CVE-2019-17266: Heap-Based Buffer Overflow in libsoup HTTP Library
IntroductionAccording to GNOME’s internal wiki page, “libsoup is an HTTP client/server library for GNOME.” Libsoup uses “GObjects” and the “glib main loop” to work well with GNOME ...
IntroductionAccording to Cisco’s official site, Cisco IOS XE is, “an open and flexible operating system optimized for a new era of enterprise networks.” The description continues as an open, ...
CVE-2019-5485: Node Package Manager Webhook (gitlabhook) Vulnerable to Arbitrary Command Injection
IntroductionAccording to its website, the Node Package Manager (NPM) is the world’s largest software registry, and one of the packages NPM manages is the Javascript language. GitLab, according to ...
CVE-2019-15846: Exim Mail Transfer Agent Vulnerable to Buffer Overflow Attack
IntroductionThe Exim mail transfer agent (MTA)/mail server is an open source service used on Unix-like operating systems. Exim can be used as substitutes for common mail servers such as Gmail and ...
CVE-2019-9506: Bluetooth Devices Vulnerable to Key Negotiation of Bluetooth (KNOB) Attacks
IntroductionOn August 14, 2019, a cybersecurity research team comprised of Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen, released a paper regarding a flaw in how Bluetooth enabled ...
Travel industry booking websites’ vulnerabilities compromise user’s data
On April 9, 2019 security researcher Candid Wuees disclosed on vulnerabilities that allowed malicious users to compromise customer booking data in the hotel industry. These vulnerabilities affect ...
Phone security application vulnerabilities compromises devices
On April 4, 2019 researchers at Check Point Research found vulnerabilities in the preinstalled security app, Guard Provider, that affects devices from Xiaomi phones. Xiaomi is the third largest ...
3rd party car alarms make vehicles susceptible to theft
On March 8, 2019 security researchers at Pen Test Partners disclosed vulnerabilities found in the application programming interface (API) of Viper, and Pandora 3rd party car alarm systems. The ...
IBM Cloud vulnerability allows for backdoor on bare metal servers
Researchers at Eclypsium on February 26, 2019 reported on a vulnerability in International Business Machines (IBM) Softlayer--now IBM Cloud--that allowed for a malicious user to plant a backdoor on ...
WordPress vulnerability allows attacker to gain full remote access of server
On February 19, 2019 security researchers at RIPS Technologies found a vulnerability in WordPress that allowed an attacker who had author privileges to execute arbitrary hypertext preprocessor ...