Grafana Arbitrary File Read Information Disclosure Vulnerability

A vulnerability in Grafana could allow an authenticated, remote attacker to access sensitive information on a targeted system. The vulnerability occurs because the affected software imposes improper security restrictions on files. An attacker with Editor or Admin permissions for Grafana on a targeted system could exploit this vulnerability to access arbitrary files that the Grafana …

Grafana Arbitrary File Read Information Disclosure Vulnerability Read More »

Go crypto/x509 Package Denial of Service Vulnerability

A vulnerability in the crypto/x509 package of Go could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper resource management by the crypto/x509 package of the affected software when handling certificate chain verification. An attacker could exploit this vulnerability by submitting …

Go crypto/x509 Package Denial of Service Vulnerability Read More »

QEMU VirtFS Use-After-Free Denial of Service Vulnerability

A vulnerability in the VirtFS component of QEMU could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a use-after-free condition in the VirtFS component of the affected software. An attacker could exploit this vulnerability by accessing the system and maliciously updating …

QEMU VirtFS Use-After-Free Denial of Service Vulnerability Read More »

QEMU File Renaming Race Condition Denial of Service Vulnerability

A vulnerability in QEMU could allow a local attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a race condition in the v9fs_wstat() function, as defined in the hw/9pfs/9p.c source code file of the affected software. An attacker could exploit this vulnerability by accessing the targeted …

QEMU File Renaming Race Condition Denial of Service Vulnerability Read More »

Linux Kernel userfaultfd Implementation Unauthorized Access Vulnerability

A vulnerability in the userfaultfd implementation in the Linux Kernel could allow a local attacker to gain unauthorized access to a targeted system. The vulnerability is due to improper access control in the userfaultfd implementation of the affected software. An attacker could exploit the vulnerability by accessing a system that is mounted with shmem or …

Linux Kernel userfaultfd Implementation Unauthorized Access Vulnerability Read More »

Go go get Command Directory Traversal Vulnerability

A vulnerability in the go get command of Go could allow an unauthenticated, remote attacker to conduct a directory traversal attack on a targeted system. The vulnerability exists when the affected software executes the go get command with the import path of a Go package that contains curly braces. An attacker could exploit this vulnerability …

Go go get Command Directory Traversal Vulnerability Read More »

APKLAB.io Discovers Patche Netflix Fake App Scam | Avast

If it looks too good to be true, it probably is. If nothing else, please remember those words as your takeaway from this post. There’s no easier grab for the cybercriminal than a naive user, and that’s just what this fake app – called Patche Netflix – targeting French users is doing. Source:: Avast

FreeRDP NTLM Authentication Module Out-Of-Bounds Read Denial of Service Vulnerability

A vulnerability in the NT LAN Manager (NTLM) authentication module of FreeRDP could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to several out-of-bound read conditions that exist in the NTLM authentication module of the affected software. An attacker could exploit this …

FreeRDP NTLM Authentication Module Out-Of-Bounds Read Denial of Service Vulnerability Read More »

HAProxy Compressed Pointer Denial of Service Vulnerability

A vulnerability in HAProxy could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists in the dns_read_name() function, as defined in the src/dns.c source code file of the affected software. An attacker could exploit this vulnerability by sending a crafted packet that submits malicious …

HAProxy Compressed Pointer Denial of Service Vulnerability Read More »

HAProxy dns_validate_dns_response Out-of-Bounds Read Vulnerability

A vulnerability in HAProxy could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is due to improper checking of valid DNS responses by the dns_validate_dns_response function, as defined in the dns.c source code file of the affected software. An attacker could exploit this vulnerability by sending a request …

HAProxy dns_validate_dns_response Out-of-Bounds Read Vulnerability Read More »

Amazon Connect Adds New Contact API to Get Contact Attributes

Amazon Connect now provides a new contact API that lets you programmatically retrieve contact attributes for a given contact. Contact attributes are key-value pairs of data about a contact, such as the name of the caller, why they called, or the quality of service they received. Contact attributes can be stored using contact flow blocks …

Amazon Connect Adds New Contact API to Get Contact Attributes Read More »

AWS Shield Adds Advanced DDoS Protection for AWS Global Accelerator

You can now use AWS Shield Advanced to get higher levels of DDoS protections for your applications running on the recently announced AWS Global Accelerator. Simply enable AWS Shield Advanced protection on your Accelerator. AWS Shield Advanced will automatically detect the type of AWS resource behind the Accelerator and apply the relevant advanced DDoS protections. …

AWS Shield Adds Advanced DDoS Protection for AWS Global Accelerator Read More »

British Fibre Networks Sign-up 24000 UK Homes for FTTH Broadband

New operator British Fibre Networks, which aspires to create an open access and 1Gbps capable Fibre-to-the-Home (FTTH) broadband ISP network to serve over 35% of UK new build homes by 2020, has announced that they’ve so far signed up 24,000 new homes via 50 housing developers. The operator began its first deployment at an apartment …

British Fibre Networks Sign-up 24000 UK Homes for FTTH Broadband Read More »

Upgrade your game for cheap with these 3 awesome graphics card deals

If you’ve been looking to upgrade your gaming rig without breaking the bank, today’s your day. Both B&H Photo Video and Newegg have some great deals on AMD and Nvidia graphics cards. First up is the Zotac Gaming GeForce RTX 2070 AMP for $500 at B&H PhotoRemove non-product link after you clip the coupon on …

Upgrade your game for cheap with these 3 awesome graphics card deals Read More »

Android malware, the Starwood breach, and more | Avast

Android malware steals PayPal cash Malware continues to grow smarter and more sinister, as evidenced by the newest Android scam, which researchers discovered yesterday. At the heart of the scam is a fake app called Optimization Battery. Users can only find Optimization Battery in third-party app stores, but not in Google Play. Source:: Avast