Security update for ucode-intel (important)

openSUSE Security Update: Security update for ucode-intel Announcement ID: openSUSE-SU-2019:1806-1 Rating: important References: 1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: openSUSE Leap 15.1 An update that fixes four vulnerabilities is...

AWS IAM Privilege Escalation – Methods and Mitigation – Part 2

The post AWS IAM Privilege Escalation - Methods and Mitigation - Part 2 appeared first on Rhino Security Labs...

openSUSE: Security Advisory for postgresql10 (openSUSE-SU-2019:1773-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-3969: Comodo Antivirus Privilege Escalation

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent’s handling of COM clients. A local process can bypass the signature check enforced by CmdAgent via process hollowing which can then allow the process to invoke sensitive COM methods in CmdAgen...

Rockwell Automation PanelView 5510

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: PanelView 5510 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated user to gain root privileges on the...

jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Spyse.Py - Python API Wrapper And Command-Line Client For The Tools Hosted On Spyse.Com

Python API wrapper and command-line client for the tools hosted on spyse.com. "Spyse is a developer of complete DAAS Data-As-A-Service solutions for Internet security professionals, corporate and remote system administrators, SSL / TLS encryption certificate providers, data centers and business...

Security update for libmediainfo (moderate)

openSUSE Security Update: Security update for libmediainfo Announcement ID: openSUSE-SU-2019:1629-1 Rating: moderate References: 1133156 1133157 Cross-References: CVE-2019-11372 CVE-2019-11373 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 openSUSE Backports SLE-15 An update that fixes...

PRODSECBUG-2245: Stored cross-site scripting in store shipping methods configuration

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

CVE-2019-7229

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of...

Design/Logic Flaw

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2019:1593-1 Rating: important References: 1138614 Cross-References: CVE-2019-11707 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Descriptio...

VLC zlib_decompress_extra Double Free Vulnerability

VLC media player is a free and open-source portable cross-platform media player software developed by the VideoLAN project. VLC is available for desktop operating systems and mobile platforms, such as Android, iOS, iPadOS, Wizen, Windows 10 Mobile, and Windows Phone. It is also available on digit...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:1583-1 Rating: important References: 1137595 Cross-References: CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that fix...

CVE-2019-4176

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881...

CVE-2019-4176

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881...

CVE-2019-4176

IBM Cognos Controller 10.2.0–10.4.0 is affected by CVE-2019-4176 due to an insecure HTTP Methods handling which could allow a remote attacker to bypass security restrictions and gain access to the system. Affected versions include 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0. The issue is documente...

PT-2019-16951 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.2.0 through 10.4.0 Description: The issue is related to an error concerning insecure HTTP Methods, which could allow a remote attacker to bypass security restrictions and gain access to the system...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:1557-1 Rating: important References: 1137332 Cross-References: CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837...

CVE-2019-12387

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...