CVE-2019-17491

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemdescription parameter to web/admin/problem/create or web/polygon/problem/update...

CVE-2019-17493

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemsampleinput parameter to web/admin/problem/create or web/polygon/problem/update...

CVE-2019-17493

CVE-2019-17493 affects Jiangnan Online Judge (jnoj) 0.8.0. It has a cross-site scripting (XSS) vulnerability triggered by the Problem[sample_input] parameter in web/admin/problem/create or web/polygon/problem/update. Root cause per CNVD entry is lack of proper validation of client-side data. Impa...

Jiangnan Online Judge Arbitrary File Upload Vulnerability

Jiangnan Online Judge is an online evaluation system for computer programming. The system is mainly used for compiling and executing the source code submitted by users and checking the correctness of the program source code. A code issue vulnerability exists in...

Signal Forced Call Acceptance

Signal: Incoming call can be connected without user interaction There is a logic error in Signal that can cause an incoming call to be answered even if the callee does not pick it up. In the Android client, there is a method handleCallConnected that causes the call to finish connecting. During...

Upgrading to Storefront 3.12 CU4 fails - MSI logs shows Citrix Protocol Transition service exception

When attempting to upgrade Storefront 3.12 LTSR to CU4 fails. In the Install wizard the following message is displayed: When checking the MSI Installer logs the following exception is found NOTE: MSI logs are found in C:\Windows\Temp\Storefront\CitrixMsi-CitrixStoreFront-x64-201X.-xx-xx-xx.log...

CVE-2019-5461

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...

CVE-2019-15917

An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hciuartregisterdev fails in hciuartsetproto in drivers/bluetooth/hcildisc.c...

EulerOS 2.0 SP8 : qemu-kvm (EulerOS-SA-2019-1815)

According to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in QEMU's Media Transfer Protocol MTP where a path traversal in the in usbmtpwritedata function in hw/usb/dev-mtp.c due to an...

Solving the Cyber Security Problem: Mission Impossible

By Ian Trump Why nothing is working in cyber security? Solving the Security Problem: Mission Impossible - Cyber Securities Book of Revelations. This is a post from HackRead.com Read the original post: Solving the Cyber Security Problem: Mission Impossible...

Exim < 4.92.1 Input-Validation RCE

According to its banner, the version of Exim running on the remote host is prior to 4.92.1. It is, therefore, potentially affected an input-validation flaw in the '$sort ' expansion. A remote attacker could potentially execute arbitrary code. Note that the default configuration does not include...

CVE-2019-14763

In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with fhid...

ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

CVE-2018-20859

CVE-2018-20859 affects the Open edX platform (edx-platform). It describes an XSS vulnerability: edx-platform before 2018-07-18 allows executing client-side code via a response to a Chemical Equation advanced problem. The root cause is lack of proper validation of client data in the web applicatio...

openSUSE Security Update : glibc (openSUSE-2019-1798)

This update for glibc fixes the following issues : Security issues fixed : - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match bsc1127308. - CVE-2009-5155: Fixed a denial of service in parseregexp bsc1127223. Non-security issues fixed : ...

PT-2019-16984 · Hewlett Packard +2 · Hp-Ux +2

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect version 7.1 Description: The issue affects the backup or archive operation of HP-UX VxFS objects. If an object has more than twelve Access Control List ACL entries, the IBM Spectrum Protect client silently skips these...

SUSE-SU-2019:1877-1 Security update for glibc

This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match bsc1127308. - CVE-2009-5155: Fixed a denial of service in parseregexp bsc1127223. Non-security issues fixed: -...

Master VM Gets Error "The Trust Relatioship Between This Workstation and The Primary Domain Failed" When Trying to Logon to it Using a Domain Account

When trying to log on to master VM using a domain account right after capturing a vDisk from it, an admin user gets error "The trust relationship between this workstation and the primary domain failed." Resetting or deleting and recreating machine account from PVS console does not resolve issue...

CVE-2019-9676

Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker lo...

ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...