Saturday, October 19, 2019

Adobe

Security Bulletins Posted

Adobe has published security bulletins for Adobe Experience Manager (APSB19-48), Adobe Acrobat and Reader (APSB19-49), Adobe Experience Manager Forms (APSB19-50) and Adobe Download Manager (APSB19-51). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no...

Upcoming Security Updates for Adobe Acrobat and Reader (APSB19-49)

A prenotification security advisory (APSB19-49) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, October 15, 2019. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog. This posting is provided “AS IS”...

Security Updates Available for ColdFusion (APSB19-47)

Adobe has published a Security Bulletin (APSB19-47) for ColdFusion versions 2018 and 2016. These updates resolve two critical and one moderate vulnerability that could lead to arbitrary code execution and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.

Android

Apple

Apple Security Advisory 2019-10-11-1

Apple Security Advisory 2019-10-11-1 - Swift 5.1.1 for Ubuntu is now available and addresses an issue with data disclosure.

Apple Security Advisory 2019-10-07-4

Apple Security Advisory 2019-10-07-4 - iCloud for Windows 7.14 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2019-10-07-3

Apple Security Advisory 2019-10-07-3 - iCloud for Windows 10.7 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2019-10-07-2

Apple Security Advisory 2019-10-07-2 - iTunes for Windows 12.10.1 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

AWS

Kubernetes Security Issue (CVE-2019-11249)

Last Updated: August 15, 2019 9:00AM PDT CVE Identifier: CVE-2019-11249 AWS is aware of a security issue (CVE-2019-11249) which resolves incomplete fixes for CVE-2019-1002101 and CVE-2019-11246. Like the aforementioned CVEs, the issue is in the Kubernetes kubectl tool that could allow a malicious container to replace or create files...

Kubernetes Security Issue (CVE-2019-11246)

July 02, 2019 2:00 PM PDT CVE Identifier: CVE-2019-11246 AWS is aware of a security vulnerability (CVE-2019-11246) in the Kubernetes kubectl tool that could allow a malicious container to replace or create files on a user's workstation. If a user were to run an untrusted container containing a malicious...

Linux Kernel TCP SACK Denial of Service Issues

June 17, 2019 10:00AM PDT CVE Identifiers: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 AWS is aware of three recently-disclosed issues which affect the TCP processing subsystem of the Linux kernel. Specifically, a malicious TCP client or server can transmit a specially crafted series of packets that may cause the Linux kernel of any...

CERT

VU#927237: Multiple vulnerabilities in Pulse Secure VPN

Pulse Secure released an out-of-cycle advisory along with software patches for the various affected products on April 24,2019. This addressed a number of vulnerabilities including a Remote Code Execution(RCE)vulnerability with pre-authentication access. This vulnerability has no viable workarounds except for applying the patches provided by the vendor and performing...

VU#763073: iTerm2 with tmux integration is vulnerable to remote command execution

iTerm2 is a popular terminal emulator for macOS that supports terminal multiplexing using tmux integration and is frequently used by developers and system administrators. A vulnerability,identified as CVE-2019-9535,exists in the way that iTerm2 integrates with tmux's control mode,which may allow an attacker to execute arbitrary commands by providing malicious...

VU#719689: Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal

The Cobham EXPLORER 710 is a portable satellite terminal used to provide satellite telecommunications and internet access. For consistency,“device” mentioned in the following section is defined as the Cobham EXPLORER 710. The affected firmware version is 1.07 for all of the vulnerabilities listed below unless otherwise noted. CVE-2019-9529 The...

Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability

A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of FTP data. An attacker could exploit...

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API...

Citrix

Authentication Bypass Vulnerability in Citrix ADC and Citrix Gateway Management Interface

CTX261055 NewApplicable Products :  Citrix ADC, Citrix Gateway, NetScaler GatewayA vulnerability has been identified in the management interface of Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an attacker with access t

CVE-2019-TBD – Citrix Application Delivery Management (ADM) Console Security Update

CTX261735 NewApplicable Products :  Citrix Application Delivery ManagementAn authorisation bypass vulnerability was discovered in the Citrix Application Delivery Management (ADM) server. The vulnerability allows a Citrix ADM user with read-only privilege to access a managed instances with admin level permissions. The following d

Multiple Vulnerabilities in Citrix License Server for Windows and VPX

CTX261963 NewApplicable Products :  LicensingMultiple Denial-of-Service vulnerabilities have been identified in Citrix License Server for Windows and VPX that, when exploited, could result in an attacker being able to force the vendor service to shutdown. These vulnerabilities have been assigned the

Drupal

Drupal core – Critical – Access bypass – SA-CORE-2019-008

Project: Drupal coreDate: 2019-July-17Security risk: Critical 17∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassCVE IDs: CVE-2019-6342Description: In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4. Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and...

Drupal core – Moderately critical – Third-party libraries – SA-CORE-2019-007

Project: Drupal coreDate: 2019-May-08Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Third-party librariesDescription: This security release fixes third-party dependencies included in or required by Drupal core. As described in TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor: In order to intercept file invocations like file_exists or stat on compromised Phar archives the base name has to be...

Drupal core – Moderately critical – Cross Site Scripting – SA-CORE-2019-006

Project: Drupal coreDate: 2019-April-17Security risk: Moderately critical 10∕25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingDescription: The jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their release notes: jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extend(true, {}, ...). If an unsanitized...

F5 Networks

Linux kernel vulnerability CVE-2019-16089

Linux kernel vulnerability CVE-2019-16089 Security Advisory Security Advisory Description An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does ...

InfoZIP vulnerability CVE-2019-13232

InfoZIP vulnerability CVE-2019-13232 Security Advisory Security Advisory Description Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service ( ...

Vim/Neovim vulnerability CVE-2019-12735

Vim/Neovim vulnerability CVE-2019-12735 Security Advisory Security Advisory Description getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS ...

Ghostscript vulnerability CVE-2018-15909

Ghostscript vulnerability CVE-2018-15909 Security Advisory Security Advisory Description In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by ...

Have I Been Pwned?

Wanelo – 23,165,793 breached accounts

In approximately December 2018, the digital mall Wanelo suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019. A total of 23 million unique email addresses were included in the breach...

Lumin PDF – 15,453,048 breached accounts

In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a MongoDB instance after which Lumin PDF...

KiwiFarms – 4,606 breached accounts

In September 2019, the forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms suffered a data breach. The disclosure notice advised that email and IP addresses, dates of birth and content created by members were all exposed in the breach.

ICS-CERT

AVEVA Vijeo Citect and Citect SCADA

This advisory contains mitigations for a stack-based buffer overflow vulnerability in the AVEVA Vijeo Citect and Citect SCADA.

Horner Automation Cscape

This advisory contains mitigations for improper input validation and out-of-bounds write vulnerabilities in Horner Automation's Cscape control system application programming software.

Siemens Industrial Real-Time (IRT) Devices

This advisory includes mitigations for an improper input validation vulnerability reported in the Siemens Industrial Real-Time (IRT) devices.

Siemens PROFINET Devices

This advisory contains mitigations for an uncontrolled resource consumption vulnerability in Siemens PROFINET devices.

Juniper Networks

Magento

Microsoft

Introducing the ElectionGuard Bounty program

Announcing the new ElectionGuard Bounty program The post Introducing the ElectionGuard Bounty program appeared first on Microsoft Security Response Center.

Announcing the Security Researcher Quarterly Leaderboard

Right before Black Hat USA 2019, we announced our new researcher recognition program, and at Black Hat we announced the top researchers from the previous twelve months. Since it’s easier to track your progress with regular updates than with just an annual report, we are excited to announce the...

An intern’s experience with Rust

Over the course of my internship at the Microsoft Security Response Center (MSRC), I worked on the safe systems programming languages (SSPL) team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical network...

Oracle

Splunk

Splunk Enterprise and Splunk Light address one vulnerability

Description Splunk Enterprise and Splunk Light address one vulnerability Persistent Cross Site Scripting in Splunk Web (SPL-138827, CVE-2019-5727) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication...

Splunk-Python-SDK address one vulnerability

Description Splunk-Python-SDK address one vulnerability Untrusted TLS server certs verification is not present (CVE-2019-5729) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication with Splunk. If there...

Symantec

SYMSA1485-Symantec Endpoint Encryption Privilege Escalation

Symantec has released an update to address issues that were discovered in the Symantec Endpoint Encryption and Symantec Encryption Desktop products.

SYMSA1462-OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018

Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A malicious SSL/TLS server can send large DH parameters during connections using DH/DHE cipher suites and cause denial-of-service in the SSL/TLS client. A local attacker can perform cache timing attacks against an application generating an RSA...

SYMSA1484-DLP Cross Site Scripting

Symantec has released updates to address an issue that was discovered in the DLP product.

Tenable

[R1] Nessus 8.6.0 Fixes One Vulnerability

Nessus versions 8.5.2 and earlier on Windows platforms were found to contain a flaw where certain files could be overwritten arbitrarily. An authenticated, remote attacker could potentially exploit this vulnerability to create a denial of service condition.

[R1] Nessus 8.5.0 Fixes One Vulnerability

Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session.

[R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability

Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain a single vulnerability, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled library...

US-CERT

Multiple Vulnerabilities in Pulse Secure VPN

Original release date: October 16, 2019The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities affecting Pulse Secure Virtual Private Network (VPN). An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been targeted by advanced persistent threat (APT) actors. The Cybersecurity and...

VMware Releases Security Update for Harbor Container Registry for PCF

Original release date: October 16, 2019 VMware has released a security update to address a vulnerability affecting Harbor Container Registry for Pivotal Cloud Foundry (PCF). An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review...

Oracle Releases October 2019 Security Bulletin

Original release date: October 15, 2019Oracle has released its Critical Patch Update for October 2019 to address 219 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to...

VMware

Working with VMware AppDefense without SaaS subscription

Architecture of AppDefense in Non-SaaS Setting The VMware vSphere Platinum edition delivers advanced security capabilities fully integrated into the hypervisor. It combines the industry leading capabilities of vSphere with VMware AppDefense, delivering purpose-built VMs to secure applications. vSphere Platinum secures infrastructure and applications by leveraging the hypervisor and the power of machine learning in a way that is built-in, operationally simple, and with minimal overhead or impact on performance. vSphere...

AMD Display Driver Security Updates address CVE-2019-5685

Greetings from the VMware Security Response Center! We wanted to make you aware that AMD has released a security bulletin entitled ‘Shader Functionality Remote Code Execution‘ which documents remediation for CVE-2019-5049. This vulnerability has been shown to affect VMware Workstation and, as the article mentions, updated graphics drivers are available on the AMD support page. Customers should review the available documentation and direct technical inquiries to VMware Support for further assistance. The post...

WordPress

WordPress 5.2.4 Security Release

WordPress 5.2.4 is now available! This security release fixes 6 security issues.WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2. Security Updates Props to Evan...

WordPress 5.2.3 Security and Maintenance Release

WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2,...

WordPress 5.1.1 Security and Maintenance Release

WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. This release also includes a pair of security fixes that handle how comments are filtered and then stored in...