Explained: edge computing

Edge computing may seem like a foreign and future-facing term. Yet its applications are widespread and diverse, with the ability to transform the way we store, use, and share data and programs online. The implications of edge computing are far-reaching, trickling down from software development an...

Ubuntu: Security Advisory (USN-4224-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-5078

An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.0713 and 03.00.3912, and WAGO PFC100 Firmware version 03.00.3912. A specially crafted set of packets can cause a denial of service, resulting in the devic...

e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability

Lilith of Cisco Talos reports: A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger...

DRUPAL-CONTRIB-2019-095

The Permissions by Term module extends Drupal by functionality for restricting access to single nodes via taxonomy terms. The module doesn't sufficiently restrict access to node previews, when the Search API module is used to display nodes in search result lists...

NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0212)

The remote NewStart CGSL host, running version MAIN 4.06, has kernel packages installed that are affected by multiple vulnerabilities: - In skclonelock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional...

Vulnerability Spotlight: AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in a specific dll inside of the AMD ATI Radeon line of video cards. This vulnerability can be triggered by supplying a malformed pixel shader inside a...

CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

BMC Smart Reporting 7.3 20180418 XML Injection

4 43 7.3 20180418 2019-01-18 10:14 UTC +0000 66717 sour...

Design/Logic Flaw

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. The vendor states that it was later fixed. Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history but does not exit the...

CVE-2019-19362

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. The vendor states that it was later fixed. Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history but does not exit the...

CVE-2019-19362

The CVE-2019-19362 issue affects the TeamViewer desktop application for Windows (version 14.3.4730) in its Chat functionality. The root cause is that after login, communications are stored in Windows main memory and are not wiped when the user logs out or deletes history (without exiting the app)...

Microsoft Excel 2016 1901 - XML External Entity Injection

Exploit Title: Microsoft Excel 2016 1901 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Tested Version: 2016 v1901 CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

Updated djvulibre packages fix security vulnerabilities

The updated packages fix security vulnerabilities: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read by crafting a DJVU file...

Mail.ru: SSRF on fleet.city-mobil.ru leads to local file read

SSRF/LFR vulnerability via image retrieving functionality of operator's cabinet of fleet.city-mobil.ru...

Command Builder Initialization

Query host for the existance and functionality of commands wrapped by the command builder library. TRUSTED...

CVE-2019-10070

Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality...

FusionPBX Command (exec.php) Command Execution Exploit

This Metasploit module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This...

CVE-2019-15804

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application e.g., through CTRL+\ via SSH. The access...