The vulnerability of the spice-gtk utility in the Astra Linux operating system, which allows a hacker to trigger a service failure.

The vulnerability of the spice-gtk utility in the Astra Linux operating system is related to errors in the operation of USB devices when ilev-enabled is set in policykit. Exploiting this vulnerability can allow a perpetrator to cause service failures...

jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files...

kibana: Audit logging Remote Code Execution issue

An arbitrary code execution flaw was found in Kibana in versions prior to 5.6.15 and 6.6.1. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executi...

Hundreds of BEC Scammers Arrested in Nigeria and U.S. — $3.7 Million Recovered

Breaking News — The Nigerian prince and his allies who might have also asked you over an email for your assistance to help save "the first African astronaut lost in space" have finally been arrested by the FBI. Don't take it too seriously, as there's no Nigerian prince or an astronaut seeking you...

Firefox 69 Now Blocks 3rd-Party Tracking Cookies and Cryptominers By Default

Mozilla has finally enabled the "Enhanced Tracking Protection" feature for all of its web browser users worldwide by default with the official launch of Firefox 69 for Windows, Mac, Linux, and Android. The company enabled the "Enhanced Tracking Protection" setting by default for its browser in Ju...

WordPress woo-confirmation-email plugin has unspecified vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. woo-confirmation-email is a plugin used in it to send email verification code. A security vulnerability exists in the WordPress...

CVE-2019-10059

The legacy finger service TCP port 79 is enabled by default on various older Lexmark devices...

Unable to start VMs in new Hosts - An emulator required to run this VM failed to start

Unable to start VM with vGPOU assigned on HOST with NVIDIA Card. Getting error: vm-start failed: "An emulator required to run this VM failed to start" Internal LOG: Dec 6 09:10:13 localhost vgpu-211384: demuinitialize: PLUGIN CONFIG: /usr/share/nvidia/vgx/gridp40-1b.conf,gpu-pci-id=0000:d8:00.0De...

Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass Vulnerability

Exploit Title: Microsoft Office Code Execution/Protection Bypass Exploit Author: Social Engineering Neo - @EngineeringNeo Software Link: https://products.office.com/en-nz/compare-all-microsoft-office-products Version: Office365/ProPlus - build 16.0.11901.20204 Tested on: Windows - build 18362.295...

Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass

Exploit Title: Microsoft Office Code Execution/Protection Bypass Exploit Author: Social Engineering Neo - @EngineeringNeo Software Link: https://products.office.com/en-nz/compare-all-microsoft-office-products Version: Office365/ProPlus - build 16.0.11901.20204 Tested on: Windows - build 18362.295...

TortoiseSVN v1.12.1 Remote Code Execution Vulnerability

TortoiseSVN is an open source client program for the Subversion version control system. A remote code execution vulnerability exists in TortoiseSVN version 1.12.1, which stems from a URI handler Tsvncmd: that allows a customized diff operation on an Excel workbook, which could be used to open a...

CVE-2018-1987

IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280...

Unpatched Flaws in IoT Smart Deadbolt Open Homes to Danger

UPDATE Researchers have uncovered vulnerabilities in a popular smart deadbolt could allow attackers to remotely unlock doors and break into homes. The manufacturer behind the smart lock, Hickory Hardware, has deployed patches to the affected apps on the Google Play Store and Apple App Store. The...

vim/neovim: ': source!' command allows arbitrary command execution via modelines

It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution...

[SECURITY] Fedora 29 Update: knot-resolver-4.1.0-1.fc29

The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is...

CVE-2019-1917

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...

CVE-2019-13279

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote...

UBUNTU-CVE-2019-13132

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due...

CVE-2019-6627

On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled...

CVE-2019-6627

On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled...