[SECURITY] Fedora 29 Update: singularity-2.6.1-1.1.fc29

Singularity provides functionality to make portable containers that can be used across host environments...

Important kernel security update: New kernel 2.6.32-042stab134.8 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab134.8 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 based on the RHEL 6.10 kernel 2.6.32-754.6.3.el6. The new kernel introduces a security and stability fix. Vulnerability id: CVE-2018-9568 Memory corruption due to incorrect socke...

Global IT Asset Inventory: The Foundation for Security and Compliance

Pablo Quiroga, Qualys’ Director of Product Management for IT Asset Management, talks about the new Asset Inventory solution When IT directors and CISOs look at their digitally transformed networks, they encounter many shadows that their legacy enterprise software tools can’t illuminate. These bli...

kubernetes: authentication/authorization bypass in the handling of non-101 responses

A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in...

This Week in Security News: Ethics and Law in the Dark Web

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how Trend Micro software can aid in safely securing containers on the AWS Cloud. Also, how the dark web has become a new advertising...

Kernel update: New kernel 2.6.32-042stab134.7 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab134.7 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0. The new kernel introduces stability fixes. Vulnerability id: PSBM-89993 Running Ubuntu containers with systemd 229-4ubuntu21.8 could result in application failures due to...

Kernel update: New kernel 2.6.32-042stab134.7; Virtuozzo 6.0 Update 12 Hotfix 34 (6.0.12-3728)

This update provides a new kernel 2.6.32-042stab134.7 for Virtuozzo 6.0. The new kernel introduces stability fixes. Vulnerability id: PSBM-89413 Host with multiple ploop devices running on a debug kernel could crash in sysfsaddrmstart on container stop. Vulnerability id: PSBM-89517 In some...

kubernetes: authentication/authorization bypass in the handling of non-101 responses

A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in...

QSC18: The Need for Security Visibility in the Age of Digital Transformation

Enterprises are moving full steam ahead when it comes to their digital transformation efforts. They’ve aggressively adopted cloud infrastructure and other cloud services, IoT, application containers, serverless functionality, and other technologies that are helping their organization to drive...

[SECURITY] Fedora 28 Update: mkvtoolnix-28.2.0-1.fc28

Mkvtoolnix is a set of utilities to mux and demux audio, video and subtitle streams into and from Matroska containers...

[SECURITY] Fedora 27 Update: mkvtoolnix-28.2.0-1.fc27

Mkvtoolnix is a set of utilities to mux and demux audio, video and subtitle streams into and from Matroska containers...

Important kernel security update: CVE-2018-5391 and other issues; new kernel 2.6.32-042stab134.3 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab134.3 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0. The new kernel introduces security and stability fixes. Vulnerability id: CVE-2018-5391 A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of...

CVE-2018-17046

translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js...

Code injection

translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js...

CVE-2018-17046

CVE-2018-17046 affects the Translate Man browser plugin. The root cause is a cross-site scripting vulnerability in the Vue components containers/outputBox/outputBox.vue and store/index.js. The vulnerability can allow an attacker to inject and execute script in the context of a user’s session, as ...

translate man cross-site scripting vulnerability

translate man is a browser plugin that can call the Google Translate interface. A cross-site scripting vulnerability exists in versions of translate man prior to 2018-08-21. A remote attacker can exploit the vulnerability to execute malicious code with the help of the...

Directory traversal

A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an...

CVE-2018-16518

A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an...

CVE-2018-16518

Affected software: Prim'X Zed! FREE (up to 1.0 build 186) and Zed! Limited Edition (up to 6.1 build 2208). Vulnerability type: directory traversal with remote code execution. Root cause / vector: watermark loading function can place an executable file into a Startup folder via crafted ZED! contai...

Securing Container Deployments with Qualys

With container adoption booming, security teams must protect the applications that DevOps teams create and deploy using this method of OS virtualization. The security must be comprehensive across the entire container lifecycle, and built into the DevOps pipeline in a way that is seamless and...