What Will GDPR’s Impact Be On U.S. Consumer Privacy?

Will General Data Protection Regulation rules that go in effect on Friday impact the privacy of U.S. citizens? It depends who you ask, but the odds-on-favorite answer is “not by much.” The Facebook Cambridge Analytica scandal in March led to a firehose of rebuke against social media platforms,...

How to Allocate an Extra Management CPU to NetScaler MPX Appliance

The object is to add an additional Management CPU to the NetScaler MPX for Management data processing and monitoring...

Unspecified Denial of Service Vulnerability in SAP Adobe Document Services

SAP is a provider of enterprise application software solutions. An unspecified denial of service vulnerability exists in SAP Adobe Document Services. An attacker could exploit this vulnerability to cause a denial of service...

Critical Actions to Finalize Your GDPR Compliance Program

Starting May 25, 2018, enforcement begins for the new EU General Data Protection Regulation GDPR and its heightened principles and requirements regarding data privacy, data processing, and data security. The newly revised regulation applies to organizations doing business in the European Union or...

Carbon Black’s Commitment to GDPR & Keeping Customer Data Safe

At Carbon Black, keeping our customers’ data safe is a top priority. The European Union’s General Data Protection Regulation “GDPR”, a comprehensive European privacy law that takes effect on May 25, 2018, has shined a light on the importance of securing personal data. The GDPR is designed to...

GRR Rapid Response - Remote Live Forensics For Incident Response

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR...

SUSE-SU-2018:0784-1 Security update for libvorbis

This update for libvorbis fixes the following issues: - CVE-2018-5146: Fixed out of bounds memory write while processing Vorbis audio data bsc1085687...

SAP NetWeaver System Landscape Directory Authentication Bypass Vulnerability

SAP NetWeaver is a service-oriented, integrated application platform from SAP that provides a development and runtime environment for SAP applications. The platform provides a development and runtime environment for SAP applications, and the System Landscape Directory SLD is one of the components...

CVE-2017-1758

IBM Financial Transaction Manager for ACH Services for Multi-Platform IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A...

CVE-2018-1000047

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library...

Remote code execution

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library...

CVE-2018-1000047

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library...

CVE-2018-1000030

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are...

CVE-2018-1000030

CVE-2018-1000030 : The Python 2.7.14 heap-security issue is described as a Heap-Buffer-Overflow and Heap-Use-After-Free arising when multiple threads handle large data, caused by a race condition between buffer sizing and writes. Older Python 2.7.x versions may also be vulnerable; the risk is con...

The vulnerability of the centralized version control system CVS lies in its improper handling of data when interacting with a remote repository via SSH protocol. This allows a malicious actor to execute arbitrary code.

The vulnerability of the centralized version control system CVS is related to improper data processing when interacting with a remote repository via SSH protocol. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted hostname in the repository’...

The vulnerability of the ares_parse_naptr_reply function in the asynchronous DNS request library c-ares allows a attacker to perform reading beyond the buffer limit in memory.

The vulnerability of the aresparsenaptrreply function in the asynchronous DNS request library c-ares is related to incorrect data processing during the analysis of NAPTR responses. Exploiting this vulnerability can allow a malicious actor, operating remotely, to trigger buffer overflow attacks by...

The vulnerability of the microprogrammed software in wireless presentation systems like ClickShare CSM-1 and ClickShare CSC-1, related to incorrect data processing, allows a intruder to execute arbitrary code.

The vulnerability of the microprogrammed software in Barco ClickShare CSM-1 and ClickShare CSC-1 wireless presentation systems is related to improper data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the affected application remotely...

The vulnerability of the IBM WebSphere Commerce, Commerce on Cloud, and WebSphere Commerce Developer software lies in data processing errors. This allows attackers to disclose sensitive information, perform actions on behalf of administrators, or cause service interruptions.

The vulnerability of the IBM WebSphere Commerce, Commerce on Cloud, and WebSphere Commerce Developer software platforms lies in the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information, perform actions on behalf of...

Processing .docx and .xlsx files with Python

MS Office documents are probably one of the most inconvenient and poorly formalized data sources. It's much better to keep all the data in specialized databases or at least in wiki. But in real life, MS Office documents are in active use in nearly every organization. Simply because it is a flexib...

Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16409)

A memory corruption vulnerability exists in Adobe Acrobat And Reader. The vulnerability is due to an error in the image conversion engine when processing Enhanced Metafile Format EMF private data. A remote attacker may exploit this vulnerability by using the out of bounds access for unintended...