Fedora 30 : php (2019-6350c4e21a)

PHP version 7.3.5 02 May 2019 Core: - Fixed bug php77903 ArrayIterator stops iterating after offsetSet call. Nikita CLI: - Fixed bug php77794 Incorrect Date header format in built-in server. kelunik EXIF - Fixed bug php77950 Heap-buffer-overflow in estrndup via exifprocessIFDTAG. CVE-2019-11036...

Fedora 29 : php (2019-6e325234a4)

PHP version 7.2.18 02 May 2019 CLI: - Fixed bug php77794 Incorrect Date header format in built-in server. kelunik EXIF - Fixed bug php77950 Heap-buffer-overflow in estrndup via exifprocessIFDTAG. CVE-2019-11036 Stas Interbase: - Fixed bug php72175 Impossibility of creating multiple connections to...

Scientific Linux Security Update : freeradius on SL7.x x86_64 (20190509)

Security Fixes : - freeradius: eap-pwd: authentication bypass via an invalid curve attack CVE-2019-11235 - freeradius: eap-pwd: fake authentication using reflection CVE-2019-11234 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description...

freeradius: eap-pwd: fake authentication using reflection

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

Sandbox Restrictions Bypass

openjdk is vulnerable to sandbox restrictions bypass. An improper permission check issue was discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

Arbitrary Code Execution

Oracle Java SE is vulnerable to arbitrary code execution attacks. Remote unauthenticated attackers could execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager...

ALPINE-CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

DEBIAN-CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

Preparing the Internet for the Next Mega DDoS Attack

When you think of a distributed denial-of-service DDoS attack at this point in the age of the internet, you might be thinking they’re old news. But when a multi-million-dollar business can be easily taken offline by an unskilled adversary and a $5 rent-a-DDoS service, I would argue that the issue...

Debian: Security Advisory (DSA-4430-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3944-1: wpa_supplicant and hostapd vulnerabilities

It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. CVE-2019-9495 Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly validated received scalar and...

USN-3944-1 wpa vulnerabilities

It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. CVE-2019-9495 Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly validated received scalar and...

XanXSS - A Simple XSS Finding Tool

XanXSS is a reflected XSS searching tool DOM coming soon that creates payloads based from templates. Unlike other XSS scanners that just run through a list of payloads. XanXSS tries to make the payload unidentifiable, for example: /cLIcKMe!XaNxss With XanXSS every payload is different. XanXSS wor...

GLSA-201903-13 : BIND: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-13 BIND: Multiple vulnerabilities Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : BIND can improperly permit recursive query service to...

BIND: Multiple vulnerabilities

Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact BIND can improperly permit recursive query service to unauthorized clients possibly resulting i...

. NET advanced code audit（third class）Fastjson deserialization vulnerability-vulnerability warning-the black bar safety net

In Java Fastjson ever broke the plurality of deserialization vulnerabilities and Bypass version, and in. Net field also has a Fastjson library 作者官宣这是一个读写Json效率最高的的.Net components, using the built-in method JSON. ToJSON can be quickly serialized. Net objects. Let you easily achieve. Net of all...

openSUSE: Security Advisory for avahi (openSUSE-SU-2019:0197-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for avahi (moderate)

openSUSE Security Update: Security update for avahi Announcement ID: openSUSE-SU-2019:0197-1 Rating: moderate References: 1120281 Cross-References: CVE-2018-1000845 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for avahi...

ISC BIND Allow-Recursion Vulnerability

According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is 9.9.12, 9.10.7, 9.11.3, 9.12.0 prior to or equal to 9.12.1-P2, development release 9.13.0, 9.9.12-S1, 9.11.3-S1, or 9.11.3-S2. It is, therefore, affected by an allow-recursion vulnerability whi...

SUSE SLES11 Security Update : avahi (SUSE-SU-2019:13947-1)

This update for avahi fixes the following issues : Security issue fixed : CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses DOS bsc1120281 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable...