17/2019 Importance: Alta Affected resources: PowerShell Core versiones 6.1 y 6.2. Description: Microsoft ha corregido una vulnerabilidad fuera de ciclo, que afectaba a su producto ... read more
• Oracle lukker 319 sårbarheder
  319 sårbarheder på tværs af produkter. Det er indholdet i den opdateringspakke, som Oracle netop har udsendt. Flere af dem kan potentielt give uvedkommende adgang til afvikling af ondsindet kode på ... read more
• CVE-2019-13623
  Gravedad: NonePublicado: 16/07/2019Last revised: 16/07/2019Descripción: *** Pendiente de traducción *** In NSA Ghidra through 9.0.4, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an ... read more
• CVE-2019-13625
  Gravedad: NonePublicado: 16/07/2019Last revised: 16/07/2019Descripción: *** Pendiente de traducción *** NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated ... read more
• CVE-2019-13624
  Gravedad: NonePublicado: 16/07/2019Last revised: 16/07/2019Descripción: *** Pendiente de traducción *** In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command. ... read more
• Aggiornamenti di sicurezza per Google Chrome (luglio 2019)
  Google ha rilasciato un aggiornamento di sicurezza per la versione 75 del suo browser Chrome per Windows, macOS e Linux. ... read more
• ASB-2019.0219 – [Win][UNIX/Linux] Oracle Hyperion: Multiple vulnerabilities
  Member only content. Please view on site after logging in. ... read more
• ASB-2019.0217 – [Win][UNIX/Linux] Oracle Financial Services Applications: Multiple vulnerabilities
  Member only content. Please view on site after logging in. ... read more
• ASB-2019.0220 – [Win][UNIX/Linux] Oracle Fusion Middleware: Multiple vulnerabilities
  Member only content. Please view on site after logging in. ... read more
• ASB-2019.0216 – [Win][UNIX/Linux] Siebel Applications: Multiple vulnerabilities
  Member only content. Please view on site after logging in. ... read more
• ASB-2019.0221 – [Win][UNIX/Linux] Oracle Enterprise Manager Products Suite: Multiple vulnerabilities
  Member only content. Please view on site after logging in. ... read more
• ASB-2019.0218 – [Win][UNIX/Linux] Oracle Insurance Applications: Multiple vulnerabilities
  Member only content. Please view on site after logging in. ... read more
• ESB-2019.2643 – [Win][UNIX/Linux] Moodle: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2643 Moodle Security Advisory 17 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Moodle Publisher: Moodle Operating ... read more
• ESB-2019.2642 – [RedHat] perl: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2642 Important: perl security update 17 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: perl Publisher: Red ... read more
• NCSC Releases 2019 Active Cyber Defence Report
  Original release date: July 16, 2019The United Kingdom’s National Cyber Security Centre (NCSC) has released their 2019 Active Cyber Defence (ACD) report, which provides an analysis of program outcomes throughout ... read more
• ESB-2019.2641 – [RedHat] Red Hat JBoss BPM Suite 6.4.12: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2641 Important: Red Hat JBoss BPM Suite 6.4.12 security update 17 July 2019 =========================================================================== AusCERT Security Bulletin Summary ... read more
• ESB-2019.2639 – [RedHat] keepalived: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2639 Important: keepalived security update 17 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: keepalived Publisher: Red ... read more
• ESB-2019.2638 – [RedHat] libssh2: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2638 Important: libssh2 security update 17 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libssh2 Publisher: Red ... read more
• ESB-2019.2637 – [RedHat] thunderbird: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2637 Important: thunderbird security and bug fix update 17 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ... read more
• ESB-2019.2640 – [RedHat] vim: Execute arbitrary code/commands – Remote with user interaction
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2640 Important: vim security update 17 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: vim Publisher: Red ... read more
• ESB-2019.2636 – [RedHat] 389-ds-base: Denial of service – Remote/unauthenticated
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2636 Important: 389-ds-base security update 17 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: 389-ds-base Publisher: Red ... read more
• Microsoft Releases Security Updates for PowerShell Core
  Original release date: July 16, 2019Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An attacker could exploit this vulnerability to take control of ... read more
• DHS Webinar: Cybersecurity Threats to the Healthcare Sector
  Original release date: July 16, 2019The Department of Homeland Security (DHS) and the American Hospital Association (AHA) are conducting a webinar focused on current cybersecurity threats to the healthcare sector. ... read more
• Oracle Releases July 2019 Security Bulletin
  Original release date: July 16, 2019Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple products. A remote attacker could exploit some of these ... read more
• CVE-2019-3571
  An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension. ... read more
• IRS Releases Six Cybersecurity Safeguards
  Original release date: July 16, 2019The Internal Revenue Service (IRS) has issued a news release outlining six cybersecurity safeguards to protect computers, email, and sensitive data. The recommendations are part ... read more
• CVE-2019-5447 (http-file-server)
  A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders. ... read more
• CVE-2019-0999 (windows_10, windows_server_2016)
  An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. ... read more
• CVE-2019-1085 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)
  An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'. ... read more
• CVE-2019-12990
  Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. ... read more
• CVE-2019-12991
  Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). ... read more
• CVE-2019-13115
  In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds write in the way packets are read from the server. A remote attacker ... read more
• CVE-2019-12987
  Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). ... read more
• CVE-2019-12834
  In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI. ... read more
• CVE-2019-6160
  A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. ... read more
• CVE-2019-12985
  Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). ... read more
• CVE-2019-9700
  Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order ... read more
• CVE-2019-10190
  A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would ... read more
• CVE-2019-12989
  Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. ... read more
• CVE-2019-12992
  Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). ... read more
• CVE-2019-13359
  In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to ... read more
• CVE-2019-13360
  In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username. ... read more
• CVE-2019-13605
  In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must ... read more