Security Pop Quiz! q443.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber securingtomorrow.mcafee.com Quick Heal Threat Post Naked Security ESET CIS Malware Patrol SecList
  • 5G security and privacy for smart cities
    The security concerns of 5G are inescapable. It is an evolving and developing technology built on top of the previous infrastructure, from which it will inevitably inherit vulnerabilities and misconfigurations.
MySonicWall

Critical Infrastructure

Case Studies

Tools

Exploits

Last 20 Website Defacements - Zone-h

Press Play to hear the answer!

Advisories

  • Asterisk Project Security Advisory - AST-2019-008 Thu, 21 Nov 2019 23:55:55 GMT
    Asterisk Project Security Advisory - If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a crash will occur.
  • Asterisk Project Security Advisory - AST-2019-007 Thu, 21 Nov 2019 23:30:33 GMT
    Asterisk Project Security Advisory - A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
  • Asterisk Project Security Advisory - AST-2019-006 Thu, 21 Nov 2019 23:02:22 GMT
    Asterisk Project Security Advisory - A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result.
  • Ubuntu Security Notice USN-4198-1 Thu, 21 Nov 2019 21:36:53 GMT
    Ubuntu Security Notice 4198-1 - It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
  • Ubuntu Security Notice USN-4197-1 Thu, 21 Nov 2019 15:12:10 GMT
    Ubuntu Security Notice 4197-1 - It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service.
  • Red Hat Security Advisory 2019-3942-01 Thu, 21 Nov 2019 15:11:12 GMT
    Red Hat Security Advisory 2019-3942-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift container images for Red Hat OpenShift Container Platform 4.1.24. A weak permission vulnerability was addressed.
  • Slackware Security Advisory - bind Updates Thu, 21 Nov 2019 15:09:45 GMT
    Slackware Security Advisory - New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
  • Red Hat Security Advisory 2019-3941-01 Thu, 21 Nov 2019 15:06:23 GMT
    Red Hat Security Advisory 2019-3941-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This is a text-only advisory for the machine-os-content container image, which includes RPM packages for Red Hat Enterprise Linux CoreOS. Issues addressed include bypass and denial of service vulnerabilities.
  • Red Hat Security Advisory 2019-3940-01 Thu, 21 Nov 2019 15:06:05 GMT
    Red Hat Security Advisory 2019-3940-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the runC container image for Red Hat OpenShift Container Platform 4.1.24. The runC tool is a lightweight, portable implementation of the Open Container Format that provides a container runtime. Issues addressed include a bypass vulnerability.
  • Ubuntu Security Notice USN-4195-2 Wed, 20 Nov 2019 23:55:55 GMT
    Ubuntu Security Notice 4195-2 - USN-4195-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2974 in MariaDB 10.1 and CVE-2019-2938, CVE-2019-2974 for MariaDB 10.3. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.43. Ubuntu 19.04 and 19.10 has been updated to MariaDB 10.3.20. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
  • Jalios JCMS 10 Backdoor Account / Authentication Bypass Wed, 20 Nov 2019 23:03:33 GMT
    Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account using any username and a specific password.
  • Red Hat Security Advisory 2019-3935-01 Wed, 20 Nov 2019 23:02:22 GMT
    Red Hat Security Advisory 2019-3935-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
  • Red Hat Security Advisory 2019-3936-01 Wed, 20 Nov 2019 22:22:22 GMT
    Red Hat Security Advisory 2019-3936-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
  • Red Hat Security Advisory 2019-3932-01 Wed, 20 Nov 2019 21:11:11 GMT
    Red Hat Security Advisory 2019-3932-01 - This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
  • Red Hat Security Advisory 2019-3933-01 Wed, 20 Nov 2019 20:55:55 GMT
    Red Hat Security Advisory 2019-3933-01 - This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
  • Red Hat Security Advisory 2019-3929-01 Wed, 20 Nov 2019 20:44:44 GMT
    Red Hat Security Advisory 2019-3929-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a cross site scripting vulnerability.
  • Red Hat Security Advisory 2019-3931-01 Wed, 20 Nov 2019 20:32:22 GMT
    Red Hat Security Advisory 2019-3931-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Issues addressed include cross site scripting and denial of service vulnerabilities.
  • Red Hat Security Advisory 2019-3926-01 Wed, 20 Nov 2019 15:15:31 GMT
    Red Hat Security Advisory 2019-3926-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A sensitive data leak was addressed.
  • Red Hat Security Advisory 2019-3927-01 Wed, 20 Nov 2019 15:14:50 GMT
    Red Hat Security Advisory 2019-3927-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A sensitive data leak was addressed.
  • Red Hat Security Advisory 2019-3928-01 Wed, 20 Nov 2019 15:12:40 GMT
    Red Hat Security Advisory 2019-3928-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A sensitive data leak was addressed.
  • Red Hat Security Advisory 2019-3925-01 Wed, 20 Nov 2019 15:12:31 GMT
    Red Hat Security Advisory 2019-3925-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A sensitive data leak was addressed.
  • Debian Security Advisory 4574-1 Wed, 20 Nov 2019 15:12:20 GMT
    Debian Linux Security Advisory 4574-1 - Hoger Just discovered an SQL injection in Redmine, a project management web application. In addition a cross-site scripting issue was found in Textile formatting.
  • Red Hat Security Advisory 2019-3916-01 Tue, 19 Nov 2019 19:57:08 GMT
    Red Hat Security Advisory 2019-3916-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This is a text-only advisory for the machine-os-content container image, which includes RPM packages for Red Hat Enterprise Linux CoreOS. Issues addressed include bypass and denial of service vulnerabilities.
  • Debian Security Advisory 4573-1 Tue, 19 Nov 2019 15:26:09 GMT
    Debian Linux Security Advisory 4573-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization.
  • Red Hat Security Advisory 2019-3908-01 Tue, 19 Nov 2019 15:24:53 GMT
    Red Hat Security Advisory 2019-3908-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. An issue where Intel GPU blitter manipulation can allow for arbitrary kernel memory write was addressed.