Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19740PUBLISHED: 2019-12-12Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
CVE-2019-19746PUBLISHED: 2019-12-12make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
CVE-2019-19748PUBLISHED: 2019-12-12The Work Time Calendar app before 4.7.1 for Jira allows XSS.
CVE-2017-18640PUBLISHED: 2019-12-12The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CVE-2019-19726PUBLISHED: 2019-12-12
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from th...
User Rank: Strategist
9/17/2014 | 11:28:16 AM
I use a passwordcard (easily found on the web), and only have to remember the starting row/column for the password. On sites which permit password hints, that is all the info I need. Only I know if I'm parsing UP/DOWN/Left/Diagonal,Knightwise, etc. And I know how many characters I'm using - more than 8, less than 50.
I've used the same process when sending secured data to someone who does not have a valid PGP key on my keychain. Share a passwordcard with them, email the starting location and pattern, and encrypt the 7Z using that password. Cumbersome, but unfortunately easy security is easily defeated.