GIXnews

Mercurial path-checking Logic Symbolic Link Vulnerability

A vulnerability in Mercurial could allow a local attacker to conduct symbolic link (symlink) attacks on a targeted system. The vulnerability exists because the path-checking logic of the affected software imposes insufficient security restrictions. An attacker could exploit this vulnerability by conducting a symlink attack on a targeted system. A successful exploit could allow the …

Mercurial path-checking Logic Symbolic Link Vulnerability Read More »

Kubernetes –cache-dir Unauthorized Access Vulnerability

A vulnerability in Kubernetes could allow a local attacker to perform unauthorized actions on a targeted system. The vulnerability exists because the affected software imposes improper security restrictions when schema information is cached by the kubectl command line interface and the –cache-dir option is specified and pointed at a different location accessible to other users …

Kubernetes –cache-dir Unauthorized Access Vulnerability Read More »

Huawei controversies timeline

Chinese telecommunications and consumer electronics manufacturer Huawei has found itself at the centre of a long list of controversies in recent months. Far and away the leader in 5G network infrastructure, the company’s business units have performed spectacularly, but as America continues to pursue bellicose trade policies with China, the firm’s relationship with Europe and …

Huawei controversies timeline Read More »

Drupal PHP Templating Engine Cross-Site Scripting Vulnerability

A vulnerability in Drupal could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a targeted system. The vulnerability exists because the affected software does not escape validation messages when the form theme of the PHP templating engine is used. An attacker could exploit this vulnerability by uploading validation messages that …

Drupal PHP Templating Engine Cross-Site Scripting Vulnerability Read More »

Drupal Service IDs Validation Arbitrary Code Execution Vulnerability

A vulnerability in Drupal could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to the insufficient validation of Service IDs by the affected software. An attacker could exploit this vulnerability by sending a request that submit malicious Service IDs to the targeted system. A successful exploit …

Drupal Service IDs Validation Arbitrary Code Execution Vulnerability Read More »

jQuery Object.prototype Pollution Cross-Site Scripting Vulnerability

A vulnerability in jQuery as used in multiple products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. The vulnerability exists because the affected software mishandles the jQuery.extend(true, {}, …) function and is due to Object.prototype pollution. An attacker could exploit this vulnerability by persuading a user …

jQuery Object.prototype Pollution Cross-Site Scripting Vulnerability Read More »

FFmpeg Studio Profile Decoder Denial of Service Vulnerability

A vulnerability in FFmpeg could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to an out-of-bounds read error of the studio profile decoder, as defined in the libavcodec/mpeg4videodec.c source file of the affected software. An attacker could exploit this vulnerability by supplying …

FFmpeg Studio Profile Decoder Denial of Service Vulnerability Read More »

ClusterLabs Pacemaker Use-After-Free Information Disclosure Vulnerability

A vulnerability in ClusterLabs Pacemaker could allow a local attacker to access sensitive information on a targeted system. The vulnerability is due to a use-after-free condition in the affected software. An attacker could exploit this vulnerability by making a request that submits malicious input to the targeted system. A successful exploit could allow the attacker …

ClusterLabs Pacemaker Use-After-Free Information Disclosure Vulnerability Read More »

Network Time Protocol Port 123 Usage Off-Path Attack Vulnerability

A vulnerability in Network Time Protocol (NTP) could allow an unauthenticated, remote attacker to compromise a targeted system completely. The vulnerability is due to improper use of port 123 by the affected software. An attacker could exploit this vulnerability by sending a packet that submits malicious input to the targeted system. A successful exploit could …

Network Time Protocol Port 123 Usage Off-Path Attack Vulnerability Read More »

AWS RoboMaker is Now Available in the Asia Pacific (Tokyo) Region

AWS RoboMaker, a service that makes it easy to develop, simulate, and deploy intelligent robotics applications at scale, is now available in the Asia Pacific (Tokyo) region. AWS RoboMaker extends the most widely used open-source robotics software framework, Robot Operating System (ROS), with connectivity to cloud service. Now you can build highly-available applications for your …

AWS RoboMaker is Now Available in the Asia Pacific (Tokyo) Region Read More »

Drupal remember me Cookie Hash Input Validation Vulnerability

A vulnerability in Drupal could allow an authenticated, remote attacker to authenticate as a different user on a targeted system. The vulnerability exists because the affected software does not separate part of an expiry time in a cookie hash from part of the username. When an attacker has user-level access on a targeted system with …

Drupal remember me Cookie Hash Input Validation Vulnerability Read More »

AWS RoboMaker is Now Available in the Asia Pacific (Tokyo) Region

AWS RoboMaker, a service that makes it easy to develop, simulate, and deploy intelligent robotics applications at scale, is now available in the Asia Pacific (Tokyo) region. AWS RoboMaker extends the most widely used open-source robotics software framework, Robot Operating System (ROS), with connectivity to cloud service. Now you can build highly-available applications for your …

AWS RoboMaker is Now Available in the Asia Pacific (Tokyo) Region Read More »

GNU C Library getaddrinfo Function Security Bypass Vulnerability

A vulnerability in the getaddrinfo function of the GNU C library (glibc) could allow a local attacker to bypass security restrictions on a targeted system. The vulnerability exists because the getaddrinfo function of the affected software fails to reject IPv4 addresses that are followed by whitespace and arbitrary characters. An attacker could exploit this vulnerability …

GNU C Library getaddrinfo Function Security Bypass Vulnerability Read More »

French Users of Microsoft Games and Sites Hit With Scam Ads

French users of Microsoft games and services are being shown ads that redirect them to scam surveys, polls, or other unwanted promotions. Some of these ads are also able to escape Microsoft games to load the scam ads in the default browser used by Windows. […] Source:: BleepingComputer

AWS Global Accelerator is Now Available in Six Additional Regions

AWS Global Accelerator is now available in Europe (London), Europe (Paris), Asia Pacific (Sydney), Asia Pacific (Mumbai), Asia Pacific (Seoul), and Canada (Central) AWS Regions. Previously, AWS Global Accelerator was already available in the US East (N. Virginia), US East (Ohio), US West (Oregon), US West (Northern California), Europe (Ireland), Europe (Frankfurt), Asia Pacific (Tokyo), …

AWS Global Accelerator is Now Available in Six Additional Regions Read More »

Sky Broadband Likely to Launch Openreach FTTP Plans in H2 2019

The wait for ISP Sky Broadband to launch a new UK range of “ultrafast broadband” packages using Openreach’s network may soon be over. Several credible sources have indicated to us that their Fibre-to-the-Premises (FTTP) based packages will go live in the second half of 2019 and December seems most likely. All of this follows last …

Sky Broadband Likely to Launch Openreach FTTP Plans in H2 2019 Read More »

Linux Kernel cipso_v4_validate Denial of Service Vulnerability

A vulnerability in the Common IP Security Option (CIPSO) validation implementation in the Linux Kernel could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists in the cipso_v4_validate() function, as defined in the include/net/cipso_ipv4.h source code file, and is due to an improper memory …

Linux Kernel cipso_v4_validate Denial of Service Vulnerability Read More »

Linux Kernel cipso_v4_validate Denial of Service Vulnerablity

A vulnerability in the Common IP Security Option (CIPSO) validation implementation in the Linux Kernel could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists in the cipso_v4_validate() function, as defined in the include/net/cipso_ipv4.h source code file, and is due to an improper memory …

Linux Kernel cipso_v4_validate Denial of Service Vulnerablity Read More »

GandCrab attackers exploit recently patched Confluence vulnerability

A group of attackers are actively exploiting a critical vulnerability in Atlassian’s Confluence collaboration software to infect servers with the GandCrab ransomware. Confluence is a Java-based web application that provides a shared wiki-type workspace for enterprise employees and is used by tens of thousands of companies worldwide. The vulnerability, tracked as CVE-2019-3396, is in the …

GandCrab attackers exploit recently patched Confluence vulnerability Read More »