Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
63cc8e38909237503a124bb7c673cd593616eacd940b36e3f219f61d38b7d61b
Microsoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush.
789b214a31a71d7137e78ec7849729dcb9e3b8a75a7308f4a4b8b569c079222e
Mozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker.
651b018976fe31532dca330354105f5246005e3af9a8e5d81ed8d98aa881168a
Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.
354a63d78ac4b5ab320b994b6c1ce672f98e673e216b330282677992fd04dbd8
Oracle Reports Developer component version 12.2.1.3 suffers from a cross site scripting vulnerability.
ba804e4cc9cea9b389fae54d6d4bf24781894082bb8cda4c46ca00a94372f85f
100 bytes small Linux/x86 TCP/4444 bindshell shellcode.
9ed4e6381113430ba42f2fbe3d6a316427517b430e541a89043704485ce4cfc3
Ubuntu Security Notice 3862-1 - It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code.
714a7ba7dc95a8aff985448a5a201fa973b090864e856f742a4a209318d1a53d
Joomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.
624e2aa64393201647ae1ea75556b294f62a6a7183e66b36fff793f579efde03
Joomla ZHYandexMap component version 8.0.0.2 suffers from a database disclosure vulnerability.
52ff7d9e0075284630b14659a451e435c7f3a96f39e7ec2903d059a0ad80851b
In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after the call. As setting the flag can prevent stack-allocated objects from leaking, this clearing-the-flag bug can lead to a stack-based use-after-free.
14479c28aa5ae1e0dc9a32a161983c6f54edccede8ffc1cffcdd19ac29ae8022
Microsoft Edge suffers from a type confusion vulnerability in InitClass.
367c15a86b6530dbd43aa9b2697e9a86c38d5e598f2ee86f71e076458456cbc2
Microsoft Edge has an issue where NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code.
834d31cccca1204e88d3a244cd1080b2a05229d26e439537775eea80ec254732
Check Point ZoneAlarm version 8.8.1.110 suffers from a local privilege escalation vulnerability.
017c4375875f7ecb9494589e5292d5ebf3aec94dc014849bbc8f8c3255eff12b
Red Hat Security Advisory 2019-0095-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 was retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.
e13f15c6023191667b121a72f77863a87c8e98db621e7987bddf0cf84a905f5f
Debian Linux Security Advisory 4367-2 - The Qualys Research Labs reported that the backported security fixes shipped in DSA 4367-1 contained a memory leak in systemd-journald. This and an unrelated bug in systemd-coredump are corrected in this update.
5a618d4b5e972af4a334460811f809fb2e0080d36c65dae4e9d90697f2db11c8
Blueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.
e9f157afd7f59180b86e0627f3b9de79d4da7a9d147657e0cbddcbeeed0173eb
ShoreTel / Mitel Connect ONSITE ST14.2 suffers from a remote code execution vulnerability.
87ae92c32eaba681a5a6d67e41e75964eaa0e457d2a28f8d7e2dddbe33ce22a1
doorGets CMS version 7.0 suffers from a file download vulnerability.
aaaea3667468c7e0ba4519e10c8ea7e0580668b38bf946a6a9317b0bbfa0c52b
Whitepaper called Windows Debugging 101. Written in Portuguese.
2324fbb15d00a66a50a187dd908b110e80d01432f9149bb9fb0d8b8d82c4868e
Ubuntu Security Notice 3861-2 - USN-3861-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions. Various other issues were also addressed.
7bce7059444c2f41710ef023a65160038dfdc426e06bd8b1626464be80942c89
Red Hat Security Advisory 2019-0085-01 - The pyOpenSSL packages provide a high-level wrapper around a subset of the OpenSSL library for the Python programming language. Issues addressed include an use-after-free vulnerability.
91641b5fb25e7abbac9e4446fed551ad7f23f78b51824bf4ad24f00327749515
Red Hat Security Advisory 2019-0081-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include buffer over-read and assertion failure vulnerabilities.
f75b0d16e83426e9dfc3323902017e37f639d875944ce19bbc8e7ecaac16033f
Red Hat Security Advisory 2019-0082-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include a regular expression issue.
e249015c935ba6fcc3b5e7c8b75a217603ac6cd4be7ef393145ec3489d08d142
Red Hat Security Advisory 2019-0094-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a code execution vulnerability.
5849f7ff38a43419a0e19ce437f25049927161960bd354155dc3c1e6340ee746
Red Hat Security Advisory 2019-0053-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include buffer over-read and assertion failure vulnerabilities.
5193edbbd2de71dc0adc69dac65b2b29d569de7e24504569e1e84b574da00c84