Advisory: ES2020-02 – Asterisk crash due to INVITE flood over TCP
Posted by Sandro Gauci on Nov 06# Asterisk crash due to INVITE flood over TCP - Fixed versions: 13.37.1, 16.14.1,...
vulnerabilities
secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication
Posted by Tobias Glemser on Nov 06secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication Affected Products OvulaRing Webapp Version 4.2.2...
APPLE-SA-2020-11-05-7 tvOS 14.2
Posted by Apple Product Security via Fulldisclosure on Nov 06APPLE-SA-2020-11-05-7 tvOS 14.2 tvOS 14.2 is now available and address the...
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
Posted by Apple Product Security via Fulldisclosure on Nov 06APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2 iOS 14.2 and iPadOS 14.2...
APPLE-SA-2020-11-05-2 iOS 12.4.9
Posted by Apple Product Security via Fulldisclosure on Nov 06APPLE-SA-2020-11-05-2 iOS 12.4.9 iOS 12.4.9 is now available and address the...
AST-2020-002: Outbound INVITE loop on challenge with different nonce.
Posted by Asterisk Security Team on Nov 05 Asterisk Project Security Advisory – AST-2020-002 Product Asterisk Summary Outbound INVITE loop...
AST-2020-001: Remote crash in res_pjsip_session
Posted by Asterisk Security Team on Nov 05 Asterisk Project Security Advisory - AST-2020-001 Product Asterisk Summary Remote crash in...
Git LFS (git-lfs) – Remote Code Execution (RCE) exploit CVE-2020-27955 – Clone to Pwn
Posted by Dawid Golunski on Nov 05/* Go PoC exploit for git-lfs - Remote Code Execution (RCE) vulnerability CVE-2020-27955 git-lfs-RCE-exploit-CVE-2020-27955.go...
SEC Consult SA-20201104-0 :: Multiple vulnerabilities in Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA)
Posted by SEC Consult Vulnerability Lab on Nov 04SEC Consult Vulnerability Lab Security Advisory < 20201104-0 > ======================================================================= title: Multiple...
Chrome heap buffer overflow in freetype2 CVE-2020-15999
Posted by Marcin Kozlowski on Oct 30Hi list, Debugged this issue, but somehow cannot trigger the crash in Chrome. Seems...
German armed forces launch security vulnerability disclosure program
Posted by Vulnerability Lab on Oct 29Title: German armed forces launch security vulnerability disclosure program Source:https://portswigger.net/daily-swig/german-armed-forces-launch-security-vulnerability-disclosure-program Reference:https://www.bundeswehr.de/bw-de/organisation/cyber-und-informationsraum/aktuelles/-liebe-hacker-hiermit-laden-wir-sie-herzlich-ein--3713242 If you like...
[CVE-2020-25204] God Kings “com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver” Improper Authorization Allowing In-Game Notification Spoofing
Posted by Julien Ahrens (RCE Security) on Oct 27RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: God Kings Vendor URL:...
CVE-2020-24990 Q-SYS <= 8.2.1 TFTP Directory Traversal
Posted by Kevin R on Oct 23files through a TFTP GET request Use CVE-2020-24990. If you like the site, please...
Unicorn Emulator 1.0.2 is out!
Posted by Nguyen Anh Quynh on Oct 23Greetings! We are very happy to announce version 1.0.2 of Unicorn Emulator! It...
SEC Consult SA-20201023-0 :: Multiple Vulnerabilities in PubliXone
Posted by SEC Consult Vulnerability Lab on Oct 23SEC Consult Vulnerability Lab Security Advisory < 20201023-0 > ======================================================================= title: PubliXone...
VL 2020-10-22 – German Bundeswehr starts own Responsible Disclosure Program (VDPBw)
Posted by Vulnerability Lab on Oct 22Title: German Bundeswehr starts own Responsible Disclosure Program (VDPBw) Link:https://www.vulnerability-db.com/?q=articles/2020/10/22/german-bundeswehr-starts-own-responsible-disclosure-program-vdpbw If you like the...
[RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton
Posted by RedTeam Pentesting GmbH on Oct 21Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton RedTeam Pentesting discovered...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Pedro Cunha on Oct 20I don't see how this is an "on-purpose backdoor". As far as I know,...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Michael Lazin on Oct 20I do see the point and even though it is not a deliberate back...
LISTSERV Maestro Remote Code Execution Vulnerability
Posted by Ryan Wincey on Oct 20Document Title: =============== LISTSERV Maestro Remote Code Execution Vulnerability References (Source): ====================https://www.securifera.com/advisories/sec-2020-0001/https://www.lsoft.com/products/maestro.asp Release Date:...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Adrian Sanabria on Oct 20If I recall correctly, iOS and MacOS work in much the same way. They...
[RT-SA-2020-003] FRITZ!Box DNS Rebinding Protection Bypass
Posted by RedTeam Pentesting GmbH on Oct 19Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box...
Open-Xchange Security Advisory 2020-10-13
Posted by Open-Xchange GmbH via Fulldisclosure on Oct 16Dear subscribers, we're sharing our latest advisory with you and like to...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Enrico Weigelt, metux IT consult on Oct 16Hello folks, In short, Google's playstore receives notifications from Google and...
