Apache Tomcat vulnerability CVE-2018-1336
Apache Tomcat vulnerability CVE-2018-1336 Security Advisory Security Advisory Description An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite ...
Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
The vulnerability is due to insufficient CSRF protections...
Bash vulnerability CVE-2019-18276
Bash vulnerability CVE-2019-18276 Security Advisory Security Advisory Description An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is ...
Linux kernel vulnerability CVE-2019-19069
Linux kernel vulnerability CVE-2019-19069 Security Advisory Security Advisory Description A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel ...
Vulnerability Summary for the Week of January 20, 2020
Original release date: January 27, 2020The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated...
Tout – 652,683 breached accounts
In approximately September 2014, the now defunct social networking service Tout suffered a data breach. The breach subsequently appeared years later and included 653k unique email addresses, names, IP addresses, the location of the user, their bio and passwords...
Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability
A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile...
Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability
A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is due to incorrect processing...
Cisco Releases Security Updates
Original release date: January 24, 2020Cisco has released security updates to address a vulnerability affecting Cisco Webex Meetings Suite and Cisco Webex Meetings Online. A remote attacker could exploit this vulnerability to obtain sensitive information.
The Cybersecurity and Infrastructure Security...
NSA Releases Guidance on Mitigating Cloud Vulnerabilities
Original release date: January 24, 2020The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures.
The Cybersecurity and Infrastructure...
Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
The vulnerability is due to insufficient validation...
Citrix Releases Security Updates for SD-WAN WANOP
Original release date: January 23, 2020Citrix has released security updates to address the CVE-2019-19781 vulnerability in Citrix SD-WAN WANOP. An attacker could exploit this vulnerability to take control of an affected system. Citrix has also released an Indicators of...
Linux kernel vulnerability CVE-2019-19057
Linux kernel vulnerability CVE-2019-19057 Security Advisory Security Advisory Description Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie ...
Apache Tomcat vulnerability CVE-2019-17563
Apache Tomcat vulnerability CVE-2019-17563 Security Advisory Security Advisory Description When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 ...
Cisco Releases Security Updates
Original release date: January 23, 2020Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the...
GE CARESCAPE, ApexPro, and Clinical Information Center systems
This advisory contains mitigations for multiple vulnerabilities in the GE CARESCAPE ApexPro and Clinical Information Center (CIC) healthcare monitoring platforms.
Linux kernel vulnerability CVE-2019-19058
Linux kernel vulnerability CVE-2019-19058 Security Advisory Security Advisory Description A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux ...
Linux kernel vulnerability CVE-2019-14896
Linux kernel vulnerability CVE-2019-14896 Security Advisory Security Advisory Description A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in ...
Linux kernel vulnerabilities CVE-2019-19061 CVE-2019-19077 CVE-2019-19078 CVE-2019-19080 CVE-2019-19082
Linux kernel vulnerabilities CVE-2019-19061 CVE-2019-19077 CVE-2019-19078 CVE-2019-19080 CVE-2019-19082 Security Advisory Security Advisory Description CVE-2019-19061 A memory leak in the adis_ ...
Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device.
The vulnerability is due...
DEF CON China conference put on hold due to coronavirus outbreak
DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates
We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago Enigma More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still...
Average Ransomware Payments More Than Doubled in Q4 2019
Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable
Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...
One Small Fix Would Curb Stingray Surveillance
The technology needed to limit stingrays is clear—but good luck getting telecoms on board.
