Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
63cc8e38909237503a124bb7c673cd593616eacd940b36e3f219f61d38b7d61bMicrosoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush.
789b214a31a71d7137e78ec7849729dcb9e3b8a75a7308f4a4b8b569c079222eMozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker.
651b018976fe31532dca330354105f5246005e3af9a8e5d81ed8d98aa881168aSiemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.
354a63d78ac4b5ab320b994b6c1ce672f98e673e216b330282677992fd04dbd8Oracle Reports Developer component version 12.2.1.3 suffers from a cross site scripting vulnerability.
ba804e4cc9cea9b389fae54d6d4bf24781894082bb8cda4c46ca00a94372f85f100 bytes small Linux/x86 TCP/4444 bindshell shellcode.
9ed4e6381113430ba42f2fbe3d6a316427517b430e541a89043704485ce4cfc3Ubuntu Security Notice 3862-1 - It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code.
714a7ba7dc95a8aff985448a5a201fa973b090864e856f742a4a209318d1a53dJoomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.
624e2aa64393201647ae1ea75556b294f62a6a7183e66b36fff793f579efde03Joomla ZHYandexMap component version 8.0.0.2 suffers from a database disclosure vulnerability.
52ff7d9e0075284630b14659a451e435c7f3a96f39e7ec2903d059a0ad80851bIn Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after the call. As setting the flag can prevent stack-allocated objects from leaking, this clearing-the-flag bug can lead to a stack-based use-after-free.
14479c28aa5ae1e0dc9a32a161983c6f54edccede8ffc1cffcdd19ac29ae8022Microsoft Edge suffers from a type confusion vulnerability in InitClass.
367c15a86b6530dbd43aa9b2697e9a86c38d5e598f2ee86f71e076458456cbc2Microsoft Edge has an issue where NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code.
834d31cccca1204e88d3a244cd1080b2a05229d26e439537775eea80ec254732Check Point ZoneAlarm version 8.8.1.110 suffers from a local privilege escalation vulnerability.
017c4375875f7ecb9494589e5292d5ebf3aec94dc014849bbc8f8c3255eff12bRed Hat Security Advisory 2019-0095-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 was retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.
e13f15c6023191667b121a72f77863a87c8e98db621e7987bddf0cf84a905f5fDebian Linux Security Advisory 4367-2 - The Qualys Research Labs reported that the backported security fixes shipped in DSA 4367-1 contained a memory leak in systemd-journald. This and an unrelated bug in systemd-coredump are corrected in this update.
5a618d4b5e972af4a334460811f809fb2e0080d36c65dae4e9d90697f2db11c8Blueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.
e9f157afd7f59180b86e0627f3b9de79d4da7a9d147657e0cbddcbeeed0173ebShoreTel / Mitel Connect ONSITE ST14.2 suffers from a remote code execution vulnerability.
87ae92c32eaba681a5a6d67e41e75964eaa0e457d2a28f8d7e2dddbe33ce22a1doorGets CMS version 7.0 suffers from a file download vulnerability.
aaaea3667468c7e0ba4519e10c8ea7e0580668b38bf946a6a9317b0bbfa0c52bWhitepaper called Windows Debugging 101. Written in Portuguese.
2324fbb15d00a66a50a187dd908b110e80d01432f9149bb9fb0d8b8d82c4868eUbuntu Security Notice 3861-2 - USN-3861-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions. Various other issues were also addressed.
7bce7059444c2f41710ef023a65160038dfdc426e06bd8b1626464be80942c89Red Hat Security Advisory 2019-0085-01 - The pyOpenSSL packages provide a high-level wrapper around a subset of the OpenSSL library for the Python programming language. Issues addressed include an use-after-free vulnerability.
91641b5fb25e7abbac9e4446fed551ad7f23f78b51824bf4ad24f00327749515Red Hat Security Advisory 2019-0081-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include buffer over-read and assertion failure vulnerabilities.
f75b0d16e83426e9dfc3323902017e37f639d875944ce19bbc8e7ecaac16033fRed Hat Security Advisory 2019-0082-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include a regular expression issue.
e249015c935ba6fcc3b5e7c8b75a217603ac6cd4be7ef393145ec3489d08d142Red Hat Security Advisory 2019-0094-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a code execution vulnerability.
5849f7ff38a43419a0e19ce437f25049927161960bd354155dc3c1e6340ee746Red Hat Security Advisory 2019-0053-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include buffer over-read and assertion failure vulnerabilities.
5193edbbd2de71dc0adc69dac65b2b29d569de7e24504569e1e84b574da00c84
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed