The complexity of modern information systems relies on a large number of applications that are necessary for the proper functioning of any company. So the task of keeping up with the threats is quite difficult. Updating systems is a basic task and has a great effect. But to do this, you need to know which vulnerabilities and threats might affect your business and properly decide how to prioritize the investment in Information Security.
We are always ready to help you in an efficient and reliable way.
In addition to the Vulnerability and Threat Intelligence service, we also provide access to the vulnerabilities discovered by Allele Security Intelligence’s research team through our Security Research service. We conduct research constantly and especially in applications that are essential for various types of industry. Your company will stay up to date with the latest vulnerabilities and threats that may affect your business.
Always being steps ahead
see Our latest security alerts
- ASA-2019-00575 – Oracle Solaris: Local privilege escalation via xscreensaverExploitation of a design error vulnerability in xscreensaver, as distributed with Solaris 11.x, allows local attackers to create (or append to) arbitrary files on the system, by abusing the -log command line switch introduced in version 5.06. This flaw can be leveraged to cause a denial of service condition or to escalate privileges to root, … Read more
- ASA-2019-00574 – libssh2: Out-of-bounds read when connecting to a malicious SSH serverThere is an out-of-bounds read vulnerability, potentially leading to either denial of service or remote information disclosure. It is triggered when libssh2 is used to connect to a malicious SSH server. The overflow occurs when the SSH server sends a disconnect message, which means that the vulnerability can be triggered early in the connection process, … Read more
- ASA-2019-00573 – Linux kernel: Potential buffer overflow on P2P code in rtlwifirtl_p2p_noa_ie() in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow.
- ASA-2019-00572 – Linux kernel: Buffer overflow when copying SSID to userspace in cfg80211The function cfg80211_mgd_wext_giwessid() in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a buffer overflow when copying to userspace.
- ASA-2019-00571 – Kubernetes: API Server JSON/YAML parsing vulnerable to resource exhaustion attackDenial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability.