Virtuozzo 7 : readykernel-patch (VZA-2018-072)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in createelftables. An unprivileged local user with access to SUID or otherwise...

Updated keepalived package fixes security vulnerabilities

keepalived before version 2.0.9 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data ...

Secure Critical Infrastructure Top of Mind for U.S.

When it comes to cyber-threats and defense, the U.S. government says that critical infrastructure threats are a growing concern. Rob Joyce, senior advisor of cybersecurity strategy for the National Security Agency NSA, said that while attacks targeting the systems that power the manufacturing,...

Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities

Summary Rational DOORS Web Access has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-8034 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by a missing host name verification when using TLS with the WebSocket client. ...

AWS FreeRTOS Bugs Allow Compromise of IoT Devices

Researchers have found that a popular Internet of Things real-time operating system – FreeRTOS – is riddled with serious vulnerabilities. The bugs could allow hackers to crash connected devices in smart homes or critical infrastructure systems, leak information from the devices’ memory, and take...

Multiple D-Link Routers Open to Complete Takeover with Simple Attack

Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher. Błażej Adamczyk of the Silesian University of Technology in Poland discovered the vulnerabilities in May,...

FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure

Summary Thermal Imaging Camera For Continuous Condition and Safety Monitoring FLIR AX8 is a thermal sensor with imaging capabilities. Combining thermal and visual cameras in a small, affordable package, the AX8 provides continuous temperature monitoring and alarming capabilities to protec critica...

USN-3719-3 mutt vulnerabilities

USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were not correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS. This update corrects the oversight. We apologize for the inconvenience. Original advisory details: It was discovered that Mutt incorrectly handled certain...

Antidote 9.5.1 Code Execution

CVE-2018-13140 Antidote Remote Code Execution against the update component Description Antidote is a spell checker software for Windows, Linux macOS operating system. Threat The application is affected by a remote code execution against the update component. It leads to code execution with high...

ManageEngine Multiple Products File Disclosure

File disclosure vulnerability in ManageEngine Firewall Analyzer, NetFlow Analyzer, Network Configuration Manager, OpManager and OpUtils Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Business Service Manager (CVE-2012-5783)

Summary IBM WebSphere Application Server is shipped as a component of Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the Security Bulletin:...

CVE-2018-16376

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2encodepacket in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact...

Securing Container Deployments with Qualys

With container adoption booming, security teams must protect the applications that DevOps teams create and deploy using this method of OS virtualization. The security must be comprehensive across the entire container lifecycle, and built into the DevOps pipeline in a way that is seamless and...

Security News: Hackers Aim Ransomware at Big Cos., as Experts Call for Swift Patching of Struts Bug

Ransomware raids aimed at specific targets with big pockets. Another Struts vulnerability -- but scarier than last year’s. An Android spyware that records your phone calls. These are some of the security news that have caught our attention. New Struts Bug Should Be Patched Yesterday Apache patche...

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

A new remote code execution vulnerability in Apache Struts 2, CVE-2018-11776, was disclosed yesterday. While this vulnerability does not exist with a default configuration of Struts, it does exist in commonly seen configurations for some Struts plugins. Update August 24, 2018: A dashboard for thi...

Black Hat 2018: Google Bug Hunter Urges Apple to Change its iOS Security Culture

LAS VEGAS – Prolific Google bug hunter Ian Beer ripped into Apple on Wednesday, urging the iPhone maker to change its culture when it comes to iOS security. He said the company suffers from an all-too-common affliction of patching an iOS bug, but not fixing the systemic roots that contribute to t...

ThreatList: Financial Services Firms Lag in Patching Habits

Almost half 45 percent of financial services firms in a recent survey have reported a data breach in the last two years – with many of those attacks being completely avoidable if known vulnerabilities were patched. In a Ponemon Institute survey of nearly 3,000 cybersecurity professionals at...

Linux Kernel TCP Vulnerability

On the week of July 15th researcher Juha-Matti Tilli disclosed a vulnerability he discovered in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland NCSC-FI, CERT Coordination Center CERT/CC, and Akamai. The vulnerability, CVE-2018-5390, is a resource exhaustio...

What I expect from IT Asset Inventory

The main problem of vulnerability management, in my opinion, is that it is not always clear whether we know about ALL network hosts existing in our infrastructure or not. So, not the actual process of scanning and the detection of vulnerabilities, but the lack of knowledge what we should scan...

Spectre Will Haunt Us For a Long Time

During a recent Congressional hearing, Senators voiced concerns about the ongoing Spectre and Meltdown vulnerabilities. While the technical details were predictably glossed over, most of the hearing focused on Intel informing Chinese partners about the flaws six months before they went public...