Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
78ce31af76bd1d3dba5742052c7d309bMicrosoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush.
43954049af42d6f9760693a7a6a692deMozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker.
fe019fa6ad6c40086ca4f91c26ff77f8Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.
94b83feccca12141f97e4a4996b14321Oracle Reports Developer component version 12.2.1.3 suffers from a cross site scripting vulnerability.
04e442a342d11d6ebcdf78f719bbbf63100 bytes small Linux/x86 TCP/4444 bindshell shellcode.
e1b4afaf5ebf9bfb0ad5bef8869172a1Ubuntu Security Notice 3862-1 - It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code.
1835fc3a411b15251070ed9e7392758bJoomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.
1f0d1a5760ad50229ec53fa02c921fefJoomla ZHYandexMap component version 8.0.0.2 suffers from a database disclosure vulnerability.
f7725173a86620e012164a7a17e2dfa1In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after the call. As setting the flag can prevent stack-allocated objects from leaking, this clearing-the-flag bug can lead to a stack-based use-after-free.
5c28c1a80c423bfe8ef6de5aa3f1170bMicrosoft Edge suffers from a type confusion vulnerability in InitClass.
11b7cf6d3cee1b1b355fa3be30470188Microsoft Edge has an issue where NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code.
46eb78a54630f51f57be7bcdca2fa397Check Point ZoneAlarm version 8.8.1.110 suffers from a local privilege escalation vulnerability.
d5cc68c9e775edbaf57809134a79ebcbRed Hat Security Advisory 2019-0095-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 was retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.
3158566d85c31f0dfc2d51ead425027dDebian Linux Security Advisory 4367-2 - The Qualys Research Labs reported that the backported security fixes shipped in DSA 4367-1 contained a memory leak in systemd-journald. This and an unrelated bug in systemd-coredump are corrected in this update.
e6c45b7a762974159f1854d96b0e0726Blueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.
e2fcb7c12aedd4cbe1a64e468bb035e4ShoreTel / Mitel Connect ONSITE ST14.2 suffers from a remote code execution vulnerability.
d6775f8fba2dee0067eb79a6bbafd88fdoorGets CMS version 7.0 suffers from a file download vulnerability.
eac5ba676929f7d6930898db4127be4aWhitepaper called Windows Debugging 101. Written in Portuguese.
f6aed0ddc09c84c5c00bbef67d3c2fa6Ubuntu Security Notice 3861-2 - USN-3861-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions. Various other issues were also addressed.
1d929df08d738a1407781094c847f6a4Red Hat Security Advisory 2019-0085-01 - The pyOpenSSL packages provide a high-level wrapper around a subset of the OpenSSL library for the Python programming language. Issues addressed include an use-after-free vulnerability.
fc1904589b76d6f60961dff1431eb327Red Hat Security Advisory 2019-0081-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include buffer over-read and assertion failure vulnerabilities.
a2ed20828f9bb99429f75d2467b1d25cRed Hat Security Advisory 2019-0082-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include a regular expression issue.
9aa0bddb050fd4996d48b05ff173bb32Red Hat Security Advisory 2019-0094-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a code execution vulnerability.
0a8a34ac5fe8d795c162ea49204c9741Red Hat Security Advisory 2019-0053-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include buffer over-read and assertion failure vulnerabilities.
ba9d36b2c4f40fb7198b650a3984ebd7
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed