Matisse & Co

Competitive Intelligence Data Services
 
  • Join Now-Sign Up
  • Log In
Forgot Password Matisse & Co

Reset Password

MCO Security Alerts Advisories

  • High – cisco-sa-20181107-struts-commons-fileupload – Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018
    On November 5, 2018, the Apache Struts Team released a security announcement urging an upgrade of the Commons FileUpload library to version 1.3.3 on systems using Struts 2.3.36 or earlier ... read more
  • NA – CVE-2018-15448 – A vulnerability in the user management…
    A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use ... read more
  • NA – CVE-2018-15450 – A vulnerability in the web-based UI of Cisco…
    A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to ... read more
  • High – cisco-sa-20181107-vcsd – Cisco TelePresence Video Communication Server Test Validation Script Issue
    A failure in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently ... read more
  • NA – DSA-4335 – nginx security update
    Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could in denial of service in processing HTTP/2 (via excessive memory/CPU usage) or server ... read more
  • NA – CVE-2018-6436 – A Vulnerability in the firmwaredownload command…
    A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted ... read more
  • NA – CVE-2018-15451 – A vulnerability in the web-based management…
    A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of ... read more
  • NA – CVE-2018-19115 – keepalived through 2.0.8 has a heap-based…
    keepalived through 2.0.8 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no ... read more
  • CVE-2018-7718
    An issue was discovered in Telexy QPath 5.4.462. A low privileged authenticated user supplying a specially crafted serialized request to AdanitDataService.svc may modify user information, including but not limited to ... read more
  • 64.032
    Modified (13)Adware/Dowgin!AndroidAdware/Ewind!AndroidAdware/Kuguo!AndroidAdware/MobiDash!AndroidAdware/Provide!AndroidAdware/ZDTad!AndroidAndroid/Agent.AZX!trAndroid/Ctchm.C!trAndroid/Dialer.P!trAndroid/Generic.AP.154E9D5!trAndroid/Lezok.AE!trAndroid/Rootnik.AH!trAndroid/SmsSpy.NA!tr.spy ]]> ... read more
  • Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-40)
    A prenotification security advisory (APSB18-40) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, November 13, 2018. We will continue to provide updates on the upcoming ... read more
  • ForeScout Acquires Industrial Security Firm SecurityMatters for $114 Million in Cash (SecurityWeek)
    ... read more
  • Google: Newer Android versions are less affected by malware (ZDNet)
    ... read more
  • HP Security Bulletin MFSBGN03829 1
    HP Security Bulletin MFSBGN03829 1 - A potential vulnerability has been identified in the Operations Bridge Manager capability of the Micro Focus Operations Bridge containerized suite. The vulnerability could be ... read more
  • Red Hat Security Advisory 2018-3528-01
    Red Hat Security Advisory 2018-3528-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss ... read more
  • Red Hat Security Advisory 2018-3529-01
    Red Hat Security Advisory 2018-3529-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss ... read more
  • Red Hat Security Advisory 2018-3527-01
    Red Hat Security Advisory 2018-3527-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss ... read more
  • Ubuntu Security Notice USN-3813-1
    Ubuntu Security Notice 3813-1 - It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting ... read more
  • Red Hat Security Advisory 2018-3522-01
    Red Hat Security Advisory 2018-3522-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server ... read more
  • Red Hat Security Advisory 2018-3521-01
    Red Hat Security Advisory 2018-3521-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include improper field access ... read more
  • 64.031
    Newly Added (1)Android/Generic.S.1C535F!trModified (11)Adware/AirPush!AndroidAdware/MobiDash!AndroidAdware/MobiStealth!AndroidAdware/Youmi!AndroidAndroid/Agent.ABW!trAndroid/Agent.AZY!trAndroid/Agent.LL!trAndroid/Fakeapp.A!trAndroid/VpsDrop.A!trRiskware/Agent!AndroidRiskware/Miner!Android ]]> ... read more
  • CVE-2018-6437
    A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell ... read more
  • CVE-2018-15449
    A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management ... read more
  • CVE-2018-19045
    keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. ... read more
  • CVE-2018-19046
    keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a ... read more
  • CVE-2018-15450
    A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient ... read more
  • CVE-2018-6438
    A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell ... read more
  • CVE-2018-19044
    keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files ... read more
  • CVE-2018-19115
    keepalived through 2.0.8 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the ... read more
  • CVE-2018-6436
    A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell ... read more
  • CVE-2018-15451
    A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the ... read more
  • CVE-2018-15448
    A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to ... read more
  • Making Zero Trust a Reality: Palo Alto Networks Named a Leader in The Forrester Wave™: Zero Trust eXtended (ZTX) Ecosystem Providers, Q4 2018
    I am delighted to share that Palo Alto Networks has been named a leader in The Forrester Wave: Zero Trust eXtended (ZTX) Ecosystem Providers, Q4 2018. As a former ... read more
  • Apache Hive EXPLAIN Operation Unauthorized Access Vulnerability
    A vulnerability in Apache Hive could allow an authenticated, remote attacker to gain unauthorized access to a targeted system. The vulnerability is due to improper security restrictions that are imposed ... read more
  • Apache Hive HiveServer2 Local Resources Unauthorized Access Vulnerability
    A vulnerability in Apache Hive could allow an authenticated, remote attacker to gain unauthorized access to a targeted system. The vulnerability exists because the affected software imposes improper security restrictions ... read more
  • Cutting through the noise
    The Army Rapid Capabilities Office (RCO) does things differently. It has to. It's mandated in its charter and embedded in its culture. So when it came time for the small ... read more
  • NCCIC Releases Analysis Report on JexBoss
    Original release date: November 08, 2018NCCIC has released Analysis Report (AR) AR18-312A: JexBoss - JBoss Verify and EXploitation Tool. Cyber threat actors use JexBoss to remotely access victims' systems. The ... read more
  • Steam bug could have given you access to all the CD keys of any game (ZDNet)
    ... read more
  • Bankers Life Hack Affects More Than 566,000 (InfoRiskToday)
    ... read more
  • NA – CVE-2018-15445 – A vulnerability in the web-based management…
    A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack ... read more
  • NA – CVE-2018-15381 – A Java deserialization vulnerability in Cisco…
    A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The ... read more
  • NA – CVE-2018-15437 – A vulnerability in the system scanning…
    A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the ... read more
  • NA – CVE-2018-15444 – A vulnerability in the web-based user interface…
    A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored ... read more
  • NA – CVE-2018-15393 – A vulnerability in the web-based management…
    A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting ... read more
  • NA – CVE-2018-15439 – A vulnerability in the Cisco Small Business…
    A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability ... read more
  • NA – CVE-2018-15394 – A vulnerability in the Stealthwatch Management…
    A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions ... read more
  • NA – CVE-2018-15443 – A vulnerability in the detection engine of…
    A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that ... read more
  • NA – CVE-2018-0284 – A vulnerability in the local status page…
    A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration ... read more
  • NA – CVE-2018-15446 – A vulnerability in Cisco Meeting Server could…
    A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is ... read more
  • NA – CVE-2018-19114 – An issue was discovered in MinDoc through…
    An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a ... read more
Older posts
Newer posts

Matisse & Co @2019

KAVI MCO iSTRACIN Platform v 02.25 Tuesday, March 26, 2019

  • Disclaimer |
  • Terms |
  • Privacy
  • About-Services
  • Blog-Reports
  • YouTube
  • Pinterest
  • LinkedIn
  • Twitter
  • LinkedIn
  • Twitter
  • Connect-Contact

Login

Login to Matisse & Co Competitive Intelligence

Forgot password?
Register Now

Hello

  • Your Account Type is
  • Your Mail Id is
  • Your Username is

Security Briefing Search

PDF Library Search

Search

Reset Password

Reset Password

You have no permission to access this content