Atlassian Jira Information Disclosure Vulnerability (CNVD-2019-30067)

Jira is a tool developed by Australian company Atlassian for defect tracking, issue tracking and project management. An information disclosure vulnerability exists in several work log rest resources in Jira. The vulnerability stems from a lack of privilege checking. A remote attacker could exploi...

Google Android System Elevation of Privilege Vulnerability (CNVD-2019-39720)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A security vulnerability exists in telephony in Android version 10, which stems from the program's lack of boundary checking. An attacker could exploit the vulnerability to elevate privileges...

Google Android System Elevation of Privilege Vulnerability (CNVD-2019-39721)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A security vulnerability exists in telephony in Android version 10, which stems from the program's lack of boundary checking. An attacker could exploit the vulnerability to elevate privileges...

CVE-2019-6695

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods...

Code injection

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods...

CVE-2019-6695

CVE-2019-6695 affects Fortinet FortiManager VM image packages (versions 6.2.0, 6.0.6 and below). The root cause is lack of root file system integrity checking, which could let an attacker recreate the VM image and implant third‑party programs before boot. Documented impact is image-level tamperin...

CVE-2019-1871 Cisco Integrated Management Controller Buffer Overflow Vulnerability

A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to cause a denial of service DoS condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is du...

Fake News and Influence: Information Warfare in the Digital Age

It’s 2019 and we live in a world where understanding what is real and what is fake can be challenging. For the security community, we increasingly deal with information warfare adversaries that rely on that fact; and, operating at internet scale, are capable of causing plenty of havoc...

OPENSUSE-SU-2019:1914-1 Security update for polkit

This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend bsc1121826. This update was imported from the SUSE:SLE-15:Update update project...

CVE-2019-12807

Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code...

CVE-2019-12807

Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code...

Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-4080-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4080-1 advisory. Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side- channel attacks. An attacker could possibly use thi...

NewStart CGSL CORE 5.04 / MAIN 5.04 : pcs Multiple Vulnerabilities (NS-SA-2019-0042)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pcs packages installed that are affected by multiple vulnerabilities: - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in...

SUSE SLED15 / SLES15 Security Update : polkit (SUSE-SU-2019:2018-1)

This update for polkit fixes the following issues : Security issue fixed : CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend bsc1121826. Note that Tenable Network Security has extracted the preceding description block directly from...

FreeBSD : bro -- NULL pointer dereference and Signed integer overflow (f56669f5-d799-4ff5-9174-64a6d571c451)

Jon Siwek of Corelight reports : This is a security patch release to address potential Denial of Service vulnerabilities : - NULL pointer dereference in the RPC analysis code. RPC analyzers e.g. MOUNT or NFS are not enabled in the default configuration. - Signed integer overflow in BinPAC-generat...

CVE-2019-14513

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491...

jolokia: system-wide CSRF that could lead to Remote Code Execution

A flaw was found in Jolokia, versions 1.2 through 1.6.0, where Jolokia did not correctly handle checking for origin and referrer headers when strict checking was enabled. An attacker could use this vulnerability to conduct cross-site request forgery or further attacks...

Cross-site Request Forgery (CSRF)

jolokia is vulnerable to cross-site request forgery CSRF. The backend manager does not properly handle the strict checking for origin and referrer header, causing a system-wide CSRF which subsequently allows a remote code execution...

DEBIAN-CVE-2019-14513

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491...

CVE-2019-14513

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491...