Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure

Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs open-xchange, dovecot, powerdns at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH Product:...

Veeam Availability Console U1 Cumulative Patch 1913

Challenge Veeam Availability Console U1 Cumulative Patch 1913. This update supersedes Veeam Availability Console U1 Cumulative Patch 1850. Cause Please confirm you are running version 2.0.2.1750 or later prior to installing this cumulative patch 1913. You can check this under Windows Programs and...

Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in MariaDB. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-2819 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a...

[SECURITY] Fedora 28 Update: kernel-headers-4.19.7-200.fc28

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

Amazon Linux AMI : mysql55 (ALAS-2018-1116)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the...

CVE-2018-19854

An issue was discovered in the Linux kernel before 4.19.3. cryptoreportone and related functions in crypto/cryptouser.c the crypto user configuration API do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a...

CVE-2018-19854

An issue was discovered in the Linux kernel before 4.19.3. cryptoreportone and related functions in crypto/cryptouser.c the crypto user configuration API do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a...

[SECURITY] Fedora 29 Update: kernel-headers-4.19.5-300.fc29

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs

Bug bounty programs continue to increase in popularity – but that popularity has its downsides. Since the launch of the Hack the Pentagon program in 2016, bug bounty programs have quickly grown in popularity. Bugcrowd’s State of Bug Bounty report this year found that the number of programs launch...

Miasm - Reverse Engineering Framework In Python

Miasm is a free and open source GPLv2 reverse engineering framework. Miasm aims to analyze / modify / generate binary programs. Here is a non exhaustive list of features: Opening / modifying / generating PE / ELF 32 / 64 LE / BE using Elfesteem Assembling / Disassembling X86 / ARM / MIPS / SH4 /...

Moderate: Red Hat Security Advisory: rh-mysql57-mysql security update

An update for rh-mysql57-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Veeam Availability Console U1 Cumulative Patch 1850

Challenge Veeam Availability Console U1 Cumulative Patch 1850. This update supersedes Veeam Availability Console U1 Cumulative Patch 1824. Cause Please confirm you are running version 2.0.2.1750 or later prior to installing this cumulative patch 1850. You can check this under Windows Programs and...

[SECURITY] Fedora 29 Update: gettext-0.19.8.1-18.fc29

The GNU gettext package provides a set of tools and documentation for producing multi-lingual messages in programs. Tools include a set of conventions about how programs should be written to support message catalogs, a directory and file naming organization for the message catalogs, a runtime...

[SECURITY] Fedora 29 Update: libssh-0.8.4-1.fc29

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

EulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)

According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability CPU Jul 2017 CVE-2017-3636 - mysql: Server: DML unspecified vulnerability CPU J...

CVE-2017-18348

Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNKHOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNKHOME/bin, becau...

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2018-21489)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in the Client programs subcomponent of the MySQL Server component of Oracle MySQL. An attacker could exploit this...

Standing behind “MSRC Listens”

Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. ...

EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)

According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability CPU Jul 2017 CVE-2017-3636 - mysql: Server: DML unspecified vulnerability CPU Jul 2017...

CVE-2018-6043

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page...