CVE-2019-11762

If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox 70, Thunderbird 68.2, and Firefox ESR 68.2...

CVE-2018-12547

In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...

Multiple Citrix Licenses are Allocated Erroneously for Mobile Laptops

Multiple Citrix licenses can be consumed erroneously for mobile laptops when switching connectivity methods...

Description of the security update for Word 2013: December 10, 2019

Description of the security update for Word 2013: December 10, 2019 Summary This security update resolves a denial of service vulnerability that exists in Microsoft Word software if the software does not correctly handle objects in memory. To learn more about the vulnerability, see Microsoft Comm...

CVE-2019-18850

TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITEPATHQUERY"...

CVE-2019-18850

TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITEPATHQUERY"...

CVE-2019-18850

TrevorC2 v1.1/v1.2 is affected by a fingerprinting issue caused by a mismatch in response headers for different HTTP methods and by predictable responses when accessing SITE_PATH_QUERY. The CVE (CVE-2019-18850) is documented with both NVD and Red Hat entries, noting the risk of information disclo...

Pomelo allows external control of critical state data

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

GHSA-X92H-WMG2-6HP7 Invalid HTTP method overrides allow possible XSS or other attacks in Symfony

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...

Invalid HTTP method overrides allow possible XSS or other attacks in Symfony

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...

openSUSE: Security Advisory for freerdp (openSUSE-SU-2019:2604-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for djvulibre (moderate)

openSUSE Security Update: Security update for djvulibre Announcement ID: openSUSE-SU-2019:2576-1 Rating: moderate References: 1154401 1156188 Cross-References: CVE-2019-18804 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...

Device quarantine for alternate pci assignment methods

ISSUE DESCRIPTION XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of...

Citrix Provisioning Service Target Device compatibility with Hyper V Generation 2 Virtual Machines.

The following table shows which 64-bit and 32-bit versions of Windows you can use as a guest operating system for generation 1 and generation 2 virtual machines. 64-bit versions of Windows| Generation 1| Generation 2 ---|---|--- Windows Server 2019| ✔| ✔ Windows Server 2016| ✔| ✔ Windows Server...

CVE-2019-10174

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

Design/Logic Flaw

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

CVE-2019-10174

CVE-2019-10174 concerns Infinispan. The public ReflectionUtil.invokeAccessibly method allows an application class to invoke private methods in any class with Infinispan’s privileges, enabling unintended behavior changes via reflection. Connected advisories (OSV/RHSA) reference a security fix path...

The Debate Over How to Encrypt the Internet of Things

So-called lightweight encryption has its place. But some researchers argue that more manufacturers should stick with proven methods...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:2545-1 Rating: important References: 1157269 Cross-References: CVE-2019-13723 CVE-2019-13724 Affected Products: openSUSE Leap 15.0 An update that fixes two vulnerabilities is now available. Description: This...

Ransomware: 30 Years and Still Going Strong

In the tech world, systems – and methods to break said systems – seem to evolve by the minute. Technological advancement grows exponentially each year, and the realm of cybersecurity is no exception. However, some entities have survived and even thrived over the decades, rather than falling...