Information disclosure

VMware vSphere ESXi 6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG and VMware vCenter Server 6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j contain an information disclosure vulnerability in clients arising from...

CVE-2019-5531

VMware vSphere ESXi 6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG and VMware vCenter Server 6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j contain an information disclosure vulnerability in clients arising from...

VMSA-2019-0013 : Command injection and information disclosure vulnerabilities

a. VMware ESXi busybox command injection vulnerability ESXi contains a command injection vulnerability due to the use of vulnerable version of busybox that does not sanitize filenames which may result into executing any escape sequence in the shell. An attacker may exploit this issue by tricking ...

Inteno IOPSYS Gateway - Improper Access Restrictions

Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937...

Inteno IOPSYS Gateway 3DES Key Extraction Improper Access

Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937...

Denial Of Service (DoS)

github.com/gorilla/websocket is vulnerable to denial of service DoS. An integer overflow in conn.go when parsing WebSocket frames allows a remote attacker to cause the server to consume excessive amount of memory, resulting in an application crash when the server runs out of memory...

The vulnerability of the WebSocket client component of the Apache Tomcat application server arises from errors in checking host names when using the Transport Layer Security (TLS) protocol. This vulnerability allows attackers to circumvent existing security restrictions.

The vulnerability of the WebSocket client component of the Apache Tomcat application server is related to errors in checking host names when using the Transport Layer Security TLS protocol. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotel...

CVE-2019-13209

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

CVE-2019-13209

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

Cross site scripting

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

CVE-2019-13209

CVE-2019-13209 affects Rancher Server 2.x up to 2.2.4, vulnerable to Cross-Site Websocket Hijacking (CSWSH). The attack requires a logged-in Rancher user to visit a third-party site hosted by the attacker; the attacker can then issue commands against the cluster’s Kubernetes API using the victim’...

CVE-2019-13209

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

CentOS 7 : tomcat (CESA-2019:2205)

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Quantopian: Cross-site scripting via hardcoded front-end watched expression.

Hello, favorite security team. This is so far most interesting XSS i've found on your website. And also this is 10th bug i report you, so im gonna celebrate. Summary: Via hardcoded front-end code in algo debugger one is able to execute XSS on algorithm collaborator. One is able to use python to...

Scientific Linux Security Update : tomcat on SL7.x x86_64 (20190806)

Security Fixes : - tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources CVE-2018-1304 - tomcat: Late application of security constraints can lead to resource exposure for unauthorised users CVE-2018-1305 - tomcat: Insecure defaults in...

RHEL 7 : tomcat (RHSA-2019:2205)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2205 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incorrect handling ...

CVE-2019-14432

Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack...

CVE-2019-14432

Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack...

Authentication flaw

Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack...

CVE-2019-14432

Technical details (affected product/version, root cause, exploitability, fixes) are not publicly provided in the supplied documents. Monitor for updates; no additional specifics are available here.