848 matches found
CVE-2019-10367
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...
PT-2019-11763 · Jenkins · Jenkins Configuration As Code Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.26 and earlier Description: The issue arises from an incomplete fix that did not properly apply masking to some values expected to be hidden when logging the configuration being applied. This...
CVE-2019-10343
Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied...
Design/Logic Flaw
Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied...
CVE-2019-10343
Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied...
PT-2019-11742 · Jenkins · Jenkins Configuration As Code Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Jenkins Configuration as Code Plugin versions 0.8-alpha through 1.0 Description: The issue concerns the logging of configuration changes by the Configuration as Code Plugin, where...
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for...
GHSA-2G9Q-CHQ2-W8QW Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for...
Imperva Wins Awards for Best Database Security, Coolest Cloud Security Vendor
SC Magazine has long been one of the most respected names in cybersecurity journalism, and one that has written about Imperva’s security research and solutions many times. So we’re proud to announce that we’ve won the 2019 SC Award for Best Database Security solution at SC’s awards ceremony on...
Credit Card Disclosure in HTML
The remote web application displays plaintext credit card information without the appropriate masking. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid122648; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/03/07";...
Static vs Dynamic Data Masking: Why Are We Still Comparing the Two?
Earlier this month a leading analyst released their annual report on the state of Data Masking as a component of the overall Data Security sector; which included commentary on what’s known as ‘static’ data masking and an alternative solution known as ‘dynamic’ data masking. And these two solution...
Need for Speed: Optimizing Data Masking Performance and Providing Secure Data for DevOps Users
Let’s start with a pretty common life experience -- you identify a need e.g., transportation, you evaluate your options e.g., evaluate car manufacturers, various features, pricing, etc., and you decide to purchase e.g., vehicle X. This process repeats itself over and over again regardless of the...
Security Bulletin: Vulnerability in Apache Xerces-C XML parser, including XML4C affects IBM InfoSphere Information Server (CVE-2016-0729)
Summary Open Source Xerces-C XML parser vulnerability affects IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reportin...
Monitoring Data & Data Access to Support Ongoing GDPR Compliance – Part III: Tools
The new European Union EU-wide General Data Protection Regulation GDPR was signed into law in late April 2016, and the compliance deadline came into effect on May 25, 2018. The Regulation is expansive and covers a variety of subject areas, provisions, and actions in the form of documented Article...
[SECURITY] Fedora 28 Update: leptonica-1.76.0-1.fc28
The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...
Command and Control via Legitimate Behavior over HTTP: TrevorC2
TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfil. There are two components to TrevorC2 – the client and the server. The client can be...
WhoAmIMailBot - A Service To Mask Your Email
What is it? A service to mask your e-mails, it was inspired by Blur service, where you create a alias for your e-mail, and use it to signup on applications, but the problem on Blur, is that all e-mails pass trough they infraestructure, and I don't need anybody looking on my e-mails, to solve that...
[SECURITY] Fedora 26 Update: leptonica-1.74.4-5.fc26
The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...
Securing Healthcare Data and Applications
The healthcare industry is quickly growing as a sweet spot for hackers to steal large amounts of patient records for profit. The US Department of Health and Human Services breach tool reports over 340 data breaches in 2017 impacting more than 3 million individuals, and 176.5 million individuals...
Targeted Evil Twin Wireless Access Point Attack Toolkit: The Rogue Toolkit
The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy software-defined Access Points AP for the purpose of conducting penetration testing and red team engagements. By using Rogue, penetration testers can easily perform targeted evil tw...