OPENSUSE-SU-2019:1673-1 Security update for tomcat

This update for tomcat to version 9.0.20 fixes the following issues: Security issues fixed: - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames bsc1131055. - CVE-2019-0221: Fixed a cross site scripting vulnerability...

Security update for tomcat (moderate)

openSUSE Security Update: Security update for tomcat Announcement ID: openSUSE-SU-2019:1673-1 Rating: moderate References: 1111966 1131055 1136085 Cross-References: CVE-2019-0199 CVE-2019-0221 Affected Products: openSUSE Leap 15.0 An update that solves two vulnerabilities and has one errata is no...

OPENSUSE-SU-2019:1534-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 60.7.0esr boo1135824 MFSA 2019-14: CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext CVE-2019-11691: Use-after-free in XMLHttpRequest CVE-2019-11692: Use-after-free removing...

Google Chrome WasmMemoryObject::Grow Use-After-Free

Chrome: Use-after-free in WasmMemoryObject::Grow VULNERABILITY DETAILS https://cs.chromium.org/chromium/src/v8/src/wasm/wasm-objects.cc?rcl=783343158eb1b147df7e6669f1d03c690c878e21&l=1253 int32t WasmMemoryObject::GrowIsolate isolate, Handle memoryobject, uint32t pages ... Handle newbuffer; if...

EulerOS 2.0 SP5 : 389-ds-base (EulerOS-SA-2019-1562)

According to the version of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most...

wildfly: wrong SecurityIdentity for EE concurrency threads that are reused

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread with that security identity. As these threads do not necessarily terminate if the 'keep alive' time has not expired, this could allow a shared thread to use the wrong securit...

wildfly: wrong SecurityIdentity for EE concurrency threads that are reused

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread with that security identity. As these threads do not necessarily terminate if the 'keep alive' time has not expired, this could allow a shared thread to use the wrong securit...

wildfly: wrong SecurityIdentity for EE concurrency threads that are reused

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread with that security identity. As these threads do not necessarily terminate if the 'keep alive' time has not expired, this could allow a shared thread to use the wrong securit...

DEBIAN-CVE-2019-3883

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during...

vBulletin 4.2.5 Ajax Threads 1.1.3 Lite Open Redirection

Exploit Title : vBulletin 4.2.5 Ajax Threads 1.1.3 Lite Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 04/03/2019 Vendor Homepage : vbulletin.com dragonbyte-tech.com Software Information Link : dragonbyte-tech.com/store/ajax-threads.114/ Softwa...

Apache 2.4.17 / 2.4.18 DoS

According to its banner, the version of Apache running on the remote host is either 2.4.17 or 2.4.18. A denial of service DoS vulnerability exists in server threads due to a lengthy thread-block time. An unauthenticated, remote attacker can exploit this issue, to block server threads, and causing...

ALPINE-CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

FreeBSD : powerdns-recursor -- multiple vulnerabilities (40d92cc5-1e2b-11e9-bef6-6805ca2fa271)

PowerDNS Team reports : CVE-2019-3806: An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. When the recursor is configured to run with...

powerdns-recursor -- multiple vulnerabilities

PowerDNS Team reports: CVE-2019-3806: An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. When the recursor is configured to run with...

Fedora 28 : systemd (2018-24bd6c9d4a)

Fix a local vulnerability from a race condition in chown-recursive CVE-2018-15687, 1643367 - Fix a local vulnerability from invalid handling of long lines in state deserialization CVE-2018-15686, 1643372 - Fix a remote vulnerability in DHCPv6 in systemd-networkd CVE-2018-15688, 1643362 -...

Fedora 29 : systemd (2018-c402eea18b)

Fix a local vulnerability from a race condition in chown-recursive CVE-2018-15687, 1639076 - Fix a local vulnerability from invalid handling of long lines in state deserialization CVE-2018-15686, 1639071 - Fix a remote vulnerability in DHCPv6 in systemd-networkd CVE-2018-15688, 1639067 - The DHCP...

On premise user enumeration

On premise enumeration of valid exchange users //usr/bin/env go run "$0" "$@"; exit "$?" package main import "crypto/tls" "metasploit/module" "msmail" "net/http" "sort" "strconv" "sync" "time" func main metadata := &module.Metadata Name: "On premise user enumeration", Description: "On premise...

openSUSE Security Update : haproxy (openSUSE-2018-1229)

This update for haproxy to version 1.8.14 fixes the following issues : These security issues were fixed : - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpackvalididx that resulted in a remote crash and denial of service bsc1108683 -...

Security update for haproxy (important)

This update for haproxy to version 1.8.14 fixes the following issues: These security issues were fixed: - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpackvalididx that resulted in a remote crash and denial of service bsc1108683 - CVE-2018-11469...

Nameles - Open Source Entropy Based Invalid Traffic Detection And Pre-Bid Filtering

Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping. For a high level overview you might want to check out the website If you have any questions or...