CVE-2024-7885 Undertow: improper state management in proxy protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

IBM Db2 Injection Vulnerability

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an injection vulnerability that can be exploited by an authenticated attacker to...

GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover

A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments. "A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud servic...

Our Takeaways From 2024 Gartner Market Guide for Cloud-Native Application Protection Platforms (CNAPP): Insights and Market Evolution

Are your cloud-native applications and multi-cloud infrastructure adequately protected against evolving threats? How confident are you in your current security measures for cloud workloads and containerized environments? The recent Gartner Market Guide for Cloud-Native Application Protection...

The vulnerability of the Skupper package, a software tool for managing and integrating microservices in cloud and hybrid environments of Red Hat Service Interconnect, allows a hacker to bypass the authentication process.

The vulnerability of the Skupper package, a software tool for managing and integrating microservices in cloud and hybrid environments of Red Hat Service Interconnect, is related to the use of default credentials. Exploiting this vulnerability could allow an attacker to bypass authentication...

Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

Cybersecurity researchers have disclosed details of a new distributed denial-of-service DDoS attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack...

USN-6938-1: Linux kernel vulnerabilities

It was discovered that the device input subsystem in the Linux kernel did not properly handle the case when an event code falls outside of a bitmap. A local attacker could use this to cause a denial of service system crash. CVE-2022-48619 黄思聪 discovered that the NFC Controller Interface NCI...

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

AZL-47122 CVE-2024-40897 affecting package orc for versions less than 0.4.39-2

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

CVE-2024-40897

CVE-2024-40897 concerns the ORC library. A stack-based buffer overflow in orcparse.c affects ORC versions prior to 0.4.39, which could allow arbitrary code execution in a developer build environment when processing crafted files. The vulnerability primarily impacts developers and CI environments ...

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

From Top Dogs to Unified Pack

Embracing a consolidated security ecosystem Cybersecurity is as unpredictable as it is rewarding. Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber team may find yourselves...

SUSE CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

How to use PING to check for proper MTU level for fragmentation for storage networks

There are many times in XenServer environments where the customer will have implemented MTU of 9000 to be able to enjoy the benefits of Jumbo Frames. While this is 100% supported, it is not 100% recommended. For the best customer experience we need to be able to suggest, test, and implement the...

Support for XenApp in Virtualized Environments

This article provides information on support for XenApp in virtualized environments. Virtual servers provide mainframe-class virtual machines on Intel and AMD architecture servers, and are ideally suited for consolidating and partitioning systems in high-performance environments. Citrix supports...

What’s New in Rapid7 Products & Services: Q2 2024 in Review

This quarter we continued to make investments that provide security professionals with a holistic, actionable view of their entire attack surface. In Q2, we focused on enhancing visualization, prioritization, and integration capabilities across our key products and services. Below we’ve highlight...

Rapid7 completes IRAP PROTECTED assessment for Insight Platform solutions

Exciting news from Australia! Rapid7 has successfully completed an Information Security Registered Assessors Program IRAP assessment to PROTECTED Level for several of our Insight Platform solutions. What is IRAP? An IRAP assessment is an independent assessment of the implementation,...