openSUSE: Security Advisory for gpg2 (openSUSE-SU-2019:1917-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for vlc (important)

openSUSE Security Update: Security update for vlc Announcement ID: openSUSE-SU-2019:1897-1 Rating: important References: 1118586 1138354 1138933 1141522 1142161 1143547 1143549 Cross-References: CVE-2018-19857 CVE-2019-12874 CVE-2019-13602 CVE-2019-13962 CVE-2019-5439 CVE-2019-5459 CVE-2019-5460...

Security update for bzip2 (important)

openSUSE Security Update: Security update for bzip2 Announcement ID: openSUSE-SU-2019:1918-1 Rating: important References: 1139083 Cross-References: CVE-2019-12900 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

Overview of CVE-2017-11882 In terms of vulnerability exploit...

Security update for mumble (moderate)

openSUSE Security Update: Security update for mumble Announcement ID: openSUSE-SU-2019:1876-1 Rating: moderate References: 1123334 Cross-References: CVE-2018-20743 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This update fo...

Security update for znc (important)

openSUSE Security Update: Security update for znc Announcement ID: openSUSE-SU-2019:1859-1 Rating: important References: 1130360 1138572 Cross-References: CVE-2019-12816 CVE-2019-9917 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...

SQL Injection

magento/community-edition is vulnerable to SQL injection. The vulnerability exists as a user with marketing manipulation privileges can invoke methods that alter data of the underlying model followed by corresponding database modifications...

Security update for aubio (moderate)

openSUSE Security Update: Security update for aubio Announcement ID: openSUSE-SU-2019:1852-1 Rating: moderate References: 1137823 1142433 1142435 1142436 Cross-References: CVE-2018-19802 CVE-2019-1010222 CVE-2019-1010223 CVE-2019-1010224 Affected Products: openSUSE Backports SLE-15 An update that...

Evaluating the NSA's Telephony Metadata Program

Interesting analysis: "Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act's Metadata Program be Extended?" by Susan Landau and Asaf Lubin. Abstract: The telephony metadata program which was authorized under Section 215 of the PATRIOT Act, remains one of the most controversi...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:1848-1 Rating: important References: 1143492 1144625 Cross-References: CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853 CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857 CVE-2019-5858 CVE-2019-58...

Black Hat 2019: WhatsApp Users Still Open to Message Manipulation

LAS VEGAS – Researchers at Black Hat USA 2019 demoed how known vulnerabilities in WhatsApp could still be exploited in several attacks that manipulate chats. Facebook-owned WhatsApp is a popular end-to-end encrypted messaging platform with at least 1.5 billion users. Researchers with Check Point...

openSUSE: Security Advisory for aubio (openSUSE-SU-2019:1834-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

PYSEC-2019-11

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...

PT-2019-4652 · Ruby +8 · Ruby +8

Name of the Vulnerable Software and Affected Versions: Ruby versions 2.4.7 and earlier, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 Description: The issue allows code injection if the first argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an...

Security update for ucode-intel (important)

openSUSE Security Update: Security update for ucode-intel Announcement ID: openSUSE-SU-2019:1806-1 Rating: important References: 1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: openSUSE Leap 15.1 An update that fixes four vulnerabilities is...

AWS IAM Privilege Escalation – Methods and Mitigation – Part 2

The post AWS IAM Privilege Escalation - Methods and Mitigation - Part 2 appeared first on Rhino Security Labs...

openSUSE: Security Advisory for postgresql10 (openSUSE-SU-2019:1773-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-3969: Comodo Antivirus Privilege Escalation

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent’s handling of COM clients. A local process can bypass the signature check enforced by CmdAgent via process hollowing which can then allow the process to invoke sensitive COM methods in CmdAgen...

Rockwell Automation PanelView 5510

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: PanelView 5510 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated user to gain root privileges on the...