jenkins: Improper escaping of job URLs in f:validateButton leads to cross-site scripting vulnerability.

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting XSS vulnerability exploitable by users with the ability to control job names...

Servicing stack update for Windows 10, Version 1903: May 14, 2019

Servicing stack update for Windows 10, Version 1903: May 14, 2019 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Key changes include: Addresses an issue that may prevent updates from installing when using an...

CVE-2019-6452

Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password...

CVE-2019-6452

CVE-2019-6452 affects Kyocera Command Center RX on TASKalfa4501i and TASKalfa5052ci. The description states that remote attackers can abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password. The connected documents do not provide additional technical specifics ...

CVE-2019-12383

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting...

Information disclosure

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting...

DEBIAN-CVE-2019-12383

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting...

CVE-2019-12383

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting...

CVE-2019-12383

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting...

PT-2019-12773 · Tor +2 · Tor Browser +1

Name of the Vulnerable Software and Affected Versions: Tor Browser versions prior to 8.0.1 Description: The issue allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting. This is an information exposure issue...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-1407) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

The openSUSE Leap 42.3 kernel was updated to 4.4.179 to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS - CVE-2018-12127:...

Servicing stack update for Windows 10, Version 1803: May 14, 2019

Servicing stack update for Windows 10, Version 1803: May 14, 2019 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Key changes include: Addresses an issue in which enabling a feature times out and fails. This occurs if th...

CVE-2019-4072

IBM Tivoli Storage Productivity Center IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17 allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time,...

PT-2019-16881 · Ibm · Ibm Tivoli Storage Productivity Center

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Productivity Center versions 5.2.1 through 5.2.17 Description: The issue allows users to remain idle within the application even after logging out, and by utilizing the application's back button, users can remain logged in...

Explained: like-farming

Like-farming, aka like-harvesting, is a method used by commercial parties and scammers alike to raise the popularity of a site or domain. The ultimate dream of every like-farmer is for his post to go viral by accumulating as many likes and shares as possible from all over the world. Like-farmers...

PT-2019-11340 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.171 Jenkins LTS versions prior to 2.164.1 Description: The issue is related to a cross-site scripting XSS vulnerability. It occurs because the f:validateButton form control in the Jenkins UI does not properly escap...

Magic ISO Maker 5.5(build 281) - Serial Code Denial of Service (PoC)

Magic ISO Maker 5.5build 281 - Serial Code Denial of Service PoC -- coding: utf-8 -- Exploit Title: Magic Iso Maker 5.5build 281 - "Serial Code" Denial of Service PoC Date: 03/04/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.magiciso.com Software Link:...

November 27, 2018—KB4467681 (OS Build 16299.820)

November 27, 2018—KB4467681 OS Build 16299.820 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Ensures that certain windowed ActiveX controls scroll along with other page content in Intern...

Servicing stack update for Windows 10 Version 1809: April 2, 2019

Servicing stack update for Windows 10 Version 1809: April 2, 2019 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Key changes include: Addresses an issue where some devices drivers may fail to start after a driver rollba...

CVE-2017-7342

A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button...