Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Mozilla Firefox ESR < 60.8

The version of Firefox ESR installed on the remote Windows host is prior to 60.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-22 advisory. - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use,...

UBUNTU-CVE-2019-11712

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Regipy - An OS Independent Python Library For Parsing Offline Registry Hives

Regipy is a python library for parsing offline registry hives. regipy has a lot of capabilities: Use as a library: Recurse over the registry hive, from root or a given path and get all subkeys and values Read specific subkeys and values Apply transaction logs on a registry hive Command Line Tools...

EulerOS Virtualization for ARM 64 3.0.2.0 : gstreamer1-plugins-base (EulerOS-SA-2019-1712)

According to the version of the gstreamer1-plugins-base package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted...

Security vulnerabilities fixed in Thunderbird 60.8 — Mozilla

As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. When an inner window is reused, it does not consider the use of document.domain for cross-origin...

KLA11524 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, cause denial of service, perform cross-site scripting attack, obtain sensitive information, execute arbitrary code. Below is a...

CVE-2019-13351

posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 as distributed with alsa-plugins 1.1.7 and later has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which...

CVE-2019-13351

posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 as distributed with alsa-plugins 1.1.7 and later has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which...

CVE-2019-13351

CVE-2019-13351 affects JACK2 (libjack) shipped with JACK2 1.9.1–1.9.12 (as distributed with alsa-plugins 1.1.7+). The issue is a double file descriptor close in posix/JackSocket.cpp during a failed connection when jackd2 is not running. Exploitation depends on multithreaded timing of the double c...

CVE-2019-13351

posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 as distributed with alsa-plugins 1.1.7 and later has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which...

CVE-2019-13351

posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 as distributed with alsa-plugins 1.1.7 and later has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which...

RHEL 7 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:1636)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1636 advisory. This advisory contains the jenkins-2-plugins RPM packages for Red Hat OpenShift Container Platform 4.1.4. See the following advisory for the...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.1 jenkins-2-plugins security update

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

openSUSE Security Update : gstreamer-plugins-base (openSUSE-2019-1639)

This update for gstreamer-plugins-base fixes the following issue: Security issue fixed : - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser bsc1133375. This update was imported from the SUSE:SLE-12-SP2:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security,...

openSUSE: Security Advisory for gstreamer-0_10-plugins-base (openSUSE-SU-2019:1638-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for gstreamer-plugins-base (openSUSE-SU-2019:1639-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Lynis 2.7.5 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Security update for gstreamer-plugins-base (important)

openSUSE Security Update: Security update for gstreamer-plugins-base Announcement ID: openSUSE-SU-2019:1639-1 Rating: important References: 1133375 Cross-References: CVE-2019-9928 Affected Products: openSUSE Leap 42.3 An update that fixes one vulnerability is now available. Description: This upda...

Security update for gstreamer-0_10-plugins-base (important)

openSUSE Security Update: Security update for gstreamer-010-plugins-base Announcement ID: openSUSE-SU-2019:1638-1 Rating: important References: 1133375 Cross-References: CVE-2019-9928 Affected Products: openSUSE Leap 42.3 An update that fixes one vulnerability is now available. Description: This...