RHEL 7 : systemd (RHSA-2019:0204)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0204 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides...

Starbucks: Bug in GraphQL and API integration leads to limited user address disclosure

A modified GraphQL query to fetch a user's address book entries led to a limited disclosure of user address book entries. The modified query resulted in a backend API request with undefined as a parameter. The response contained address lists of accounts with a username of undefined. We were not...

Nutanix: Local file disclosure through SSRF at next.nutanix.com

Issue marked resolved and test fixed in January 2019...

Veeam Availability Console U1 Cumulative Patch 1913

Challenge Veeam Availability Console U1 Cumulative Patch 1913. This update supersedes Veeam Availability Console U1 Cumulative Patch 1850. Cause Please confirm you are running version 2.0.2.1750 or later prior to installing this cumulative patch 1913. You can check this under Windows Programs and...

holidays-with-pets.de XSS vulnerability

Open Bug Bounty ID: OBB-692135 Description| Value ---|--- Affected Website:| holidays-with-pets.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

Security Update for Microsoft PowerPoint 2013 (KB4092453) 64-Bit Edition

A security vulnerability exists in Microsoft PowerPoint 2013 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Slack: AWS bucket leading to iOS test build code and configuration exposure

@kiyell discovered an open AWS bucket which hosted the source code of the iOS test application, as well as some configuration information and test data relating to that test build. No customer data was exposed or at risk, and we resolved and investigated this issue. Thank you @kiyell for a neat...

CVE-2018-7074

A remote code execution vulnerability was identified in HPE Intelligent Management Center iMC PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version...

java-1.7.0-openjdk security update

1:1.7.0.191-2.6.15.4.0.1 - Update DISTRONAME in specfile 1:1.7.0.191-2.6.15.4 - Bump to revised 2.6.15 tarball with PR3616 -notimestamp javadoc fix - Resolves: rhbz1594249 1:1.7.0.191-2.6.15.3 - Bump to revised 2.6.15 tarball with jdk7u191-b01 - Resolves: rhbz1594249 1:1.7.0.191-2.6.15.2 - Fix ho...

WordPress Strong Testimonials 2.31.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Strong Testimonials Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Strong Testimonials plugin Language: PHP Version: 2.31.4 and below Vendor Status:...

Rockstar Games: Open redirect vulnerability

In this report the researcher discovered an open redirect vulnerability on one of our subdomains. The subdomain exists primarily to direct users to a different site, but it was possible to exploit by adding unexpected input in a subdirectory of the URL. This allowed an attacker to potentially...

Intel® Converged Security Management Engine (Intel® CSME) 11.x issue

Summary: In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine Intel® CSME, Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience. Description: In an effort to continuously improve...

IBM Security Access Manager High CPU utilization (CVE-2014-0963) Resolved

Abstract IBM support has released updated fixpacks to resolve CVE-2014-0963. Please install at your earliest convenience. Content Security Bulletin: IBM Tivoli Access Manager High CPU utilization CVE-2014-0963 Security Bulletin: IBM Security Access Manager for Web High CPU utilization CVE-2014-09...

June 12, 2018—KB4284846 (Security-only update)

June 12, 2018—KB4284846 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Security updates to Windows apps, Windows storage and filesystems, Windows Server, and...

Rockstar Games: Smuggle SocialClub's Facebook OAuth Code via Referer Leakage

In this report, the researcher provided a POC in which they were able to combine two issues to create a condition that potentially could have allowed an attacker to obtain OAuth tokens. One of the issues involved allowing external content to load in our Screenshot Viewer tool; we resolved this...

MISP cross-site scripting vulnerability (CNVD-2018-06388)

MISP is a suite of open source software solutions for collecting, storing, distributing and sharing cybersecurity metrics and threats cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in the app/View/Events/resolvedattributes.ctp file in MISP. A remote...

CVE-2018-8948

In MISP before 2.4.89, app/View/Events/resolvedattributes.ctp has multiple XSS issues via a malicious MISP module...

HackerOne: Leakage badges on disabled user

Indonesia Here ; Hi HackerOne Team, Description: This attack occurs when an attacker uses this graphql code: and this builds the path of the attacker getting disclosure information about how many programs already in the close Resolved from the Public or Disable user. okay now I do not say if the...

mer.fem.sumdu.edu.ua XSS vulnerability

Open Bug Bounty ID: OBB-578483 Description| Value ---|--- Affected Website:| mer.fem.sumdu.edu.ua Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Fedora 27 : systemd (2018-eea8cb8b0e)

a few memory leaks and uninitialized memory accesses - systemd-networkd Remote= must be a unicast address upstream issue 8088 - add /run/systemd/user to the unit lookup path upstream issue 8119 - various fixes for journalctl leaking file descriptors on very quick file rotation upstream issues...