2019 Security Spending Outlook

From Dark Reading:


Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

PUBLISHED: 2019-02-12

Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter.

PUBLISHED: 2019-02-12

In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.

PUBLISHED: 2019-02-12

In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain …

PUBLISHED: 2019-02-12

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user’s browser se…

PUBLISHED: 2019-02-11

In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation…



The original content can be found here: 2019 Security Spending Outlook

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.