News

    Exploits

    Last 20 Website Defacements - Zone-h

    Advisories

    • Red Hat Security Advisory 2019-2989-01 Mon, 14 Oct 2019 15:11:40 GMT
      Red Hat Security Advisory 2019-2989-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. TLS verification and SSH host key verification issues were addressed.
    • Apple Security Advisory 2019-10-11-1 Mon, 14 Oct 2019 15:08:24 GMT
      Apple Security Advisory 2019-10-11-1 - Swift 5.1.1 for Ubuntu is now available and addresses an issue with data disclosure.
    • Debian Security Advisory 4539-3 Mon, 14 Oct 2019 14:56:07 GMT
      Debian Linux Security Advisory 4539-3 - The update for openssl released as DSA 4539-1 introduced a regression where AES-CBC-HMAC-SHA ciphers were not enabled. Updated openssl packages are now available to correct this issue.
    • Red Hat Security Advisory 2019-3024-01 Fri, 11 Oct 2019 15:03:31 GMT
      Red Hat Security Advisory 2019-3024-01 - The ovirt-web-ui package provides the web interface for Red Hat Virtualization. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
    • Red Hat Security Advisory 2019-3011-01 Fri, 11 Oct 2019 15:03:09 GMT
      Red Hat Security Advisory 2019-3011-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, redhat-virtualization-host, and ovirt-node-ng. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
    • Red Hat Security Advisory 2019-3023-01 Fri, 11 Oct 2019 15:02:56 GMT
      Red Hat Security Advisory 2019-3023-01 - The ovirt-engine-ui-extensions package contains UI plugins that provide various extensions to the oVirt administration UI. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
    • Microsoft Surface Mouse WS3-00002 Insufficient Memory Protection Thu, 10 Oct 2019 15:17:23 GMT
      SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Mouse can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.
    • Microsoft Surface Keyboard WS2-00005 Insufficient Memory Protection Thu, 10 Oct 2019 15:16:19 GMT
      SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.
    • Microsoft Designer Bluetooth Desktop Insufficient Memory Protection Thu, 10 Oct 2019 15:12:57 GMT
      SySS GmbH found out that the embedded flash memory of the Microsoft Designer Bluetooth Desktop keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.
    • Ubuntu Security Notice USN-4151-2 Thu, 10 Oct 2019 14:47:03 GMT
      Ubuntu Security Notice 4151-2 - USN-4151-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4153-1 Thu, 10 Oct 2019 14:46:53 GMT
      Ubuntu Security Notice 4153-1 - Daniel Preussker discovered that Octavia incorrectly handled client certificate checking. A remote attacker on the management network could possibly use this issue to perform configuration changes and obtain sensitive information.
    • Red Hat Security Advisory 2019-3002-01 Thu, 10 Oct 2019 14:45:40 GMT
      Red Hat Security Advisory 2019-3002-01 - Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Issues addressed include code execution and deserialization vulnerabilities.
    • Red Hat Security Advisory 2019-2998-01 Thu, 10 Oct 2019 14:44:58 GMT
      Red Hat Security Advisory 2019-2998-01 - Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Thorntail 2.5.0 serves as a replacement for RHOAR Thorntail 2.4.0, and includes security and bug fixes and enhancements. Issues addressed include code execution and deserialization vulnerabilities.
    • Red Hat Security Advisory 2019-2995-01 Thu, 10 Oct 2019 14:43:55 GMT
      Red Hat Security Advisory 2019-2995-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat A-MQ Broker 7.5.0 serves as a replacement for Red Hat A-MQ Broker 7.4.1, and includes security and bug fixes, and enhancements. A Class Loader manipulation vulnerability was addressed.
    • Ubuntu Security Notice USN-4152-1 Thu, 10 Oct 2019 14:43:46 GMT
      Ubuntu Security Notice 4152-1 - It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service.
    • Ubuntu Security Notice USN-4151-1 Wed, 09 Oct 2019 14:08:10 GMT
      Ubuntu Security Notice 4151-1 - It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting attack.
    • Ubuntu Security Notice USN-4149-1 Tue, 08 Oct 2019 20:44:57 GMT
      Ubuntu Security Notice 4149-1 - It was discovered that Unbound incorrectly handled certain NOTIFY queries. An attacker could possibly use this issue to cause a denial of service.
    • Apple Security Advisory 2019-10-07-4 Tue, 08 Oct 2019 20:44:48 GMT
      Apple Security Advisory 2019-10-07-4 - iCloud for Windows 7.14 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
    • Red Hat Security Advisory 2019-2975-01 Tue, 08 Oct 2019 20:44:06 GMT
      Red Hat Security Advisory 2019-2975-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Bluetooth BR/EDR encryption key negotiation attacks were addressed.
    • Red Hat Security Advisory 2019-2980-01 Tue, 08 Oct 2019 20:36:56 GMT
      Red Hat Security Advisory 2019-2980-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.
    • Apple Security Advisory 2019-10-07-3 Tue, 08 Oct 2019 20:00:56 GMT
      Apple Security Advisory 2019-10-07-3 - iCloud for Windows 10.7 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
    • Red Hat Security Advisory 2019-2978-01 Tue, 08 Oct 2019 20:00:03 GMT
      Red Hat Security Advisory 2019-2978-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. An auth hijacking issue has been addressed.
    • Apple Security Advisory 2019-10-07-2 Tue, 08 Oct 2019 19:59:44 GMT
      Apple Security Advisory 2019-10-07-2 - iTunes for Windows 12.10.1 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
    • Apple Security Advisory 2019-10-07-1 Tue, 08 Oct 2019 19:59:26 GMT
      Apple Security Advisory 2019-10-07-1 - macOS Catalina 10.15 is now available and addresses buffer overflow and code execution vulnerabilities.
    • Red Hat Security Advisory 2019-2977-01 Tue, 08 Oct 2019 19:58:17 GMT
      Red Hat Security Advisory 2019-2977-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A rate limiting issue has been addressed.