Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes

A previously unknown bug in Microsoft Windows would allow an attacker to spoof Windows dialog boxes that surface when making changes to the Windows registry. This would allow an adversary to plant malware or make other nefarious changes in the registry while getting around Windows’ built-in...

Information disclosure

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

CVE-2018-19636

Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges...

Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability

A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters...

The vulnerability of the GnuTLS cryptographic library, related to an error in verifying decrypted RSA data, allows a perpetrator to gain access to protected information.

The vulnerability of the GnuTLS cryptographic library is related to an error in the verification of decrypted RSA data. Exploiting this vulnerability could allow an attacker to gain access to protected information by using a secondary cache channel...

The vulnerability of the Linux operating system’s kernel, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel is caused by a buffer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2019-8341

An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and...

Multiple Lexmark Product Input Validation Vulnerabilities

Lexmark is an American developer and manufacturer of printers. An input validation vulnerability exists in multiple Lexmark products, which could be exploited by an attacker to perform a delete operation...

CVE-2019-7740

An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code core.js writeDynaList could lead to an XSS attack vector...

Microsoft Edge Memory Corruption Vulnerability

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

CVE-2018-3991

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigg...

CVE-2017-1177

CVE-2017-1177 affects IBM BigFix Compliance 1.7–1.9.91, disclosing sensitive information to unauthorized users. Reported as a medium-severity issue (CVSS v2 base 5.0; CVSS v3 base 5.3) with network vector and no user interaction required. The material notes potential to mount further attacks usin...

UBUNTU-CVE-2019-7351

Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value...

Security Bulletin: Vulnerabilities in OpenSSL affect System x Integrated Management Module (IMM) (CVE-2015-0204, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by System x Integrated Management Module IMM. IMM has addressed the applicable CVEs...

Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection

Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open...

Fedora 28 : libxkbcommon (2018-4295467df0)

libxkbcommon 0.8.2, CVE-2018-15853 to 15864. These fix a number of memory handling issues with xkbcommon. Together with the keymap FD handling in various Wayland compositors keymaps could be mapped rw and clients could thus replace the content libxkbcommon's memory issues could serve as attack...

CVE-2018-17195

The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle MiTM attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access,...

jenkins: Reflected XSS vulnerability

A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins...

SS-2018-019: Possible denial of service attack vector when flushing

More info at https://www.silverstripe.org/download/security-releases/ss-2018-019/...

QSC18: API Security, Enabling Innovation Without Enabling Attacks and Data Breaches

Without APIs, it would be near impossible to see enterprises being able to digitally transform themselves. After all, APIs are the connective-tissue between applications and systems and they make the management, automation and consumption of technology possible at scale. APIs are what enable...