CVE-2019-15626

The Deep Security Manager application Versions 10.0, 11.0 and 12.0, when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability...

CVE-2019-9488

Trend Micro Deep Security Manager 10.x, 11.x and Vulnerability Protection 2.0 are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager DSM...

CVE-2019-9488

Trend Micro Deep Security Manager 10.x, 11.x and Vulnerability Protection 2.0 are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager DSM...

Xxe

Trend Micro Deep Security Manager 10.x, 11.x and Vulnerability Protection 2.0 are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager DSM...

CVE-2019-9488

Trend Micro Deep Security Manager 10.x, 11.x and Vulnerability Protection 2.0 are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager DSM...

CVE-2019-9488

CVE-2019-9488 affects Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0). The vulnerability is a XML External Entity Attack triggered when parsing XML, with the prerequisite that an attacker already has root/admin access on a host approved to communicate with the De...

How To Handle Evolutions in Cybercrime

Cybercriminals are Evolving Attackers are constantly evolving their techniques—finding ways to evade your defenses and stay in your systems longer. Today, 68% of attacks remain undetected for months or more. Traditional antivirus AV can’t hold up against the modern hacker. New attacks, like...

CEO 'Deep Fake' Swindles Company Out of $243K

In the first known case of successful financial scamming via audio deep fakes, cybercrooks were able to create a near-perfect impersonation of a chief executive’s voice – and then used the audio to fool his company into transferring $243,000 to their bank account. A deep fake is a plausible video...

Deep learning rises: New methods for detecting malicious PowerShell

Scientific and technological advancements in deep learning, a category of algorithms within the larger framework of machine learning, provide new opportunities for development of state-of-the art protection technologies. Deep learning methods are impressively outperforming traditional methods on...

ts-node-server (>=1.1.0 <=2.0.0) potentially affected by CVE-2019-10746 via mixin-deep (=2.0.0)

mixin-deep NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mixin-deep and may be impacted: - ts-node-server =1.1.0, =2.0.0 Source cves: CVE-2019-10746 Source advisory: OSV:GHSA-FHJF-83WG-R2J9...

apidocs-cli (>=0.0.0 <=2.0.1), assemble-init (=0.1.0) +80 more potentially affected by CVE-2019-10746 via mixin-deep (>=0.1.0 <=1.0.1)

mixin-deep NPM version =0.1.0, =0.0.0, =0.1.0-beta.2, =0.1.0, =0.1.1, =0.1.2, =0.0.1, =0.0.1, =0.1.0, =1.0.2, =0.0.5, =0.2.2, =0.3.0 - create-component =0.1.1 and more Source cves: CVE-2019-10746 Source advisory: OSV:GHSA-FHJF-83WG-R2J9...

GHSA-FHJF-83WG-R2J9 Prototype Pollution in mixin-deep

Versions of mixin-deep prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The mixinDeep function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...

Prototype Pollution in mixin-deep

Versions of mixin-deep prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The mixinDeep function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

Design/Logic Flaw

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

CVE-2019-5592

CVE-2019-5592 describes padding oracle vulnerabilities in FortiOS SSL Deep Inspection with CBC padding in the FortiOS IPS engine. Affected FortiGate/FortiOS IPS versions (5.000–5.006, 4.000–4.036, 4.200–4.219, and 3.547 and below) configured with SSL Deep Inspection policies and the IPS sensor en...

CVE-2019-10746

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

DEBIAN-CVE-2019-10746

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...