RMX Security CERT Global
- ESB-2019.2560 – [Juniper] Juniper SRX Series: Denial of service – Remote/unauthenticated-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2560 JSA10946 - 2019-07 Security Bulletin: SRX Series: srxpfe process crash while JSF/UTM module parses specific HTTP packets ... read more
- ESB-2019.2559 – [Juniper] Juniper EX4300 Series: Denial of service – Remote/unauthenticated-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2559 JSA10938 - 2019-07 Security Bulletin: Junos OS: EX4300 Series: Denial of Service upon receipt of large number ... read more
- CVE-2018-12401Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. ... read more
- CVE-2018-12406Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that ... read more
- CVE-2018-12389Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort ... read more
- CVE-2018-12407A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable ... read more
- CVE-2018-12399When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may ... read more
- CVE-2018-18497Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages ... read more
- CVE-2018-18496When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading ... read more
- CVE-2018-18493A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This ... read more
- CVE-2018-18495WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading ... read more
- CVE-2018-12400In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private ... read more
- CVE-2018-18499A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is ... read more
- CVE-2018-18494A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin ... read more
- CVE-2018-12403If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < ... read more
- CVE-2018-18492A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. ... read more
- CVE-2019-1674A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as ... read more
- CVE-2018-12395By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that ... read more
- CVE-2018-12405Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that ... read more
- CVE-2018-18498A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to ... read more
- CVE-2018-12402The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, ... read more
- CVE-2019-1663A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, ... read more
- CVE-2019-3599Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is ... read more
- CVE-2019-3598Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets. ... read more
- CVE-2019-3582Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances. ... read more
- Army Europe CG communications teams sharpen skills during training exerciseThe U.S. Army Europe Commanding General's Communications Team conducted a training exercise Feb. 19, 2019 at a hotel in Wiesbaden. ... read more
- CERTFR-2019-AVI-081 : Multiples vulnérabilités dans Wireshark (28 février 2019)De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance. ... read more
- CERTFR-2019-AVI-082 : Multiples vulnérabilités dans les produits Cisco (28 février 2019)De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance. ... read more
- CERTFR-2019-AVI-083 : Multiples vulnérabilités dans Aruba Instant (28 février 2019)De multiples vulnérabilités ont été découvertes dans Aruba Instant. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données ... read more
- CVE-2019-9227An issue was discovered in baigo CMS 2.1.1. There is a vulnerability that allows remote attackers to execute arbitrary code. A BG_SITE_NAME parameter with malicious code can be written into ... read more
- CVE-2019-9226An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the opt[base][BG_SITE_NAME] parameter to ... read more
- Kritisk sårbarhet i Cisco RV110W, RV130W och RV215WCisco har publicerat säkerhetsrättning gällande en kritisk sårbarhet i några av deras produkter. Sårbarheten möjliggör för en icke-autentiserad fjärrangripare att exekvera godtycklig kod i en påverkad produkt. Sårbarheten klassificeras som ... read more
- Vulnerabilità critica in dispositivi Cisco RV110W, RV130W e RV215WÈ stata scoperta una vulnerabilità critica nell’interfaccia Web di gestione dei router/firewall Cisco RV110W, Cisco RV130W e Cisco RV215W. ... read more
- OpenSSL Security UpdatesOpenSSL 1.0.2r has been released to address vulnerability in OpenSSL version 1.0.2 – 1.0.2q. Exploitation of this vulnerability may lead to disclosure of sensitive information. Users and Administrators are encouraged ... read more
- Cisco Security UpdatesCisco has released security updates to address vulnerabilities to its products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators are ... read more
- Drupal Security UpdatesDrupal has released security updates to address vulnerabilities in Drupal 8.6.x and 8.5.x. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and ... read more
- Adobe Security UpdatesAdobe has released security updates to address vulnerabilities in Acrobat and Reader for Windows and macOS. Exploitation of these vulnerabilities may lead an attacker to obtain sensitive information. Users and ... read more
- Vulnerabilidad 0-byte record padding oracle en OpenSSLFecha de publicación: 28/02/2019 Importancia: Media Recursos afectados: OpenSSL 1.0.2 Descripción: OpenSSL ha publicado una vulnerabilidad de tipo 0-byte record padding oracle que podría permitir a un ... read more
- Vulnerabilidad 0-byte record padding oracle en OpenSSLPublication date: 02/28/2019 Importance: Media Affected resources: OpenSSL 1.0.2 Description: OpenSSL ha publicado una vulnerabilidad de tipo 0-byte record padding oracle que podría permitir a un atacante ... read more
- JVN: Microsoft Teams のインストーラにおける DLL 読み込みに関する脆弱性Microsoft Teams のインストーラには、DLL 読み込みに関する脆弱性が存在します。続きを読む ... read more
- JVN: WordPress 用プラグイン Smart Forms におけるクロスサイトリクエストフォージェリの脆弱性WordPress 用プラグイン Smart Forms には、クロスサイトリクエストフォージェリの脆弱性が存在します。続きを読む ... read more
- JVN: Windows 7 における DLL 読み込みに関する脆弱性Windows 7 には、DLL 読み込みに関する脆弱性が存在します。続きを読む ... read more
- CVE-2019-9209Gravedad: NonePublicado: 28/02/2019Last revised: 28/02/2019Descripción: *** Pendiente de traducción *** In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed ... read more
- CVE-2019-9214Gravedad: NonePublicado: 28/02/2019Last revised: 28/02/2019Descripción: *** Pendiente de traducción *** In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by ... read more
- CVE-2019-9208Gravedad: NonePublicado: 28/02/2019Last revised: 28/02/2019Descripción: *** Pendiente de traducción *** In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by ... read more
- CVE-2019-9215Gravedad: NonePublicado: 28/02/2019Last revised: 28/02/2019Descripción: *** Pendiente de traducción *** In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. ... read more
- Protocolo EtherNet/IP: analizando sus comunicaciones y medidas de seguridadEtherNet/IP es la adaptación del protocolo CIP (Common Industrial Protocol) desarrollado por ODVA al modelo de Ethernet. A lo largo del artículo veremos los protocolos en los que apoya sus ... read more
- Vulnerabilità in applicazioni Cisco Webex per WindowsCisco ha rilasciato un bollettino di sicurezza relativo ad una vulnerabilità di gravità elevata nel servizio di update dei prodotti Cisco Webex Meetings Desktop App e Cisco Webex Productivity Tools. ... read more
- Múltiples vulnerabilidades en productos CiscoFecha de publicación: 28/02/2019 Importancia: Crítica Recursos afectados: Cisco RV110W Wireless-N VPN Firewall, versiones anteriores a 1.2.2.1 Cisco RV130W Wireless-N Multifunction VPN Router, versiones anteriores a 1.0.3.45 Cisco ... read more
- Múltiples vulnerabilidades en productos CiscoPublication date: 02/28/2019 Importance: Crítica Affected resources: Cisco RV110W Wireless-N VPN Firewall, versiones anteriores a 1.2.2.1 Cisco RV130W Wireless-N Multifunction VPN Router, versiones anteriores a 1.0.3.45 Cisco RV215W ... read more
Title | Category | Tag |