8752 matches found
CVE-2018-5738 Some versions of BIND can improperly permit recursive query service to unauthorized clients
Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has not specified a value for the...
CVE-2019-2480
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
The Advanced Persistent Threat files: APT10
We've heard a lot about Advanced Persistent Threats APTs over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a...
[SECURITY] Fedora 28 Update: nbdkit-1.4.4-1.fc28
NBD is a protocol for accessing block devices hard disks and disk-like things over the network. 'nbdkit' is a toolkit for creating NBD servers. The key features are: Multithreaded NBD server written in C with good performance. Well-documented, simple plugin API with a stable ABI guarantee. Allows...
KLA11404 Multiple vulnerabilities in Microsoft Development Tools
Multiple vulnerabilities were found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, perform cross-site scripting attacks. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability in Team Foundation...
Intel SGX SDK and SGX Platform Software Elevation of Privilege Vulnerability
Intel SGX SDK and SGX Platform Software are both products of Intel Corporation, Intel SGX SDK is a software development kit based on SGX Intel Software Security Extensions technology, and SGX Platform Software is a software protection extension platform. A security vulnerability exists in Intel S...
TA505 Crime Gang Debuts Brand-New ServHelper Backdoor
A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace. According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has two variants: one focused on remote...
[SECURITY] Fedora 29 Update: python-django-2.0.10-1.fc29
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
Detecting Insecure Cookies with Qualys Web Application Scanning
Cookies are ubiquitous in today's modern web applications. If an attacker can acquire a user's session cookie by exploiting a cross-site scripting XSS vulnerability, by sniffing an unencrypted HTTP connection, or by some other means, then they can potentially hijack a user's valid session...
Debian DSA-4363-1 : python-django - security update
It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4363. The text itself is...
Guide to Developing a National Cybersecurity Strategy—a resource for policymakers to respond to cybersecurity challenges
Nations from every corner of the world are increasingly leveraging digital transformation to grow their economies and empower businesses to improve services, including vital services provided by critical infrastructures. This adoption of new information communications technologies ICT has...
mkcert: valid HTTPS certificates for localhost
or for any other names The web is moving to HTTPS, preventing network attackers from observing or injecting page contents. But HTTPS needs TLS certificates, and while deployment is increasingly a solved issue thanks to the ACME protocol and Let's Encrypt, development still mostly ends up happenin...
Debian DLA-1629-1 : python-django security update
It was discovered that there was a content-spoofing vulnerability in the default 404 pages in the Django web development framework. For more information, please see : https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ For Debian 8 'Jessie', this issue has been fixed in...
Debian: Security Advisory (DSA-4363-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
@5minutes2start/react-scripts (>=1.1.2 <=1.1.4), @biko/react-scripts (>=0.1.0 <=0.4.0) +132 more potentially affected by CVE-2018-6342 via react-dev-utils (>=4.0.0 <=4.2.1)
react-dev-utils NPM version =4.0.0, =1.1.2, =0.1.0, =0.8.12, =0.1.0, =0.0.1, =2.13.0, =2.14.0, =0.2.0, =0.3.0, =0.2.2, =0.2.10-SNAPSHOT.481, =0.2.10-SNAPSHOT.673 - @leizeng/react-scripts-ts =2.13.0 and more Source cves: CVE-2018-6342 Source advisory: OSV:GHSA-29GP-92WP-94Q8...
CVE-2018-17188
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full...
Design/Logic Flaw
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full...
SUSE SLED15 / SLES15 Security Update : Initial update for kernel-azure (SUSE-SU-2018:1952-1)
This update is the initial delivery of the Azure flavor of the Linux Kernel, which contains enhancements and optimizations for running the SUSE Linux Enterprise kernel in the Azure cloud. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...
SUSE SLED15 / SLES15 Security Update : pam (SUSE-SU-2018:3965-1)
This update for pam fixes the following issue : Security issue fixed : CVE-2018-17953: Fixed IP address and subnet handling of pamaccess.so that was not honoured correctly when a single host was specified bsc1115640. Note that Tenable Network Security has extracted the preceding description block...
SQLite report about CVE-2019-19317
This CVE identifies a bug in a development check-in of SQLite. The bug never appeared in any official SQLite release. details...