Arbitrary Code Execution

firefox/thunderbird is vulnerable to arbitrary code execution. Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with...

Limitation of 256 characters only for TUNNEL_EXCLUDE_DOMAINS client property

When we try to add TUNNELEXCLUDEDOMAINS client property, it limits only for 256 characters. Due to which we cannot add extra domains apart from default ones. Default list:...

Probably?

Remy Sharp asked a question on Twitter that got me thinking about probability for the first time in a while. The problem Get your copybooks out now! Remy is using an image service that has an API which returns a URL for one of its images, picked at random. Remy makes five requests to the service,...

June 2019 security update release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

OPENSUSE-SU-2019:1527-1 Security update for rmt-server

This update for rmt-server to version 2.1.4 fixes the following issues: - Fix duplicate nginx location in rmt-server-pubcloud bsc1135222 - Mirror additional repos that were enabled during mirroring bsc1132690 - Make service IDs consistent across different RMT instances bsc1134428 - Make SMT data...

CVE-2019-12303

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...

Design/Logic Flaw

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...

CVE-2019-7394

A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where a...

Privilege escalation

A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where a...

CVE-2019-7394

A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where a...

[SECURITY] Fedora 29 Update: python3-3.7.3-3.fc29

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

Crosslinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping

CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or another security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta, CrossLinked will find vali...

May 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

CRLF Injection

httplib library used by urllib, urllib2 and others in Python is vulnerable to CRLF injection attacks. The vulnerability exists because it fails to sufficiently sanitize user input. This allows remote attackers to inject additional headers in a Python application that allowed user provided header...

CVE-2019-2699

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Windows DLL. The supported version that is affected is Java SE: 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerabilit...

April 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Tags Security Advisory Securi...

CVE-2018-4399

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...

CVE-2018-4399

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...

CVE-2018-4355

A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14...

CVE-2018-4355

A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14...