alarmSecurity News
Amnesty slams Facebook, Google over 'pervasive surveillance' business model
2019-11-20 19h25
2019-11-20 19h25
Rights warriors want governments to actually, y'know, do something – anything Amnesty...
Abnormal Security raises $24M to protect orgs from targeted email attacks
2019-11-20 19h15
2019-11-20 19h15
Abnormal Security announced the launch of the company with $24M in Series A funding led by...
Claudia Thurner joins AxiomSL as EMEA general manager
2019-11-20 19h00
2019-11-20 19h00
AxiomSL, the industry’s leading provider of regulatory reporting and risk management solutions,...
Clumio raises $135 million to enhance data protection in the public cloud
2019-11-20 18h45
2019-11-20 18h45
Clumio, innovators of authentic SaaS for enterprise backup, announced $135 million in series C...
Qumulo appoints Michael Cornwell as CTO
2019-11-20 18h30
2019-11-20 18h30
Qumulo, the leader in enterprise-proven hybrid cloud file storage, announced that Michael...
Tories change Twitter name to ‘factcheckUK’ during live TV debate
2019-11-20 17h12
2019-11-20 17h12
Twitter wagged its finger at the UK's Conservative party for renaming its press account...
Security Firms, Nonprofits Team to Fight Stalkerware
2019-11-20 17h00
2019-11-20 17h00
The Coalition Against Stalkerware launched this week, with the aim of offering a centralized...
Security Automation Firm ZecOps Raises $10 Million in Seed Funding
2019-11-20 16h38
2019-11-20 16h38
ZecOps, a San Francisco-based threat detection and security automation company, announced this...
Mozilla Bug Bounty Program Doubles Payouts, Adds Firefox Monitor
2019-11-20 16h04
2019-11-20 16h04
In scope RCE Mozilla bug bounty payouts have also tripled to reach $15,000.
New Legislation Would Block US Firms From Storing Personal Data in China, Russia
2019-11-20 15h52
2019-11-20 15h52
New legislation introduced this week aims to put a stop to the flow of Americans’ sensitive...
securityVulnerabilities by Risk-level
13% Critical
22% High
38% Moderate
27% Low
Vulnerabilities by Vendor
Latest Vulnerabilities
Cross-Site Scripting (XSS) vulnerability in Jenkins
2019-11-18 22h15
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote... Cross-Site Scripting (XSS)
Medium
Cross-Site Scripting (XSS) vulnerability in Jenkins
2019-11-18 22h15
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote... Cross-Site Scripting (XSS)
Medium
Input Validation vulnerability in Jenkins
2019-11-18 21h15
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and... Input Validation
High
Cross-Site Scripting (XSS) vulnerability in Jenkins
2019-11-18 21h15
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote... Cross-Site Scripting (XSS)
Medium
Cross-Site Scripting (XSS) vulnerability in Apache Atlas 0.8.3/1.1.0
2019-11-18 21h15
Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in... Cross-Site Scripting (XSS)
Medium
Latest Critical Vulnerabilities
OS Command Injections vulnerability in Xorur Lpar2Rrd and Stor2Rrd
2019-11-17 21h15
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41.... OS Command Injections
9.0
Injection vulnerability in Untangle NG Firewall 14.2.0
2019-11-14 15h15
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged... Injection
9.0
klibc DHCP Options Processing Remote Shell Command Execution Vulnerability
2019-11-14 03h15
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are... Unspecified
10.0
OS Command Injections vulnerability in Exhibitor Project Exhibitor 1.0.9
2019-11-13 23h15
An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web... OS Command Injections
10.0
Cross-Site Request Forgery (CSRF) vulnerability in Trendnet TEW 812Dru Firmware
2019-11-13 22h15
Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an... Cross-Site Request Forgery (CSRF)
9.3
Authentication Issues vulnerability in Trendnet TEW 691Gr Firmware and TEW 692Gr Firmware
2019-11-13 21h15
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor... Authentication Issues
10.0
Injection vulnerability in Debian and Freedesktop products
2019-11-13 20h15
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. Injection
9.3
Out-of-bounds Write vulnerability in Canonical and Google products
2019-11-13 18h15
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds... Out-of-bounds Write
9.3
Use After Free vulnerability in Google Android
2019-11-13 18h15
In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption... Use After Free
10.0
Undefined vulnerability in Google Android
2019-11-13 18h15
In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect... 10.0
CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.