Firefox 69 Now Blocks 3rd-Party Tracking Cookies and Cryptominers By Default

Mozilla has finally enabled the "Enhanced Tracking Protection" feature for all of its web browser users worldwide by default with the official launch of Firefox 69 for Windows, Mac, Linux, and Android. The company enabled the "Enhanced Tracking Protection" setting by default for its browser in Ju...

WordPress woo-confirmation-email plugin has unspecified vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. woo-confirmation-email is a plugin used in it to send email verification code. A security vulnerability exists in the WordPress...

CVE-2019-10059

The legacy finger service TCP port 79 is enabled by default on various older Lexmark devices...

Unable to start VMs in new Hosts - An emulator required to run this VM failed to start

Unable to start VM with vGPOU assigned on HOST with NVIDIA Card. Getting error: vm-start failed: "An emulator required to run this VM failed to start" Internal LOG: Dec 6 09:10:13 localhost vgpu-211384: demuinitialize: PLUGIN CONFIG: /usr/share/nvidia/vgx/gridp40-1b.conf,gpu-pci-id=0000:d8:00.0De...

Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass Vulnerability

Exploit Title: Microsoft Office Code Execution/Protection Bypass Exploit Author: Social Engineering Neo - @EngineeringNeo Software Link: https://products.office.com/en-nz/compare-all-microsoft-office-products Version: Office365/ProPlus - build 16.0.11901.20204 Tested on: Windows - build 18362.295...

Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass

Exploit Title: Microsoft Office Code Execution/Protection Bypass Exploit Author: Social Engineering Neo - @EngineeringNeo Software Link: https://products.office.com/en-nz/compare-all-microsoft-office-products Version: Office365/ProPlus - build 16.0.11901.20204 Tested on: Windows - build 18362.295...

TortoiseSVN v1.12.1 Remote Code Execution Vulnerability

TortoiseSVN is an open source client program for the Subversion version control system. A remote code execution vulnerability exists in TortoiseSVN version 1.12.1, which stems from a URI handler Tsvncmd: that allows a customized diff operation on an Excel workbook, which could be used to open a...

CVE-2018-1987

IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280...

Unpatched Flaws in IoT Smart Deadbolt Open Homes to Danger

UPDATE Researchers have uncovered vulnerabilities in a popular smart deadbolt could allow attackers to remotely unlock doors and break into homes. The manufacturer behind the smart lock, Hickory Hardware, has deployed patches to the affected apps on the Google Play Store and Apple App Store. The...

vim/neovim: ': source!' command allows arbitrary command execution via modelines

It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution...

[SECURITY] Fedora 29 Update: knot-resolver-4.1.0-1.fc29

The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is...

CVE-2019-1917

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...

CVE-2019-13279

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote...

UBUNTU-CVE-2019-13132

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due...

CVE-2019-6627

On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled...

CVE-2019-6627

On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled...

PT-2019-17023 · Automation Anywhere +1 · Automation Anywhere +1

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation with Automation Anywhere version 11 Description: The issue allows a local user to obtain highly sensitive information from log files when debugging is enabled. Recommendations: For IBM Robotic Process Automation...

The Modern-Day Heist: IP Theft Techniques That Enable Attackers

The Great Train Robbery of 1963 in Buckinghamshire, U.K., was orchestrated by a gang of 15 robbers that devised and executed a well-laid-out plan over the course of several months. Fast-forward 56 years and we’re still seeing gangs of modern-day robbers orchestrating elaborate plans – only in 201...

Vulnerability in core server (CVE-2019-10164)

Stack-based buffer overflow via setting a password An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as th...

PT-2022-9181 · Gnome +1 · Gnome Shell +1

Name of the Vulnerable Software and Affected Versions: gnome-shell versions affected versions not specified Description: A locking protection bypass flaw was found in gnome-shell, allowing a physical attacker with access to a locked system to kill existing applications and start new ones as the...