4438 matches found
CVE-2019-1003030
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM...
PT-2019-11330 · Jenkins · Jenkins Azure Vm Agents Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure VM Agents Plugin versions 0.8.0 and earlier Description: An information exposure issue exists that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This is due to a...
The use of DVRF learn firmware analysis series a-vulnerability warning-the black bar safety net
With a variety of hardware devices vulnerabilities more and more people concern, as well as by a malicious attacker a large advantage. As a Security Researcher, Learning Analytics firmware vulnerability, a timely warning to patch vulnerabilities is becoming increasingly important. This series of...
UBUNTU-CVE-2019-3840
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service...
The vulnerability of the Golden VM component in the Juniper ATP intrusion prevention system allows a intruder to inject arbitrary JavaScript code into the loaded page and gain access to protected data.
The vulnerability of the Golden VM component in the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected data...
Citrix Hypervisor Cannot Boot VM - Inaccessible_boot_device
After booting the VM an "Inaccessible Boot Device" error appears. The error may also appear as "The boot selection failed because a required device is inaccessible". This may be a critical VM that needs to be restored fast...
Description of the update for Windows Server 2012: February 19, 2019
Description of the update for Windows Server 2012: February 19, 2019 Summary This update includes the following improvements and fixes: Addresses a known issue where you may experience virtual machines failing to successfully restore if the VM has been saved and restored once before. The error...
Description of the update for Windows Server 2008 SP2: February 19, 2019
Description of the update for Windows Server 2008 SP2: February 19, 2019 Summary This update includes the following improvements and fixes: Addresses a known issue where you may experience virtual machines failing to successfully restore if the VM has been saved and restored once before. The erro...
Description of the update for Windows 8.1 and Windows Server 2012 R2: February 19, 2019
Description of the update for Windows 8.1 and Windows Server 2012 R2: February 19, 2019 Summary This update includes the following improvements and fixes: Addresses a known issue where you may experience virtual machines failing to successfully restore if the VM has been saved and restored once...
Description of the update for Windows 7 SP1 and Windows Server 2008 R2: February 19, 2019
Description of the update for Windows 7 SP1 and Windows Server 2008 R2: February 19, 2019 Summary This update includes the following improvements and fixes: Addresses a known issue where you may experience virtual machines failing to successfully restore if the VM has been saved and restored once...
Kali Linux 2019.1 Released — Operating System For Hackers
Wohooo! Great news for hackers and penetration testers. Offensive Security has just released Kali Linux 2019.1, the first 2019 version of its Swiss army knife for cybersecurity professionals. The latest version of Kali Linux operating system includes kernel up to version 4.19.13 and patches for...
Comodo Dome Firewall 2.7.0 - Cross-Site Scripting
Comodo Dome Firewall 2.7.0 - Cross-Site Scripting Exploit Title: Comodo Dome Firewall 2.7.0 | Cross-Site Scripting Date: 18.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://cdome.comodo.com/firewall/ Software Link:...
Comodo Dome Firewall 2.7.0 - Cross-Site Scripting
Exploit Title: Comodo Dome Firewall 2.7.0 | Cross-Site Scripting Date: 18.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://cdome.comodo.com/firewall/ Software Link: https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 Version: 2.7.0 Introduction Comodo Dom...
February 12, 2019—KB4487019 (Security-only update)
February 12, 2019—KB4487019 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that may prevent applications that use a Microsoft Jet database...
February 12, 2019—KB4487023 (Monthly Rollup)
February 12, 2019—KB4487023 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4480974 released January 17, 2019 and addresses the following issues: Addresses an issue that may prevent applications that use a Microsoft Jet...
USN-3871-5 linux-azure vulnerabilities
Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
How to Remove a DVD Drive from a XenServer Virtual Machine
This article describes how to remove a DVD drive from a XenServer virtual machine...
Security Bulletin: Vulnerability in RC4 cipher stream (CVE-2015-2808) and multiple vulnerabilities in IBM SDK Java Technology Edition affects IBM Systems Director.
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in January and April 2015. This bulletin also addresses the RC4 bar mitzvah attack on SSL/TLS. Vulnerability Detail...
Security Bulletin: Vulnerability in RC4 cipher stream (CVE-2015-2808) and multiple vulnerabilities in IBM SDK Java Technology Edition affects IBM Systems Director
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in January and April 2015. This bulletin also addresses the RC4 bar mitzvah attack on SSL/TLS. Vulnerability Detail...
VMware ESX / ESXi Web-Based Datastore Browser Default Credentials
Nessus was able to log in to the remote VMware ESX / ESXi Web-Based Datastore Browser using a default set of administrative credentials. A remote attacker could utilize these credentials to access virtual machine and virtual disk files. C Tenable Network Security, Inc. include"compat.inc"; if...