glibc vulnerabilities CVE-2019-1010024, CVE-2019-1010025
glibc vulnerabilities CVE-2019-1010024, CVE-2019-1010025 Security Advisory Security Advisory Description CVE-2019-1010024 GNU Libc current is affected by: Mitigation bypass. The impact is: ...
Cisco Data Center Network Manager Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.
The vulnerability is due to improper access controls for certain URLs on...
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device.
The vulnerability is due to incorrect permission settings in affected DCNM software. An...
Cisco Data Center Network Manager Arbitrary File Download Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device.
The vulnerability is due to incorrect permissions settings on affected...
Cisco Data Center Network Manager Authentication Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.
The vulnerability is due to improper session...
Supermicro BMC vulnerability CVE-2019-9999
Supermicro BMC vulnerability CVE-2019-9999 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...
*EMBARGOED* BIG-IP ASM vulnerability CVE-2019-6650
*EMBARGOED* BIG-IP ASM vulnerability CVE-2019-6650 Security Advisory Security Advisory Description *EMBARGOED* F5 BIG-IP ASM may expose sensitive information and allow the system configuration to ...
**EMBARGOED** ConfigSync vulnerability CVE-2019-6649
**EMBARGOED** ConfigSync vulnerability CVE-2019-6649 Security Advisory Security Advisory Description F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system ...
Tridium Niagara
This advisory contains mitigations for information exposure and improper authorization vulnerabilities in Tridium's Niagara business application framework software.
WECON LeviStudioU (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-19-036-03 WECON LeviStudioU that was published February 5, 2019, on the ICS webpage on us-cert.gov. This advisory includes mitigations for stack-based buffer overflow, heap-based buffer overflow, and memory...
Google Releases Security Updates for Chrome
Original release date: September 19, 2019Google has released Chrome 77.0.3865.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages...
Cisco HyperFlex Software Cross-Frame Scripting Vulnerability
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device.
This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this...
Cisco HyperFlex Software Counter Value Injection Vulnerability
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device.
The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit...
Meet the BlueHat Content Advisory Board
We couldn’t do BlueHat without the Content Advisory Board, the brain trust reviewing submissions to the CFP. Representing both Microsoft and other parts of security community, the CAB applies their industry and speaker experience to create the BlueHat agenda...
Cisco Identity Services Engine Privilege Escalation Vulnerability
A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device.
The vulnerability is due to improper controls on certain pages in the web...
CPU vulnerability CVE-2019-11184
CPU vulnerability CVE-2019-11184 Security Advisory Security Advisory Description A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an ...
Lumin PDF – 15,453,048 breached accounts
In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left...
Linux kernel vulnerability CVE-2019-12615
Linux kernel vulnerability CVE-2019-12615 Security Advisory Security Advisory Description An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel ...
Apache HTTPD vulnerability CVE-2019-10098
Apache HTTPD vulnerability CVE-2019-10098 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...
VMware Releases Security Updates for Multiple Products
Original release date: September 17, 2019VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users...
Organizations struggle to manage cyberthreats without automation
Report details how many organizations lack faith in their security systems to manage an ever-expanding digital landscape.
News Wrap: Emotet’s Return, U.S. Vs. Snowden, Physical Pen Testers Arrested
Threatpost editors discuss the return of Emotet, a new lawsuit against Edward Snowden and more.
France Has ‘Not Changed Mind’ on Rejecting Snowden Asylum
France has not changed its mind on rejecting any asylum request from US surveillance whistleblower Edward Snowden, its foreign minister said Thursday, after the former CIA employee said he would like sanctuary in the country.
read more
Two Indicted in $10 Million Tech Support Fraud Scheme
The United States Department of Justice this week announced the arrest of two individuals charged for participating in a long-term tech support fraud scheme.
read more
IDG Contributor Network: Lessons learned through 15 years of SDL at work
Do a quick search on secure development and you’ll find pages and pages of advice and best practices. You could relatively quickly create a long checklist of best practices and how-tos covering everything from how to create a threat...
