Security update for djvulibre (moderate)

openSUSE Security Update: Security update for djvulibre Announcement ID: openSUSE-SU-2019:2574-1 Rating: moderate References: 1154401 1156188 Cross-References: CVE-2019-18804 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has one errata is now available...

CVE-2019-6477

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to...

SUSE-SU-2019:3033-1 Security update for djvulibre

This update for djvulibre fixes the following issues: Security issue fixed: - CVE-2019-18804: Fixed a null pointer dereference bsc1156188. Other issue addressed: - Fixed a crash when mmx was enabled bsc1154401...

ALPINE-CVE-2019-18934

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the configuration...

Microsoft Office365 Integrity Validation / Remote Code Execution

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...

Microsoft Office 365 / ProPlus 16.0.11929.202.88 Remote Code Execution Vulnerability

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...

Apache Solr Remote Command Execution Vulnerability Based on Velocity Templates

Apache Solr is the United States Apache Apache Software Foundation of a Lucene a full-text search engine based on the search server . The product supports level search , vertical search , highlighting search results and so on. A remote command execution vulnerability exists in Apache Solr based o...

CVE-2019-5536

VMware ESXi 6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG, Workstation 15.x before 15.5.0 and Fusion 11.x before 11.5.0 contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privilege...

IoT security will set innovation free: Azure Sphere general availability scheduled for February 2020

Today, at the IoT Solutions World Congress, we announced that Azure Sphere will be generally available in February of 2020. General availability will mark our readiness to fulfill our security promise at scale, and to put the power of Microsoft’s expertise to work for our customers every day—by...

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

CVE-2019-15248

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...

CVE-2019-15248 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...

CVE-2019-15244 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...

CVE-2019-17662

ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a...

Denial of service

On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending a crafted SIP packet, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a sustained Denial of Service. This issue...

The vulnerability of the spice-gtk utility in the Astra Linux operating system, which allows a hacker to trigger a service failure.

The vulnerability of the spice-gtk utility in the Astra Linux operating system is related to errors in the operation of USB devices when ilev-enabled is set in policykit. Exploiting this vulnerability can allow a perpetrator to cause service failures...

jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files...

kibana: Audit logging Remote Code Execution issue

An arbitrary code execution flaw was found in Kibana in versions prior to 5.6.15 and 6.6.1. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executi...

Hundreds of BEC Scammers Arrested in Nigeria and U.S. — $3.7 Million Recovered

Breaking News — The Nigerian prince and his allies who might have also asked you over an email for your assistance to help save "the first African astronaut lost in space" have finally been arrested by the FBI. Don't take it too seriously, as there's no Nigerian prince or an astronaut seeking you...