CVE-2019-1367: Critical Internet Explorer Memory Corruption Vulnerability Exploited In The Wild
September 23, 2019Zero-day memory corruption vulnerability in Internet Explorer has been observed in attacks in the wild Background On September 23, Microsoft released an out-of-band patch for a zero-day vulnerabilit...
CVE-2019-14994: URL Path Traversal Vulnerability in Jira Service Desk Leads to Information Disclosure
September 19, 2019Path traversal flaw in Jira Service Desk can be used by attackers to view protected information in Jira projects. Background On September 18, Atlassian published a security advisory for a vulnerabil...
CVE-2019-15846: Unauthenticated Remote Command Execution Flaw Disclosed for Exim
September 6, 2019CVE-2019-15846, a new unauthenticated remote code execution vulnerability in the Exim message transfer agent, has been patched in version 4.92.2. Users are encouraged to upgrade immediately. Backgrou...
CVE-2017-9841: Drupal Sites Exploited Using PHPUnit Vulnerability in Mailchimp Modules (PSA-2019-0904)
September 5, 2019Attackers are leveraging a vulnerability patched nearly three years ago to target Drupal sites. Background On September 4, Drupal published PSA-2019-09-04, a public service announcement (PSA) for a ...
CVE-2019-12643: Critical Authentication Bypass Vulnerability in REST API Container for Cisco IOS XE
August 29, 2019Cisco releases ten advisories, including one critical advisory impacting Cisco IOS XE devices with the REST API Container enabled. Background On August 28, Cisco released 10 advisories to address vu...
CVE-2018-13379, CVE-2019-11510: FortiGate and Pulse Connect Secure Vulnerabilities Exploited In the Wild
August 27, 2019Attackers are exploiting arbitrary file disclosure vulnerabilities in popular SSL VPNs from Fortinet and PulseSecure. Background On August 22, two reports emerged of scanning activity targeting vuln...
Critical Cisco Vulnerabilities Across Multiple Products, Exploit Code for CVE-2019-1913 Reportedly Released
August 22, 2019Cisco published new advisories for Integrated Management Controller (IMC) and Unified Computing System (UCS) Director, and updates for Small Business 220 Series Smart Switches that include the existen...
CVE-2019-11510: Proof of Concept Available for Arbitrary File Disclosure in Pulse Connect Secure
August 21, 2019A proof of concept has been made public for CVE-2019-11510, an arbitrary file disclosure vulnerability found in popular virtual private network software, Pulse Connect Secure. Background On April 24...
Apple iPhone and iPad Devices Vulnerable After Reintroduction of SockPuppet Flaw in iOS 12.4 (CVE-2019-8605)
August 20, 2019Previously disclosed and patched flaw was reintroduced in iOS 12.4, which could be used in combination with a separate vulnerability to hack into Apple mobile devices. Update: Apple released i...
CVE-2019-15107: Exploit Modules Available for Remote Code Execution Vulnerability in Webmin
August 19, 2019The popular Linux/UNIX systems management tool has more than 3 million downloads per year and the vulnerability has been present for at least a year, putting many virtual UNIX management systems at ri...
Multiple Denial of Service (DoS) Vulnerabilities in HTTP/2 Disclosed (CVE-2019-9511, CVE-2019-9518)
August 14, 2019A variety of Denial of Service vulnerabilities were found in third-party implementations of HTTP/2. Background On August 13, researchers at Netflix published an advisory for their GitHub page detail...
Tenable Roundup for Microsoft’s August 2019 Patch Tuesday: DejaBlue
August 13, 2019Microsoft’s August 2019 Security Updates, released on August 13, address over 90 vulnerabilities, 29 of which are critical. Microsoft’s August 2019 Patch Tuesday release contains updates fo...