Cloud-Native Application Protection (CNAPP): What's Behind the Hype?

There's no shortage of acronyms when it comes to security product categories. DAST, EDR, CWPP — it sometimes feels like we're awash in a sea of letters, and that can be a little dizzying. Every once in a while, though, a new term pops up that cuts through the noise, thanks to a combination of...

Apple macOS Big Sur 权限许可和访问控制问题漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. Apple macOS Big Sur 11.5 suffers from a Privilege Permission and Access Control Issue vulnerability that originates from a logic error within the OS Kernel subsystem. The vulnerability allows a native application to elevate privilege...

Apple macOS 资源管理错误漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A resource management error vulnerability exists in the Heimdal component of Apple MacOS. The vulnerability stems from a use-after-the-fact error in Heimdal, where a malicious application could trigger a...

Apple macOS 权限许可和访问控制问题漏洞

Apple macOS is a suite of specialized operating systems developed by Apple Inc. for Mac computers. A privilege-granting and access-control issue vulnerability exists in the dock component of Apple macOS. The vulnerability stems from an application not properly applying security restrictions to th...

Apple iPadOS 竞争条件问题漏洞

Apple iPadOS is an operating system from Apple Inc. for the iPad tablet computer. Apple iPadOS suffers from a Competitive Condition Issue vulnerability that stems from a competitive condition in AVEVideoEncoder. A native application can exploit the competition to gain unauthorized access to...

Apple macOS Big Sur 安全漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. A security vulnerability exists in macOS Big Sur, which originates from allowing a native application to overwrite arbitrary files. Affected Versions:macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1...

Unspecified Vulnerability in Oracle WebLogic Server (CNVD-2021-30935)

Oracle WebLogic Server is a cloud-native, enterprise-grade Java platform application server for multi-tier distributed enterprise application development and deployment. A security vulnerability exists in the Core component of Oracle WebLogic Server versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, an...

Unspecified Vulnerability in Oracle WebLogic Server (CNVD-2021-30934)

Oracle WebLogic Server is a cloud-native, enterprise-grade Java platform application server for multi-tier distributed enterprise application development and deployment. A security vulnerability exists in the Coherence Container component in Oracle WebLogic Server versions 12.1.3.0.0, 12.2.1.3.0,...

Unspecified Vulnerability in Oracle WebLogic Server (CNVD-2021-30930)

Oracle WebLogic Server is a cloud-native, enterprise-grade Java platform application server for multi-tier distributed enterprise application development and deployment. A security vulnerability exists in the Web Services component of Oracle WebLogic Server versions 10.3.6.0.0, 12.2.1.3.0,...

A Quick Look Into Cloud Security Posture Management (CSPM)

The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security...

Apple macOS Big Sur 权限许可和访问控制问题漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. A vulnerability in privilege permission and access control issues exists in Apple macOS Big Sur prior to version 11.0.1, which stems from a native application that can enumerate a user's iCloud documents...

CVE-2020-15523

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading...

Google Android framework elevation of privilege vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which Framework is a component. The Framework in Google Android is vulnerable to a power lifting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

Android Qualcomm camera driver elevation of privilege vulnerability

Android on Nexus 5X, etc. is an open source Linux-based operating system developed by Google and the Open Handheld Alliance OHA for the Nexus 5X, etc. Qualcomm camera driver is a Qualcomm-developed camera driver. Qualcomm camera driver is a camera driver developed by Qualcomm. An elevation of...

Android Qualcomm networking driver elevation of privilege vulnerability (CNVD-2017-02822)

Android on Nexus 5X is an open source Linux-based operating system for the Nexus 5X smartphone developed by Google and the Open Handset Alliance OHA.Qualcomm networking Driver is one of the networking library drivers. The Qualcomm networking driver is one of the network connectivity library...

Google Android Framework API elevation of privilege vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA for short. The Framework API is one of the API components used to create the framework. An elevation of privilege vulnerability exists in the Framework API in Android. An attacker c...

Android kernel elevation of privilege vulnerability (CNVD-2016-06090)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA, of which the Kernel File System is a kernel file system component. An elevation of privilege vulnerability exists in the kernel in Android. The vulnerability can be exploited by an...