Design/Logic Flaw

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

CVE-2019-10174

CVE-2019-10174 concerns Infinispan. The public ReflectionUtil.invokeAccessibly method allows an application class to invoke private methods in any class with Infinispan’s privileges, enabling unintended behavior changes via reflection. Connected advisories (OSV/RHSA) reference a security fix path...

The Debate Over How to Encrypt the Internet of Things

So-called lightweight encryption has its place. But some researchers argue that more manufacturers should stick with proven methods...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:2545-1 Rating: important References: 1157269 Cross-References: CVE-2019-13723 CVE-2019-13724 Affected Products: openSUSE Leap 15.0 An update that fixes two vulnerabilities is now available. Description: This...

Ransomware: 30 Years and Still Going Strong

In the tech world, systems – and methods to break said systems – seem to evolve by the minute. Technological advancement grows exponentially each year, and the realm of cybersecurity is no exception. However, some entities have survived and even thrived over the decades, rather than falling...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

Authorization Bypass

infinispan is vulnerable to authorization bypass. The vulnerability exists as the invokeAccessibly method in the ReflectionUtil class allows the invokation of any private methods with Infinispan's privileges...

CVE-2019-10174

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

CVE-2019-18954

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

Xxe

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

Security update for ucode-intel (important)

openSUSE Security Update: Security update for ucode-intel Announcement ID: openSUSE-SU-2019:2509-1 Rating: important References: 1139073 1141035 1155988 Cross-References: CVE-2019-11135 CVE-2019-11139 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one erra...

Fedora Update for apache-commons-beanutils FEDORA-2019-79b5790566

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: apache-commons-beanutils-1.9.4-1.fc30

The scope of this package is to create a package of Java utility methods for accessing and modifying the properties of arbitrary JavaBeans. No dependencies outside of the JDK are required, so the use of this package is very lightweight...

OpenType Font Parsing Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems...

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 12, 2019

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 12, 2019 This update rollup is a security update that resolves vulnerabilities in Microsoft Exchange. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures...

Recommended update for MozillaThunderbird (important)

openSUSE Security Update: Recommended update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:2464-1 Rating: important References: 1149126 1149429 1151186 1152778 1153879 1154738 Cross-References: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762...

Security update for MozillaFirefox, MozillaFirefox-branding-SLE (important)

openSUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE Announcement ID: openSUSE-SU-2019:2459-1 Rating: important References: 1104841 1129528 1137990 1149429 1151186 1153423 1153869 1154738 Cross-References: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759...

Mozilla: document.domain-based origin isolation has same-origin-property violation

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two...

CVE-2019-8142

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store...

CVE-2019-8142

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store...