Red Hat '389-ds-base' CVE-2019-14824 Security Bypass Vulnerability

Description Red Hat '389-ds-base' is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions, obtain sensitive information and perform unauthorized actions. This may aid in further attacks. Technologies Affected Redhat 389-ds-base Redhat...

PT-2019-5300 · Fasterxml +8 · Jackson-Databind +8

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.0.0 through 2.9.10.1 FasterXML jackson-databind versions 2.6.0 through 2.6.7.3 FasterXML jackson-databind versions 2.7.0 through 2.7.9.6 FasterXML jackson-databind versions 2.8.0 through 2.8.11.4...

Cisco Small Business Smart and Managed Switches CVE-2019-12718 Cross Site Scripting Vulnerability

Description Cisco Small Business Smart and Managed Switches are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...

CVE-2019-12944

Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable...

Juniper Junos CVE-2019-0060 Denial of Service Vulnerability

Description Juniper Junos is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a process crash, denying service to legitimate users. The following versions of Juniper Junos are affected: Juniper Junos 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 are...

FreeBSD : Gitlab -- Multiple Vulnerabilities (b17c86b9-e52e-11e9-86e9-001b217b3468)

SO-AND-SO reports : XSS in Markdown Preview Using Mermaid Bypass Email Verification using Salesforce Authentication Account Takeover using SAML Uncontrolled Resource Consumption in Markdown using Mermaid Disclosure of Private Project Path and Labels Disclosure of Assignees via Milestones Disclosu...

Cisco Unified Contact Center Express CVE-2019-15259 HTTP Response Splitting Vulnerability

Description Cisco Unified Contact Center Express is prone to an HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a...

Gitlab -- Multiple Vulnerabilities

The GitLab Team reports: XSS in Markdown Preview Using Mermaid Bypass Email Verification using Salesforce Authentication Account Takeover using SAML Uncontrolled Resource Consumption in Markdown using Mermaid Disclosure of Private Project Path and Labels Disclosure of Assignees via Milestones...

Outlook for Web Bans 38 More File Extensions in Email Attachments

Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them. Therefore, to protect its users from malicious scripts and executable,...

Browser Guard combats privacy abuse, tracking, clickbait, and scammers

In July 2018, we introduced the Malwarebytes Browser Extension, a beta plugin for Firefox and Chrome aimed at delivering a safer, faster, and more private browsing experience. Our extension blocked tech support scams, hijackers, pop-up ads, trackers, and more to keep users secure and free from...

Microsoft Windows DirectWrite CVE-2019-1251 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. An attacker can leverage this issue to disclose sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 18...

[SECURITY] Fedora 29 Update: nodejs-10.16.3-1.fc29

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 30 Update: nodejs-10.16.3-1.fc30

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Fedora Update for nodejs FEDORA-2019-5a6a7bc12c

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

IPRotate - Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request

Extension for Burp Suite which uses AWS API Gateway to change your IP on every request. More info: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/ Description This extension allows you to easily spin up API Gateways across multiple regions. All the Burp Suite traffic for the...

maltrail

This is a defensive blue-team research and threat mitigation analysis of the Maltrail repository. The repository is a malicious traffic detection system that can be used to identify and block malicious traffic. The analysis reveals that the Maltrail system uses a combination of IP address and...

CVE-2018-20969

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

DrMITM - Program Designed To Globally Log All Traffic Of A Website

DrMITM is a program designed to globally log all traffic. How it works DrMITM sends a request to website and returns the IP of the website just in case the server of the website is designed to rely on the website IP for requests, and the request that goes to the website also ends up being sent to...

CVE-2019-3635

Exfiltration of Data in McAfee Web Gateway MWG 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe...

[SECURITY] Fedora 29 Update: squid-4.8-2.fc29

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...