Latest Vulnerabilities

By Sunny Hoi
  • National Vulnerability Database - 8 April 2020, 5:15 pm

    GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL parsing and verification wrong, which allows an attacker to circumvent the access control. This problem has been patched in…Read More

  • National Vulnerability Database - 8 April 2020, 5:15 pm

    An issue was discovered on Samsung mobile devices with O(8.x) software. Access to Gallery in the Secure Folder can occur without authentication. The Samsung ID is SVE-2018-13057 (December 2018).Read More

  • National Vulnerability Database - 8 April 2020, 5:15 pm

    An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app’s startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018).Read More

  • National Vulnerability Database - 8 April 2020, 5:15 pm

    An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID is SVE-2018-12959 (December 2018).Read More

  • National Vulnerability Database - 8 April 2020, 5:15 pm

    An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018).Read More

  • National Vulnerability Database - 8 April 2020, 4:15 pm

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. Type confusion in the MLDAP Trustlet allows arbitrary code execution. The Samsung ID is SVE-2020-16599 (April 2020).Read More

  • National Vulnerability Database - 8 April 2020, 4:15 pm

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Google Assistant leaks clipboard contents on a locked device. The Samsung ID is SVE-2019-16558 (April 2020).Read More

  • National Vulnerability Database - 8 April 2020, 4:15 pm

    An issue was discovered on Samsung mobile devices with Q(10.0) software. There is arbitrary code execution in the Fingerprint Trustlet via a memory overwrite. The Samsung IDs are SVE-2019-16587, SVE-2019-16588, SVE-2019-16589 (April 2020).Read More

  • National Vulnerability Database - 8 April 2020, 4:15 pm

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is unauthorized access to applications in the Secure Folder via floating icons. The Samsung ID is SVE-2019-16195 (April 2020).Read More

  • National Vulnerability Database - 8 April 2020, 4:15 pm

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Notification exposure occurs in Lockdown mode because of the Edge Lighting application. The Samsung ID is SVE-2020-16680 (April 2020).Read More

  • National Vulnerability Database - 8 April 2020, 4:15 pm

    An issue was discovered on Samsung mobile devices with Q(10.0) software. Information about application preview (in the Secure Folder) leaks on a locked device. The Samsung ID is SVE-2019-16463 (April 2020).Read More

  • National Vulnerability Database - 8 April 2020, 4:15 pm

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020).Read More

  • National Vulnerability Database - 8 April 2020, 4:15 pm

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. There is an Out-of-bounds read in the MLDAP Trustlet. The Samsung ID is SVE-2019-16565 (April 2020).Read More

  • National Vulnerability Database - 8 April 2020, 3:15 pm

    An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018).Read More

  • National Vulnerability Database - 8 April 2020, 3:15 pm

    An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018).Read More

  • Bugtraq - 25 February 2020, 10:07 am

    Posted by Stefan Kanthak on Feb 25Hi @ll, since Microsoft Server 2003 R2, Microsoft dares to ship and install the abomination known as .NET Framework with every new version of Windows. Among other components current versions of Windows and .NET Framework include C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe) J# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe,…Read More

  • Bugtraq - 25 February 2020, 10:04 am

    Posted by Qualys Security Advisory on Feb 25Qualys Security Advisory Local information disclosure in OpenSMTPD (CVE-2020-8793) ============================================================================== Contents ============================================================================== Summary Analysis Exploitation POKE 47196, 201 Acknowledgments ============================================================================== Summary…Read More

  • Bugtraq - 25 February 2020, 10:04 am

    Posted by Qualys Security Advisory on Feb 25Qualys Security Advisory LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) ============================================================================== Contents ============================================================================== Summary Analysis … Acknowledgments ============================================================================== Summary…Read More

  • Bugtraq - 25 February 2020, 9:56 am

    Posted by Alessandro Ghedini on Feb 25————————————————————————- Debian Security Advisory DSA-4633-1 security () debian org https://www.debian.org/security/ Alessandro Ghedini February 22, 2020 https://www.debian.org/security/faq ————————————————————————- Package : curl CVE ID : CVE-2019-5436 CVE-2019-5481…Read More

  • Bugtraq - 25 February 2020, 9:52 am

    Posted by Jamie R on Feb 25I've quoted the Cisco summary below as it's pretty accurate. tl;dr is an admin user on the web console can gain command execution and then escalate to root. If this is an issue in your environment, then please patch. Thanks to Cisco PSIRT who were responsive and professional. Shouts…Read More

  • Bugtraq - 24 February 2020, 3:57 pm

    Posted by Thierry Zoller on Feb 24Read More

  • Bugtraq - 24 February 2020, 10:01 am

    Posted by Thierry Zoller on Feb 24Read More

  • Bugtraq - 21 February 2020, 6:22 am

    Posted by Slackware Security Team on Feb 20[slackware-security] proftpd (SSA:2020-051-01) New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +————————–+ patches/packages/proftpd-1.3.6c-i586-1_slack14.2.txz: Upgraded. No CVEs assigned, but this sure looks like a security issue: Use-after-free vulnerability in memory pools…Read More

  • Bugtraq - 19 February 2020, 1:59 pm

    Posted by Moritz Muehlenhoff on Feb 19————————————————————————- Debian Security Advisory DSA-4628-1 security () debian org https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2020 https://www.debian.org/security/faq ————————————————————————- Package : php7.0 CVE ID : CVE-2019-11045 CVE-2019-11046…Read More

  • Bugtraq - 19 February 2020, 1:56 pm

    Posted by Sebastien Delafond on Feb 19————————————————————————- Debian Security Advisory DSA-4629-1 security () debian org https://www.debian.org/security/ Sebastien Delafond February 19, 2020 https://www.debian.org/security/faq ————————————————————————- Package : python-django CVE ID : CVE-2020-7471 Debian Bug…Read More

  • Bugtraq - 18 February 2020, 4:22 pm

    Posted by Thierry Zoller on Feb 18Read More

  • Bugtraq - 18 February 2020, 8:05 am

    Posted by Thierry Zoller on Feb 18Read More

  • Bugtraq - 18 February 2020, 8:04 am

    Posted by Moritz Muehlenhoff on Feb 18————————————————————————- Debian Security Advisory DSA-4626-1 security () debian org https://www.debian.org/security/ Moritz Muehlenhoff February 17, 2020 https://www.debian.org/security/faq ————————————————————————- Package : php7.3 CVE ID : CVE-2019-11045 CVE-2019-11046…Read More

  • Bugtraq - 18 February 2020, 8:00 am

    Posted by Moritz Muehlenhoff on Feb 18————————————————————————- Debian Security Advisory DSA-4627-1 security () debian org https://www.debian.org/security/ Alberto Garcia February 17, 2020 https://www.debian.org/security/faq ————————————————————————- Package : webkit2gtk CVE ID : CVE-2020-3862 CVE-2020-3864…Read More

  • Bugtraq - 17 February 2020, 4:54 am

    Posted by RedTimmy Security on Feb 16Hi, we have published a new post in our blog titled "How to hack a company by circumventing its WAF through the abuse of a different security appliance and win bug bounties". We basically have [ab]used a Bluecoat device behaving as a request forwarder to mask our malicious payload,…Read More