tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1500)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of...

Denial Of Service (DoS)

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled...

Workspace App Android "restoring data connection" message when EDT is enabled

On the GUI we see a "restoring data connection" message but the connection is not restored. This happens when EDT is enabled viaHDXoverUDP=preferred Studio Policy and NetScaler DTLS enabled setting if connecting from outside the network. On the logs we might see similar messages as the following:...

Microsoft Outlook Attachment Previewing Enabled

Microsoft Outlook application that is installed on the remote host has attachment previewing enabled. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Microsoft Security Updates API. The text itself is copyright C Microsoft Corporatio...

Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered

A new powerful rootkit-enabled spyware operation has been discovered wherein hackers are distributing multifunctional malware disguised as cracked software or trojanized app posing as legitimate software like video players, drivers and even anti-virus products. While the rootkit malware—dubbed...

CVE-2019-3837

It was found that the netdma code in tcprecvmsg in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg for the same network socket in parallel executed on ioatdma-enabled hardware with netdma enabled can leak the memory,...

Memory corruption

It was found that the netdma code in tcprecvmsg in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg for the same network socket in parallel executed on ioatdma-enabled hardware with netdma enabled can leak the memory,...

CVE-2019-5426

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" SOCKS proxy functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SS...

Code injection

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" SOCKS proxy functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SS...

CVE-2019-7475

A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8...

SonicOS Unprivileged User Access ARS

A vulnerability in SonicOS with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8,...

CVE-2019-3821

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service...

LAPSToolkit - Tool To Audit And Attack LAPS Environments

Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsoft's Local Administrator Password Solution LAPS. It includes finding groups specifically delegated by sysadmins, finding users with "All Extended Rights" that can vi...

October 18, 2018—KB4462925 (Preview of Monthly Rollup)

October 18, 2018—KB4462925 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4462929 released October 9, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses th...

tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

Belkin Wemo UPnP - Remote Code Execution Exploit

V This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Belkin Wemo UPnP Remote Code Execution', 'Description' = %q This module exploits a command injection in the Belkin Wemo UPnP API via the...

[SECURITY] Fedora 29 Update: nss-3.42.1-1.fc29

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

Don’t Get Your Valentine an Internet-Connected Sex Toy

Mozilla expands its “Privacy Not Included” gift guide to the bedroom: It’s all sexy fun and games until someone hacks a WiFi-enabled butt plug...

Part 1: Mobile Banking and Buying – The Good and the Bad

Banking and buying with your mobile device is powerful and convenient—and in some ways safer than using your bank card. You can check your balance, make secure payments, deposit checks, and transfer funds. You can even connect your debit or credit card to Apple or Google Pay or another payment...