- Advertisement -
Current Threats
[webapps] FaceSentry Access Control System 6.4.8 – Remote Command InjectionVuln: Oracle July 2019 Critical Patch Update Multiple Vulnerabilities[webapps] FaceSentry Access Control System 6.4.8 – Cross-Site Request Forgery[webapps] FaceSentry Access Control System 6.4.8 – Remote Root Exploit[remote] FaceSentry Access Control System 6.4.8 – Remote SSH Root[webapps] Centreon 19.04 – Remote Code Execution[webapps] Symantec DLP 15.5 MP1 – Cross-Site Scripting[webapps] Karenderia Multiple Restaurant System 5.3 – SQL Injection[dos] Firefox 67.0.4 – Denial of Service[dos] Microsoft Windows – Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts[dos] Mozilla Spidermonkey – Unboxed Objects Uninitialized Memory Access[dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth[dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth[dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling Due to Negative nAxes[dos] Microsoft DirectWrite / AFDKO – Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes[dos] Microsoft DirectWrite / AFDKO – Use of Uninitialized Memory While Freeing Resources in var_loadavar[dos] Microsoft DirectWrite / AFDKO – Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW[dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray[dos] Microsoft DirectWrite / AFDKO – Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding[dos] Microsoft DirectWrite / AFDKO – Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect[dos] Microsoft DirectWrite / AFDKO – Heap-Based Buffer Overflow in OpenType Font Handling in readCharset[dos] Microsoft DirectWrite / AFDKO – Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory[dos] Microsoft DirectWrite / AFDKO – Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Unbounded iFDVuln: GitLab CVE-2018-19569 Unauthorized API Access Vulnerability[webapps] Sitecore 9.0 rev 171002 – Persistent Cross-Site ScriptingVuln: GitLab CVE-2018-19575 Security Vulnerability[local] SNMPc Enterprise Edition 9/10 – Mapping Filename Buffer OverflowVuln: GitLab CVE-2018-19493 HTML Injection VulnerabilityVuln: Multiple F5 BIG-IP Products CVE-2019-6631 Denial of Service Vulnerability[dos] Microsoft DirectWrite / AFDKO – Heap-Based Buffer Overflow in OpenType Font Handling in readStringsVuln: Exiv2 CVE-2019-13504 Remote Denial of Service Vulnerability[dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator[dos] Microsoft DirectWrite / AFDKO – Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName IndexVuln: Multiple WAGO Industrial Managed Switches Security Bypass VulnerabilityphpFK lite-version Cross Site Scripting[dos] Microsoft DirectWrite / AFDKO – Multiple Bugs in OpenType Font Handling Related to the “post” Table[dos] Microsoft DirectWrite / AFDKO – NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarraysVuln: Microsoft Windows X.509 Certificate CVE-2019-0865 Denial of Service VulnerabilityMicrosoft DirectWrite / AFDKO OpenType readEncoding Buffer Overflow[dos] Microsoft DirectWrite / AFDKO – Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Empty ROS StringsVuln: Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability[remote] Apache mod_ssl < 2.8.7 OpenSSL – 'OpenFuckV2.c' Remote Buffer Overflow (2)Vuln: Docker CVE-2018-15664 Symlink Directory Traversal VulnerabilityUbuntu Security Notice USN-4051-2[webapps] WordPress Plugin Like Button 1.6.0 – Authentication BypassVuln: Redhat Openshift Container Platform CVE-2019-3889 Cross Site Scripting VulnerabilityUbuntu Security Notice USN-4049-2[webapps] Karenderia Multiple Restaurant System 5.3 – Local File InclusionVuln: Linux Kernel CVE-2019-11477 Integer Overflow VulnerabilityUbuntu Security Notice USN-4046-1[remote] Microsoft Exchange 2003 – base64-MIME Remote Code ExecutionVuln: Red Hat Undertow CVE-2019-3888 Information Disclosure VulnerabilityiPhone iMessage Malformed Message BrickingI2P 0.9.41[local] Serv-U FTP Server – prepareinstallation Privilege Escalation (Metasploit)Vuln: Linux Kernel CVE-2019-11478 Denial of Service VulnerabilityVuln: IBM Spectrum Protect Plus Multiple Security VulnerabilitiesGRR 3.3.0.4[remote] Apache Tomcat – CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)Vuln: Oracle Java SE CVE-2019-2698 Remote Security Vulnerability[local] Mac OS X TimeMachine – ‘tmdiagnose’ Command Injection Privilege Escalation (Metasploit)Vuln: Oracle Java SE CVE-2019-2697 Remote Security VulnerabilityScapy Packet Manipulation Tool 2.4.3rc2[webapps] dotProject 2.1.9 – SQL Injection[webapps] SeedDMS versions < 5.1.11 – Remote Command Execution[webapps] SeedDMS < 5.1.11 – 'out.UsrMgr.php' Cross-Site Scripting[webapps] SeedDMS < 5.1.11 – 'out.GroupMgr.php' Cross-Site Scripting[shellcode] Linux/x86_64 – Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode[dos] GSearch 1.0.1.0 – Denial of Service (PoC)[webapps] GrandNode 4.40 – Path Traversal / Arbitrary File Download[dos] Microsoft Windows – ‘CmpAddRemoveContainerToCLFSLog’ Arbitrary File/Directory Creation[dos] Microsoft Windows Font Cache Service – Insecure Sections Privilege Escalation[remote] SuperDoctor5 – ‘NRPE’ Remote Code Execution[remote] SAPIDO RB-1732 – Remote Command ExecutionVuln: Linux Kernel CVE-2019-12984 Null Pointer Dereference Remote Denial of Service Vulnerability[papers] Buffer Overflows, C Programming, NSA GHIDRA and MoreVuln: Cisco Data Center Network Manager CVE-2019-1620 Multiple Security Vulnerabilities[webapps] Fortinet FCM-MB40 – Cross-Site Request Forgery / Remote Command ExecutionVuln: Cisco Data Center Network Manager CVE-2019-1622 Information Disclosure Vulnerability[webapps] AZADMIN CMS 1.0 – SQL InjectionVuln: Cisco Data Center Network Manager CVE-2019-1621 Arbitrary File Download Vulnerability[webapps] BlogEngine.NET 3.3.6/3.3.7 – ‘path’ Directory TraversalVuln: Cisco Data Center Network Manager CVE-2019-1619 Authentication Bypass Vulnerability[webapps] WordPress Plugin iLive 1.0.4 – Cross-Site Scripting[webapps] WordPress Plugin Live Chat Unlimited 2.8.3 – Cross-Site Scripting[dos] Mozilla Spidermonkey – IonMonkey ‘Array.prototype.pop’ Type Confusion[remote] Nagios XI 5.5.6 – Magpie_debug.php Root Remote Code Execution (Metasploit)Ubuntu Security Notice USN-4040-2Ubuntu Security Notice USN-4040-1WebEx Man-In-The-MiddleD-Link Administrative Password DisclosureAMD Secure Encrypted Virtualization (SEV) Key RecoveryUbuntu Security Notice USN-4038-1Ubuntu Security Notice USN-4038-2Coldfusion / JNBridge Remote Code ExecutionGNUnet P2P Framework 0.11.5Vuln: Linux kernel CVE-2019-12817 Local Privilege Escalation VulnerabilityVuln: Nessus CVE-2019-3961 Cross Site Scripting VulnerabilityNagios XI Magpie_debug.php Root Remote Code ExecutionVuln: Multiple Cisco Products CVE-2019-1845 Denial of Service Vulnerability

Cyber Watch

- Advertisement -

Deeper Learning