Keybase: macOS privilege escalation via keybase install

Environment OS: macOS Mojave 10.14.1 Kernel: Darwin Kernel Version 18.2.0 keybase version 2.12.2-20181218171841+29273f4110 Steps to reproduce Note: All steps are executed as an unprivileged user unless otherwise noted. For this PoC the unprivileged user is defined as below $ id test2 uid=508test2...

Security Bulletin: IBM Security Guardium is affected by a Using Components (microcode_ctl) with Known Vulnerabilities vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-5715 DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a branch target injection in...

openSUSE Security Update : openvswitch (openSUSE-2018-1562)

This update for openvswitch to version 2.7.6 fixes the following issues : These security issues were fixed : - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit bsc1104467. - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding bsc1104467. - CVE-2018-17204:Whe...

Node.js third-party modules: [webpack-bundle-analyzer] Cross-site Scripting

I would like to report Cross-site Scripting in webpack-bundle-analyzer. It allows injecting and executing arbitray JavaScript code. Module module name: webpack-bundle-analyzer version: 3.0.3 npm page: https://www.npmjs.com/package/webpack-bundle-analyzer Module Description Visualize size of webpa...

Security update for openvswitch (moderate)

This update for openvswitch to version 2.7.6 fixes the following issues: These security issues were fixed: - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit bsc1104467. - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding bsc1104467. - CVE-2018-17204:When...

Humble Bundle alerts customers to subscription reveal bug

You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal...

RHEL 7 : openvswitch (RHSA-2018:3500)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3500 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic...

openvswitch: Buffer over-read in lib/ofp-actions.c:decode_bundle()

An issue was discovered in Open vSwitch OvS 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and 2.9.x through 2.9.2 where the decodebundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. A specially craft...

8 Popular Courses to Learn Ethical Hacking – 2018 Bundle

Update Oct 2018 — Over 30,000 students from all around the world have joined this training program so far. Due to the growing number of threats in the computer world, ethical hackers have become the most important player for not only governments but also private companies and IT firms in order to...

8 Popular Courses to Learn Ethical Hacking – 2018 Bundle

Update Oct 2018 — Over 30,000 students from all around the world have joined this training program so far. Due to the growing number of threats in the computer world, ethical hackers have become the most important player for not only governments but also private companies and IT firms in order to...

be.fluid-it.reactive-microservice.bundle:bootique-vertx (>=0.1-0 <=0.1-8), be.fluid-it.reactive-microservice.bundle:reactive-microservice-bundle-core (>=0.1-0 <=0.1-8) +590 more potentially affected by CVE-2018-12542 via io.vertx:vertx-web (>=3.0.0 <=3.5.3.CR1)

io.vertx:vertx-web MAVEN version =3.0.0, =0.1-0, =0.1-0, =1.2.1, =3.0.5, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.5 and more Source cves: CVE-2018-12542 Source advisory: OSV:GHSA-H39X-M55C-V55H...

be.fluid-it.reactive-microservice.bundle:bootique-vertx (=0.1-8), be.fluid-it.reactive-microservice.bundle:reactive-microservice-bundle-core (=0.1-8) +762 more potentially affected by CVE-2018-12544 via io.vertx:vertx-core (>=3.5.0 <=3.5.3.CR1)

io.vertx:vertx-core MAVEN version =3.5.0, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.5 and more Source cves: CVE-2018-12544 Source advisory: OSV:GHSA-QH3M-QW6V-QVHG...

be.fluid-it.reactive-microservice.bundle:bootique-vertx (>=0.1-0 <=0.1-8), be.fluid-it.reactive-microservice.bundle:reactive-microservice-bundle-core (>=0.1-0 <=0.1-8) +525 more potentially affected by CVE-2018-12540 via io.vertx:vertx-web (>=3.0.0 <=3.5.2.CR3)

io.vertx:vertx-web MAVEN version =3.0.0, =0.1-0, =0.1-0, =1.2.1, =3.0.5, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.5 and more Source cves: CVE-2018-12540 Source advisory: OSV:GHSA-RVGG-F8QM-6H7J...

Improper Handling of Case Sensitivity

Improper Handling of Case Sensitivity in easyadmin-extension-bundle...

Improper Handling of Case Sensitivity

Improper Handling of Case Sensitivity in easyadmin-extension-bundle...

CVE-2018-17205

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting ofprotoruleinsert in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added e.g., the flow action is a go-to for a group id that does not exist,...

DEBIAN-CVE-2018-17205

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting ofprotoruleinsert in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added e.g., the flow action is a go-to for a group id that does not exist,...

DEBIAN-CVE-2018-17206

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6. The decodebundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding...

CVE-2018-17206

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6. The decodebundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding...

Design/Logic Flaw

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting ofprotoruleinsert in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added e.g., the flow action is a go-to for a group id that does not exist,...