ArForms < 4.0 - Unauthenticated Arbitrary File Deletion via Traversal

"arfdeletefile in arformcontroller.php allows unauthenticated users to delete an arbitrary file by supplying its full pathname" The vendor contacted the WPScan Team stating that the issue had been resolved in version 4.0...

U.S. Dept Of Defense: Remote Code Execution in ██████

The vulnerability you reported has been resolved and this report is now closed. If you have any further questions or disagree that the report is resolved, please let us know. Thank you for your time and effort to improve the security of the DoD information network. Thanks @s3cr3tsdn for reporting...

OPENSUSE-SU-2019:2276-1 Security update for putty

This update for putty to version 0.73 fixes the following issues: Security issues fixed: - CVE-2019-17068: Fixed the insufficient handling of terminal escape sequences, that should delimit the pasted data in bracketed paste mode boo1152753. - CVE-2019-17069: Fixed a possible information leak caus...

Fedora 31 : systemd (2019-d5bd5f0aa4)

Update to latest release - Emission of Session property-changed notifications from logind is fixed this was breaking the switching of sessions to and from gnome. - Security issue: unprivileged users were allowed to change DNS servers configured in systemd-resolved. Now proper polkit authorization...

openSUSE Security Update : chromium (openSUSE-2019-2152)

This update for chromium to 77.0.3865.75 fixes the following issues : Security issues fixed : - CVE-2019-5870: Fixed a use-after-free in media. boo1150425 - CVE-2019-5871: Fixed a heap overflow in Skia. boo1150425 - CVE-2019-5872: Fixed a use-after-free in Mojo boo1150425 - CVE-2019-5874: Fixed a...

Fedora 29 : systemd (2019-8a7dfdf1f3)

Security issue: unprivileged users were allowed to change DNS servers configured in systemd-resolved CVE-2019-15718 - hwdb entries for keyboards are updated to the latest version 1725717 No need to log out or reboot. Note that Tenable Network Security has extracted the preceding description block...

Security Update for Microsoft Office 2016 (KB4475583) 64-Bit Edition

A security vulnerability exists in Microsoft Office 2016 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Design/Logic Flaw

In systemd 240, busopensystemwatchbindwithdescription in shared/bus-util.c as used by systemd-resolved to connect to the system D-Bus instance, calls sdbussettrusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that...

CVE-2019-15718

An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the...

USN-4120-1: systemd vulnerability

It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system's DNS resolver settings...

USN-4120-1 systemd vulnerability

It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system's DNS resolver settings...

java-11-openjdk security update

1:11.0.3.7-2.0.1 - link atomic for ix86 build Livy Ge 1:11.0.3.7-2 - Do not generate lib-style requires for -slowdebug subpackages. - Resolves: rhbz1693468 1:11.0.3.7-2 - Fix requires/provides for the non-system JDK case. JDK 11 is not a system JDK at this point. - Resolves: rhbz1693468...

java-1.7.0-openjdk security update

1:1.7.0.231-2.6.19.1.0.1 - Update DISTRONAME in specfile 1:1.7.0.231-2.6.19.1 - Add missing hyphen in tapset filename. - Resolves: rhbz1724452 1:1.7.0.231-2.6.19.0 - Update tapset name in patch. - Resolves: rhbz1724452 1:1.7.0.231-2.6.19.0 - Bump to 2.6.19 including tapsets and OpenJDK 7u231-b01....

Related vulnerabilities have now been patched: the Orvibo smart home devices disclosure of user information-bug warning-the black bar safety net

From Orvibo aspect to understand, this relates to the information disclosure of the security vulnerability has now been fixed, and the user information of the protection level, at the same time they also want and professional information security research team into cooperation with the protection...

RHEL 7 : systemd (RHSA-2019:1502)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1502 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive...

Monero: Remote P2P DoS

Remote P2P DoS resolved. https://www.activism.net/cypherpunk/manifesto.html...

HackerOne: Open Redirection in [https://www.hackerone.com/index.php]

You are resolved open redirect issue report 439075.This report publicly disclosed. but this issue again work at this time. When a user visit http://www.hackerone.com/index.php/index.php.evil.com user will be redirected to www.hackerone.com.evil.com Steps To Reproduce Click on this link...

ZEIT: [Fix Bypass #541631] Open redirect on Signup

Some signup and login paths did not verify the ?next= query param properly and allowed an open redirect with a carefully crafted invalid URL. It is standard practise to use a redirect query param in login and signup endpoints but the value should be carefully validated before accepting to redirec...

CVE-2019-1711

A vulnerability in the Event Management Service daemon emsd of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this...

CVE-2019-1711 Cisco IOS XR gRPC Software Denial of Service Vulnerability

A vulnerability in the Event Management Service daemon emsd of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this...