jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Spyse.Py - Python API Wrapper And Command-Line Client For The Tools Hosted On Spyse.Com

Python API wrapper and command-line client for the tools hosted on spyse.com. "Spyse is a developer of complete DAAS Data-As-A-Service solutions for Internet security professionals, corporate and remote system administrators, SSL / TLS encryption certificate providers, data centers and business...

Security update for libmediainfo (moderate)

openSUSE Security Update: Security update for libmediainfo Announcement ID: openSUSE-SU-2019:1629-1 Rating: moderate References: 1133156 1133157 Cross-References: CVE-2019-11372 CVE-2019-11373 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 openSUSE Backports SLE-15 An update that fixes...

PRODSECBUG-2245: Stored cross-site scripting in store shipping methods configuration

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

CVE-2019-7229

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of...

Design/Logic Flaw

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2019:1593-1 Rating: important References: 1138614 Cross-References: CVE-2019-11707 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Descriptio...

VLC zlib_decompress_extra Double Free Vulnerability

VLC media player is a free and open-source portable cross-platform media player software developed by the VideoLAN project. VLC is available for desktop operating systems and mobile platforms, such as Android, iOS, iPadOS, Wizen, Windows 10 Mobile, and Windows Phone. It is also available on digit...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:1583-1 Rating: important References: 1137595 Cross-References: CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that fix...

CVE-2019-4176

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881...

CVE-2019-4176

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881...

CVE-2019-4176

IBM Cognos Controller 10.2.0–10.4.0 is affected by CVE-2019-4176 due to an insecure HTTP Methods handling which could allow a remote attacker to bypass security restrictions and gain access to the system. Affected versions include 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0. The issue is documente...

PT-2019-16951 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.2.0 through 10.4.0 Description: The issue is related to an error concerning insecure HTTP Methods, which could allow a remote attacker to bypass security restrictions and gain access to the system...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:1557-1 Rating: important References: 1137332 Cross-References: CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837...

CVE-2019-12387

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

Hunting COM Objects (Part Two)

Background As a follow up to Part One in this blog series on COM object hunting, this post will talk about taking the COM object hunting methodology deeper by looking at interesting COM object methods exposed in properties and sub-properties of COM objects. What is a COM Object? According to...

Description of the security update for Microsoft Exchange Server 2019 and 2016: June 11, 2019

Description of the security update for Microsoft Exchange Server 2019 and 2016: June 11, 2019 This update rollup is a security update. This security update resolves vulnerabilities in Microsoft Exchange. To learn more about these vulnerabilities, see the following Common Vulnerabilities and...

GHSA-6CC5-2VG4-CC7M Twisted CRLF Injection

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

Design/Logic Flaw

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

CVE-2019-12387

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...