alarmSecurity News

Iran Denies Successful Cyber Attacks on Oil Sector
2019-09-21 07h55
Iran denied on Saturday its oil infrastructure had been successfully attacked by a cyber...
Friday Squid Blogging: Piglet Squid
2019-09-20 17h11
Another piglet squid video. As usual, you can also use this squid post to talk about the...
Disgraced ex-Kaspersky guy made me do it, says bloke in Russian court on hacking charges
2019-09-20 17h00
Oh no I didn't, says disgraced ex-Kaspersky guy An accused Russian hacker has claimed...
How to avoid the dreaded Video4Linux flaw in Android
2019-09-20 16h26
With Google dragging its feet on the fix for Video4Linux, you might consider revoking camera...
Facebook Removed Tens of Thousands of Apps Post-Cambridge Analytica
2019-09-20 15h48
Facebook said it has suspended and banned tens of thousands of apps on its platform after its...
Facebook Suspends 'Tens of Thousands' of Apps in Privacy Review
2019-09-20 15h13
Facebook said Friday it suspended "tens of thousands" of apps on its platform as a result of its...
Eight U.S. Cities Impacted in New Series of Click2Gov Breaches
2019-09-20 14h34
More than 20,000 records from eight cities across the United States have been compromised in a...
Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago
2019-09-20 13h50
Earlier this month I made fun of a company called Crown-Sterling, for...for...for being a...
rsa
Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks
2019-09-20 12h00
Forcepoint has fixed a privilege escalation vulnerability in its VPN Client for Windows.
Bulgarian phishing gang member who lived with his parents jailed for part in £40m fraud ring
2019-09-20 12h00
37-year-old was extradited to Blighty to stand trial A Bulgarian phishing criminal who created...

securityVulnerabilities by Risk-level

13% Critical
22% High
38% Moderate
27% Low

Vulnerabilities by Vendor

Vendor Last 12 months #
Microsoft
82
Gitlab
51
Google
46
Adobe
37
Linux
33

Latest Vulnerabilities

Cross-Site Scripting (XSS) vulnerability in Websimon Tables Project Websimon Tables 1.3.4

2019-09-20 16h15
The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.

Cross-Site Scripting (XSS)
Low

Cross-Site Scripting (XSS) vulnerability in Neuvoo Jobroll 2.0

2019-09-20 16h15
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.

Cross-Site Scripting (XSS)
Medium

SQL Injection vulnerability in Tuzicms 2.0.6

2019-09-20 16h15
App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the...

SQL Injection
High

Cross-Site Scripting (XSS) vulnerability in Zrlog 2.0.1

2019-09-20 16h15
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.

Cross-Site Scripting (XSS)
Low

Cross-Site Scripting (XSS) vulnerability in Webmaster Source Gocodes 1.3.5

2019-09-20 16h15
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.

Cross-Site Scripting (XSS)
Low

Latest Critical Vulnerabilities

Injection vulnerability in Atlassian Jira

2019-09-19 15h15
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10...

Injection
9.0

Undefined vulnerability in Linux NFS Utils 1.3.034.18.1/2.1.16.10.2

2019-09-19 14h15
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version...

Undefined
10.0

Input Validation vulnerability in Tibco Enterprise Runtime FOR R and Spotfire Analytics Platform FOR AWS

2019-09-18 23h15
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition,...

Input Validation
9.0

Input Validation vulnerability in Tibco Enterprise Runtime FOR R and Spotfire Analytics Platform FOR AWS

2019-09-18 23h15
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition,...

Input Validation
10.0

Code Injection vulnerability in Advantech Webaccess 8.4.1

2019-09-18 22h15
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper...

Code Injection
9.0

Undefined vulnerability in Advantech Webaccess 8.4.1

2019-09-18 21h15
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an...

Undefined
9.0

Code Injection vulnerability in Open EMR Openemr 5.0.16

2019-09-16 17h15
OpenEMR v5.0.1-6 allows code execution.

Code Injection
9.0

OS Command Injections vulnerability in Dlink DNS 320 Firmware 2.05.b10

2019-09-16 12h15
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.

OS Command Injections
10.0

OS Command Injections vulnerability in Gitlabhook Project Gitlabhook 0.0.17

2019-09-13 18h15
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability....

OS Command Injections
10.0

OS Command Injections vulnerability in Arubanetworks Arubaos 8.0.0.0

2019-09-13 17h15
A command injection vulnerability is present in the web management interface of ArubaOS that...

OS Command Injections
9.0