Security Pop Quiz! q447.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber securingtomorrow.mcafee.com Quick Heal Threat Post Naked Security ESET CIS
  • End-of-Support Software Report List Thu, 05 Dec 2019 14:34:45 +0000

    The importance of replacing software before its End-of-Support (EOS) is critical. EOS occurs when software updates, patches, and other forms of support are no longer offered, resulting in software becoming prone to future security vulnerabilities. Using unsupported software and firmware/hardware, puts organizations at risk in the following ways: Subsequent vulnerability disclosures place your organization at […]

    The post End-of-Support Software Report List appeared first on CIS.

Malware Patrol SecList MySonicWall

Critical Infrastructure

Case Studies

Tools

Exploits

Last 20 Website Defacements - Zone-h

Press Play to hear the answer!

Advisories

  • Symantec Endpoint Protection Information Disclosure / Privilege Escalation Fri, 06 Dec 2019 16:32:22 GMT
    A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host. Symantec Endpoint Protection versions 14.x below 14.2 (RU1) and 12.x below 12.1 (RU6 MP10) are affected. Symantec Endpoint Protection Small Business Edition versions 12.x below 12.1 (RU6 MP10c) are affected.
  • BeeGFS 7.1.3 Privilege Escalation Thu, 05 Dec 2019 21:11:34 GMT
    BeeGFS versions 7.1.3 and below suffer from a privilege escalation vulnerability.
  • Red Hat Security Advisory 2019-4111-01 Thu, 05 Dec 2019 21:05:33 GMT
    Red Hat Security Advisory 2019-4111-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
  • Red Hat Security Advisory 2019-4107-01 Thu, 05 Dec 2019 21:05:24 GMT
    Red Hat Security Advisory 2019-4107-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
  • Red Hat Security Advisory 2019-4108-01 Thu, 05 Dec 2019 21:05:15 GMT
    Red Hat Security Advisory 2019-4108-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
  • Ubuntu Security Notice USN-4214-1 Thu, 05 Dec 2019 21:04:41 GMT
    Ubuntu Security Notice 4214-1 - It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
  • Red Hat Security Advisory 2019-4109-01 Thu, 05 Dec 2019 21:04:35 GMT
    Red Hat Security Advisory 2019-4109-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP55. Issues addressed include deserialization and null pointer vulnerabilities.
  • Red Hat Security Advisory 2019-4110-01 Thu, 05 Dec 2019 21:04:21 GMT
    Red Hat Security Advisory 2019-4110-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP55. Issues addressed include deserialization and null pointer vulnerabilities.
  • Ubuntu Security Notice USN-4213-1 Wed, 04 Dec 2019 23:13:35 GMT
    Ubuntu Security Notice 4213-1 - Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. Jeriko One discovered that Squid incorrectly handed URN responses. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4212-1 Wed, 04 Dec 2019 23:13:24 GMT
    Ubuntu Security Notice 4212-1 - Tim D
  • Red Hat Security Advisory 2019-4082-01 Wed, 04 Dec 2019 23:12:37 GMT
    Red Hat Security Advisory 2019-4082-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory includes ose-cluster-authentication-operator-container, ose-cluster-config-operator-container, and ose-cluster-kube-apiserver-operator-container, which have been updated with the a fix to address a secret disclosure issue.
  • Red Hat Security Advisory 2019-4081-01 Wed, 04 Dec 2019 23:11:54 GMT
    Red Hat Security Advisory 2019-4081-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. A secret disclosure issue was addressed.
  • Slackware Security Advisory - mozilla-firefox Updates Wed, 04 Dec 2019 23:11:46 GMT
    Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
  • Ubuntu Security Notice USN-4182-3 Wed, 04 Dec 2019 23:11:39 GMT
    Ubuntu Security Notice 4182-3 - USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4182-4 Wed, 04 Dec 2019 23:11:33 GMT
    Ubuntu Security Notice 4182-4 - USN-4182-2 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. Various other issues were also addressed.
  • Red Hat Security Advisory 2019-4075-01 Wed, 04 Dec 2019 23:10:36 GMT
    Red Hat Security Advisory 2019-4075-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the ose-cluster-kube-apiserver-operator-container and ose-cluster-kube-scheduler-operator-container images for Red Hat OpenShift Container Platform 4.2.9. These images have been rebuilt with an updated version of openshift/library-go to address a data sanitization issue.
  • Red Hat Security Advisory 2019-4074-01 Wed, 04 Dec 2019 23:10:28 GMT
    Red Hat Security Advisory 2019-4074-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the runc RPM package for Red Hat OpenShift Container Platform 4.2.9. The runC tool is a lightweight, portable implementation of the Open Container Format that provides a container runtime. Issues addressed include a bypass vulnerability.
  • Ubuntu Security Notice USN-4194-2 Wed, 04 Dec 2019 23:10:20 GMT
    Ubuntu Security Notice 4194-2 - USN-4194-1 fixed a vulnerability in postgresql-common. This update provides the corresponding update for Ubuntu 14.04 ESM. Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4207-1 Tue, 03 Dec 2019 18:22:22 GMT
    Ubuntu Security Notice 4207-1 - It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
  • Ubuntu Security Notice USN-4206-1 Tue, 03 Dec 2019 15:22:22 GMT
    Ubuntu Security Notice 4206-1 - It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service.
  • Red Hat Security Advisory 2019-4057-01 Tue, 03 Dec 2019 14:44:44 GMT
    Red Hat Security Advisory 2019-4057-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service and use-after-free vulnerabilities.
  • Ubuntu Security Notice USN-4210-1 Tue, 03 Dec 2019 14:22:22 GMT
    Ubuntu Security Notice 4210-1 - It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4211-1 Tue, 03 Dec 2019 14:22:22 GMT
    Ubuntu Security Notice 4211-1 - Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
  • Red Hat Security Advisory 2019-4056-01 Tue, 03 Dec 2019 13:33:33 GMT
    Red Hat Security Advisory 2019-4056-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Side channel attacks and memory corruption vulnerabilities have been addressed.
  • Red Hat Security Advisory 2019-4058-01 Tue, 03 Dec 2019 13:02:22 GMT
    Red Hat Security Advisory 2019-4058-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.