alarmSecurity News

Amnesty slams Facebook, Google over 'pervasive surveillance' business model
2019-11-20 19h25
Rights warriors want governments to actually, y'know, do something – anything Amnesty...
Abnormal Security raises $24M to protect orgs from targeted email attacks
2019-11-20 19h15
Abnormal Security announced the launch of the company with $24M in Series A funding led by...
Claudia Thurner joins AxiomSL as EMEA general manager
2019-11-20 19h00
AxiomSL, the industry’s leading provider of regulatory reporting and risk management solutions,...
Clumio raises $135 million to enhance data protection in the public cloud
2019-11-20 18h45
Clumio, innovators of authentic SaaS for enterprise backup, announced $135 million in series C...
Qumulo appoints Michael Cornwell as CTO
2019-11-20 18h30
Qumulo, the leader in enterprise-proven hybrid cloud file storage, announced that Michael...
Tories change Twitter name to ‘factcheckUK’ during live TV debate
2019-11-20 17h12
Twitter wagged its finger at the UK's Conservative party for renaming its press account...
Security Firms, Nonprofits Team to Fight Stalkerware
2019-11-20 17h00
The Coalition Against Stalkerware launched this week, with the aim of offering a centralized...
Security Automation Firm ZecOps Raises $10 Million in Seed Funding
2019-11-20 16h38
ZecOps, a San Francisco-based threat detection and security automation company, announced this...
Mozilla Bug Bounty Program Doubles Payouts, Adds Firefox Monitor
2019-11-20 16h04
In scope RCE Mozilla bug bounty payouts have also tripled to reach $15,000.
New Legislation Would Block US Firms From Storing Personal Data in China, Russia
2019-11-20 15h52
New legislation introduced this week aims to put a stop to the flow of Americans’ sensitive...

securityVulnerabilities by Risk-level

13% Critical
22% High
38% Moderate
27% Low

Vulnerabilities by Vendor

Vendor Last 12 months #
Debian
88
Microsoft
72
Magento
65
Linux
57
Redhat
50

Latest Vulnerabilities

Cross-Site Scripting (XSS) vulnerability in Jenkins

2019-11-18 22h15
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote...

Cross-Site Scripting (XSS)
Medium

Cross-Site Scripting (XSS) vulnerability in Jenkins

2019-11-18 22h15
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote...

Cross-Site Scripting (XSS)
Medium

Input Validation vulnerability in Jenkins

2019-11-18 21h15
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and...

Input Validation
High

Cross-Site Scripting (XSS) vulnerability in Jenkins

2019-11-18 21h15
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote...

Cross-Site Scripting (XSS)
Medium

Cross-Site Scripting (XSS) vulnerability in Apache Atlas 0.8.3/1.1.0

2019-11-18 21h15
Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in...

Cross-Site Scripting (XSS)
Medium

Latest Critical Vulnerabilities

OS Command Injections vulnerability in Xorur Lpar2Rrd and Stor2Rrd

2019-11-17 21h15
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41....

OS Command Injections
9.0

Injection vulnerability in Untangle NG Firewall 14.2.0

2019-11-14 15h15
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged...

Injection
9.0

klibc DHCP Options Processing Remote Shell Command Execution Vulnerability

2019-11-14 03h15
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are...

Unspecified
10.0

OS Command Injections vulnerability in Exhibitor Project Exhibitor 1.0.9

2019-11-13 23h15
An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web...

OS Command Injections
10.0

Cross-Site Request Forgery (CSRF) vulnerability in Trendnet TEW 812Dru Firmware

2019-11-13 22h15
Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an...

Cross-Site Request Forgery (CSRF)
9.3

Authentication Issues vulnerability in Trendnet TEW 691Gr Firmware and TEW 692Gr Firmware

2019-11-13 21h15
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor...

Authentication Issues
10.0

Injection vulnerability in Debian and Freedesktop products

2019-11-13 20h15
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

Injection
9.3

Out-of-bounds Write vulnerability in Canonical and Google products

2019-11-13 18h15
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds...

Out-of-bounds Write
9.3

Use After Free vulnerability in Google Android

2019-11-13 18h15
In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption...

Use After Free
10.0

Undefined vulnerability in Google Android

2019-11-13 18h15
In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect...
10.0