- Advertisement -
Current Threats
Vuln: curl/libcURL CVE-2019-5436 Heap Buffer Overflow VulnerabilityAngry Polar Bear 2: Microsoft Windows Error Reporting Local Privilege EscalationVuln: curl/libcURL CVE-2019-5435 Multiple Integer Overflow VulnerabilitiesInternet Explorer JavaScript Privilege EscalationVuln: QEMU CVE-2019-12247 Integer Overflow VulnerabilityVuln: QEMU CVE-2019-12155 Local Denial of Service VulnerabilityVuln: Microsoft Windows ‘SetJobFileSecurityByName()’ Function Local Privilege Escalation VulnerabilityVuln: Apache Camel CVE-2019-0188 XML External Entity Injection VulnerabilityUbuntu Security Notice USN-3993-1Vuln: Mozilla Firefox Multiple Security VulnerabilitiesUbuntu Security Notice USN-3992-1Blue Prism Robotic Process Automation (RPA) Privilege EscalationVuln: Mitsubishi Electric MELSEC-Q Series PLCs CVE-2019-10977 Remote Denial of Service VulnerabilityMicrosoft Windows Task Scheduler .job Import Arbitrary DACL WriteVuln: Mozilla Firefox/Thunderbird/Firefox ESR Multiple Security VulnerabilitiesUbuntu Security Notice USN-3991-1Vuln: Intel Microarchitectural Data Sampling Multiple Local Information Disclosure VulnerabilitiesWebKitGTK+ / WPE WebKit Code ExecutionVuln: Siemens SIMATIC Products ICSA-19-134-08 Multiple Security VulnerabilitiesDarktrace Enterpise Immune System 3.0.9 / 3.0.10 Cross Site Request ForgeryJSC DFG Incorrect Decision On BehaviorVisual Voicemail For iPhone IMAP NAMESPACE Use-After-FreeXNU Stale Pointer Use-After-FreeShopware createInstanceFromNamedArguments PHP Object InstantiationMac OS X Feedback Assistant Race ConditionFreeBSD rtld execl() Privilege EscalationRevive Adserver Weak PRNG CryptographyVuln: cockpit-ovirt CVE-2019-10139 Local Information Disclosure Vulnerability[webapps] Moodle Jmol Filter 6.1 – Directory Traversal / Cross-Site Scripting[dos] Huawei eSpace Meeting 1.1.11.103 – ‘cenwpoll.dll’ SEH Buffer Overflow (Unicode)[local] Huawei eSpace 1.1.11.103 – DLL Hijacking[dos] Huawei eSpace 1.1.11.103 – Image File Format Handling Buffer Overflow[dos] Huawei eSpace 1.1.11.103 – ‘ContactsCtrl.dll’ / ‘eSpaceStatusCtrl.dll’ ActiveX Heap OverflowVuln: systemd CVE-2018-20839 Information Disclosure Vulnerability[webapps] eLabFTW 1.8.5 – Arbitrary File Upload / Remote Code Execution[shellcode] Linux x86_64 – Delete File Shellcode (28 bytes)[dos] Encrypt PDF 2.3 – Denial of Service (PoC)[dos] PCL Converter 2.7 – Denial of Service (PoC)[dos] docPrint Pro 8.0 – Denial of Service (PoC)[dos] AbsoluteTelnet 10.16 – ‘License name’ Denial of Service (PoC)[dos] BulletProof FTP Server 2019.0.0.50 – ‘DNS Address’ Denial of Service (PoC)[dos] BulletProof FTP Server 2019.0.0.50 – ‘Storage-Path’ Denial of Service (PoC)[local] Solaris 10 1/13 (Intel) – ‘dtprintinfo’ Local Privilege Escalation[local] Solaris 7/8/9 (SPARC) – ‘dtprintinfo’ Local Privilege Escalation (1)[local] Solaris 7/8/9 (SPARC) – ‘dtprintinfo’ Local Privilege Escalation (2)[remote] GetSimpleCMS – Unauthenticated Remote Code Execution (Metasploit)Flawfinder 2.0.9Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site ScriptingVuln: Linux Kernel CVE-2018-7191 Local Denial of Service Vulnerability[dos] Tomabo MP4 Converter 3.25.22 – Denial of Service (PoC)[webapps] CommSy 8.6.5 – SQL injection[webapps] Legrand BTicino Driver Manager F454 1.0.51 – Cross-Site Request Forgery / Cross-Site Scripting[local] VMware Workstation 15.1.0 – DLL Hijacking[webapps] DeepSound 1.0.4 – SQL Injection[dos] WeChat for Android 7.0.4 – ‘vcodec2_hls_filter’ Denial of Service[local] JetAudio jetCast Server 2.0 – ‘Log Directory’ Local SEH Alphanumeric Encoded Buffer Overflow[dos] ZOC Terminal 7.23.4 – ‘Script’ Denial of Service (PoC)[dos] ZOC Terminal v7.23.4 – ‘Private key file’ Denial of Service (PoC)[dos] ZOC Terminal v7.23.4 – ‘Shell’ Denial of Service (PoC)[dos] Axessh 4.2 – ‘Log file name’ Denial of Service (PoC)[dos] SEL AcSELerator Architect 2.2.24 – CPU Exhaustion Denial of Service[dos] Sandboxie 5.30 – ‘Programs Alerts’ Denial of Service (PoC)[dos] CEWE Photoshow 6.4.3 – ‘Password’ Denial of Service (PoC)[dos] CEWE Photo Importer 6.4.3 – ‘.jpg’ Denial of Service (PoC)[local] Iperius Backup 6.1.0 – Privilege Escalation[webapps] Interspire Email Marketer 6.20 – ‘surveys_submit.php’ Remote Code ExecutionVuln: Cisco NX-OS CVE-2019-1778 Local Command Injection VulnerabilityVuln: Fuji Electric Alpha7 PC Loader Out-of-Bounds Read Denial of Service Vulnerability[shellcode] Linux/x86 – /sbin/iptables -F Shellcode (43 bytes)[dos] SpotMSN 2.4.6 – Denial of Service (PoC)[dos] DNSS 2.1.8 – Denial of Service (PoC)[webapps] SOCA Access Control System 180612 – Information Disclosure[webapps] SOCA Access Control System 180612 – SQL InjectionPacket Fence 9.0.0[webapps] SOCA Access Control System 180612 – Cross-Site Request Forgery (Add Admin)GetSimpleCMS 3.3.15 Remote Code Execution[webapps] XOOPS 2.5.9 – SQL Injection[dos] Google Chrome V8 – Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write[webapps] OpenProject 5.0.0 – 8.3.1 – SQL Injection[remote] PHP-Fusion 9.03.00 – ‘Edit Profile’ Remote Code Execution (Metasploit)[webapps] Sales ERP 8.1 – Multiple SQL InjectionVuln: Mozilla Firefox ESR CVE-2017-7843 Security Bypass Vulnerability[webapps] D-Link DWL-2600AP – Multiple OS Command InjectionVuln: RETIRED: Multiple Siemens SCALANCE Products Multiple Security Vulnerabilities[dos] Selfie Studio 2.17 – ‘Resize Image’ Denial of Service (PoC)Vuln: Dnsmasq VU#973527 Multiple Security Vulnerabilities[dos] TwistedBrush Pro Studio 24.06 – ‘Resize Image’ Denial of Service (PoC)Vuln: Symantec Messaging Gateway CVE-2019-9699 Information Disclosure Vulnerability[dos] TwistedBrush Pro Studio 24.06 – ‘Script Recorder’ Denial of Service (PoC)[dos] TwistedBrush Pro Studio 24.06 – ‘.srp’ Denial of Service (PoC)Vuln: Microsoft Office Access Connectivity Engine CVE-2019-0945 Remote Code Execution Vulnerability[webapps] Schneider Electric U.Motion Builder 1.3.4 – ‘track_import_export.php object_id’ Unauthenticated Command InjectionVuln: Adobe Acrobat and Reader APSB19-18 Multiple Information Disclosure Vulnerabilities[webapps] PasteShr 1.6 – Multiple SQL InjectionVuln: Adobe Acrobat and Reader APSB19-18 Multiple Arbitrary Code Execution VulnerabilitiesVuln: SAP Treasury and Risk Management CVE-2019-0280 Unauthorized Access VulnerabilityVuln: SAP BusinessObjects Business Intelligence CVE-2019-0289 Information Disclosure VulnerabilityUbuntu Security Notice USN-3974-1Ubuntu Security Notice USN-3975-1Falco 0.15.0

Cyber Watch

- Advertisement -

Deeper Learning