Dovecot IMAP Server 2.2 Improper Access Control

Dovecot IMAP server version 2.2 suffers from a privilege escalation vulnerability. When two passdb configuration entries exist in the Dovecot configuration, which have the same driver and args settings, the incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation with certain configurations involving master user authentication.

Ubuntu Security Notice USN-5488-2

Ubuntu Security Notice 5488-2 - USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 16.04 ESM. Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run.

Ubuntu Security Notice USN-5505-1

Ubuntu Security Notice 5505-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Bugtraq: Re: [SECURITY] [DSA 4628-1] php7.0 security update

Re: [SECURITY] [DSA 4628-1] php7.0 security update

Bugtraq: Re: BugTraq Shutdown

Re: BugTraq Shutdown

Bugtraq: On Second Thought...

On Second Thought...

Bugtraq: BugTraq Shutdown

BugTraq Shutdown

Bugtraq: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Bugtraq: [SECURITY] [DSA 4633-1] curl security update

[SECURITY] [DSA 4633-1] curl security update

Bugtraq: Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Bugtraq: Local information disclosure in OpenSMTPD (CVE-2020-8793)

Local information disclosure in OpenSMTPD (CVE-2020-8793)

Bugtraq: [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass

[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass

Bugtraq: [TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP)

[TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP)

Bugtraq: [slackware-security] proftpd (SSA:2020-051-01)

[slackware-security] proftpd (SSA:2020-051-01)

Bugtraq: [SECURITY] [DSA 4628-1] php7.0 security update

[SECURITY] [DSA 4628-1] php7.0 security update

Bugtraq: [SECURITY] [DSA 4629-1] python-django security update

[SECURITY] [DSA 4629-1] python-django security update

Bugtraq: [TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP)

[TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP)

Bugtraq: [TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)

[TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)

Bugtraq: [SECURITY] [DSA 4626-1] php7.3 security update

[SECURITY] [DSA 4626-1] php7.3 security update

Bugtraq: [SECURITY] [DSA 4627-1] webkit2gtk security update

[SECURITY] [DSA 4627-1] webkit2gtk security update

Bugtraq: [SECURITY] [DSA 4625-1] thunderbird security update

[SECURITY] [DSA 4625-1] thunderbird security update

Bugtraq: Web Application Firewall bypass via Bluecoat device

Web Application Firewall bypass via Bluecoat device

Bugtraq: CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability

CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability

Bugtraq: [SECURITY] [DSA 4624-1] evince security update

[SECURITY] [DSA 4624-1] evince security update

Bugtraq: [EnumJavaLibs]_ Remote Java classpath enumerator

[EnumJavaLibs]_ Remote Java classpath enumerator

Bugtraq: [SECURITY] [DSA 4622-1] postgresql-9.6 security update

[SECURITY] [DSA 4622-1] postgresql-9.6 security update

Bugtraq: [SECURITY] [DSA 4623-1] postgresql-11 security update

[SECURITY] [DSA 4623-1] postgresql-11 security update

Bugtraq: [TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)

[TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)

Vuln: LibreOffice Remote Code Execution and Unauthorized Access Vulnerabilities

LibreOffice Remote Code Execution and Unauthorized Access Vulnerabilities

Vuln: Jenkins Credentials Binding Plugin CVE-2019-1010241 Information Disclosure Vulnerability

Jenkins Credentials Binding Plugin CVE-2019-1010241 Information Disclosure Vulnerability

Vuln: Qualcomm Components CVE-2019-2307 Integer Underflow Vulnerability

Qualcomm Components CVE-2019-2307 Integer Underflow Vulnerability

Vuln: KDE KAuth CVE-2017-8422 Local Privilege Escalation Vulnerability

KDE KAuth CVE-2017-8422 Local Privilege Escalation Vulnerability

Vuln: Linux Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability

Linux Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability

Vuln: Mozilla Firefox Multiple Security Vulnerabilities

Mozilla Firefox Multiple Security Vulnerabilities

Vuln: GNOME gvfs CVE-2019-12795 Local Authorization Bypass Vulnerability

GNOME gvfs CVE-2019-12795 Local Authorization Bypass Vulnerability

Vuln: Squid CVE-2019-13345 Multiple Cross Site Scripting Vulnerabilities

Squid CVE-2019-13345 Multiple Cross Site Scripting Vulnerabilities

Vuln: Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability

Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability

Vuln: OWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability

OWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability

Vuln: FasterXML Jackson-databind Deserialization Multiple Remote Code Execution Vulnerabilities

FasterXML Jackson-databind Deserialization Multiple Remote Code Execution Vulnerabilities

Vuln: Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability

Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability

Vuln: Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

Vuln: VideoLAN VLC CVE-2019-13602 Heap Based Buffer Overflow Vulnerability

VideoLAN VLC CVE-2019-13602 Heap Based Buffer Overflow Vulnerability

Vuln: Foreman CVE-2019-10198 Authorization Bypass Vulnerability

Foreman CVE-2019-10198 Authorization Bypass Vulnerability

Vuln: McAfee Agent CVE-2019-3592 Local Privilege Escalation Vulnerability

McAfee Agent CVE-2019-3592 Local Privilege Escalation Vulnerability

Vuln: Oracle July 2019 Critical Patch Update Multiple Vulnerabilities

Oracle July 2019 Critical Patch Update Multiple Vulnerabilities

Vuln: Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability

Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability

Vuln: Multiple F5 BIG-IP Products CVE-2019-6631 Denial of Service Vulnerability

Multiple F5 BIG-IP Products CVE-2019-6631 Denial of Service Vulnerability

Vuln: GitLab CVE-2018-19493 HTML Injection Vulnerability

GitLab CVE-2018-19493 HTML Injection Vulnerability

Vuln: GitLab CVE-2018-19575 Security Vulnerability

GitLab CVE-2018-19575 Security Vulnerability

Vuln: Intel Processor Diagnostic Tool CVE-2019-11133 Local Privilege Escalation Vulnerability

Intel Processor Diagnostic Tool CVE-2019-11133 Local Privilege Escalation Vulnerability

Vuln: Multiple WAGO Industrial Managed Switches Security Bypass Vulnerability

Multiple WAGO Industrial Managed Switches Security Bypass Vulnerability

Vuln: Docker CVE-2018-15664 Symlink Directory Traversal Vulnerability

Docker CVE-2018-15664 Symlink Directory Traversal Vulnerability

Vuln: Adobe Dreamweaver CVE-2019-7956 DLL Loading Local Privilege Escalation Vulnerability

Adobe Dreamweaver CVE-2019-7956 DLL Loading Local Privilege Escalation Vulnerability