Rockstar Games: DOM XSS on https://www.rockstargames.com/GTAOnline/feedback

In this report, the researcher identified a DOM-based Cross-Site Scripting vulnerability in the /GTAOnline/feedback endpoint. As we worked together on resolving this matter, the researcher helped us identify other parts of the GTA Online sub-site that suffered from the same vulnerability due to...

CVE-2020-7209

LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2...

CVE-2020-7208

LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2...

CVE-2020-7208

LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2...

CVE-2020-7208

LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. Recent assessments: cinzinga at March 09, 2020 9:38pm UTC reported: I am the founder of this exploit. While it is in a Hewlett-Packard product, it is a very obscure piece of software and was no longer actively...

CVE-2020-7208

LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2...

Release notes for Veeam Backup for Microsoft 365 4b

Challenge Release Notes for Veeam Backup for Microsoft 365 4b. Please note that Veeam Backup for Microsoft 365 4с is now available and contains all the resolved issues from Veeam Backup for Microsoft 365 4b. Cause Please confirm you are running Veeam Backup for Microsoft 365 version 2.0 builds...

CVE-2019-7656

A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/ core program files. By injecting a payload into one of those files...

Cross site scripting

Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the 1 customList%5B0%5D.value field in enginemanager/server/serversetup/editadv.htm of the Server Setup configuration or the 2 host field in enginemanager/jspringsecuritycheck of the login form. This issu...

CVE-2019-7654

Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server-Users component. This issue w...

JetBrains Security Bulletin Q4 2019

FYI Security JetBrains Security Bulletin Q4 2019 Robert Demmer In the fourth quarter of 2019, we resolved a series of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved. Product | Description | Severity |...

CVE-2019-10694

The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and...

systemd: systemd-resolved allows unprivileged users to configure DNS

An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.1.24 machine-os-content-container security update

Red Hat OpenShift Container Platform release 4.1.24 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

Updated systemd packages fix security vulnerability

Updated systemd packages fix security vulnerability: Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be available only to privileged users...

systemd security, bug fix, and enhancement update

239-18.0.1 - fix netdev is missing for iscsi entry in /etc/fstab [email protected] Orabug: 25897792 - set 'RemoveIPC=no' in logind.conf as default for OL7.2 Orabug: 22224874 - allow dm remove ioctl to co-operate with UEK3 Vaughan Cao Orabug: 18467469 - add hv dynamic memory support Jerry...

CVE-2018-21029

A flaw in systemd-resolved was found to incorrectly verify certificates of a DNS resolver used for DNS Over TLS when the DNSOverTLS option is set to yes. A remote attacker in the network path between the vulnerable system and the DNS resolver may use this flaw to perform a man-in-the-middle attac...

systemd: systemd-resolved allows unprivileged users to configure DNS

An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the...

MS16-029: Description of the security update for Office 2013: March 8, 2016

MS16-029: Description of the security update for Office 2013: March 8, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

JetBrains Security Bulletin Q3 2019

FYI Security JetBrains Security Bulletin Q3 2019 Robert Demmer In the third quarter of 2019, we resolved a series of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved. Product | Description | Severity |...