UBUNTU-CVE-2019-2435

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connector...

Sql injection

The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter method in core/oxconfig.php...

Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security

Almost every activity on the Internet starts with a DNS query, a key function of the Internet that works as an Internet's directory where your device looks up for the server IP addresses after you enter a human-readable web address e.g., thehackernews.com. Since DNS queries are sent in clear text...

Detect PROFINET targets listening on the Network Layer.

Binary data scadaprofinetnetworkdetect.nbin...

CentOS 7 : keepalived (CESA-2019:0022)

An update for keepalived is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Kalitorify - Transparent Proxy Through Tor For Kali Linux OS

kalitorify is a shell script for Kali Linux which use iptables settings for transparent proxy through Tor, the program also allows you to perform various checks like checking the external ip, or if Tor has been configured correctly. What is Transparent Proxy? Also known as an intercepting proxy,...

UBUNTU-CVE-2018-16870

It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data...

Teaching Cybersecurity Policy

Peter Swire proposes a a pedagogic framework for teaching cybersecurity policy. Specifically, he makes real the old joke about adding levels to the OSI networking stack: an organizational layer, a government layer, and an international layer...

UBUNTU-CVE-2018-16875

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients a...

AZL-79028 CVE-2018-16875 affecting package golang 1.25.7-1

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients a...

CVE-2018-2502

TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST Cross Site Tracing attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer B1ONHANA, versions 9.2, 9.3...

CVE-2018-2502

CVE-2018-2502 affects SAP Business One Service Layer (B1_ON_HANA) with TRACE method enabled, enabling potential Cross Site Tracing (XST) when frontend applications expose an XSS vulnerability. The connected documents specify the vulnerable component as SAP Business One Service Layer and reference...

CVE-2018-2502

TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST Cross Site Tracing attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer B1ONHANA, versions 9.2, 9.3...

Cross site scripting

TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST Cross Site Tracing attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer B1ONHANA, versions 9.2, 9.3...

CVE-2018-2502

TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST Cross Site Tracing attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer B1ONHANA, versions 9.2, 9.3...

apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*

It was discovered that when Apache CXF is configured to use the system property com.sun.net.ssl.internal.www.protocol ,it uses reflection to make the HostnameVerifier work with old com.sun.net.ssl.HostnameVerifier interface. Although the CXF implementation throws an exception, which is caught in...

Google Android L2TP Component Privilege Permission and Access Control Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA, of which L2TP is an L2TP Internet Tunneling Protocol component. A boost vulnerability exists in the L2TP component in Android. A local attacker can exploit this vulnerability to...

Tcpreplay - Pcap Editing And Replay Tools For *NIX And Windows

Tcpreplay is a suite of GPLv3 licensed utilities for UNIX and Win32 under Cygwin operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4...

UBUNTU-CVE-2018-1002105

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...

CVE-2018-12121

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...