SAP InfraBox 输入验证错误漏洞

SAP InfraBox is a cloud-native Continuous Integration system from SAP, a German company specializing in serverless computing platforms for CI/CD. It can build, deploy, and test software projects. An input validation error vulnerability exists in SAP InfraBox that stems from incorrect input...

CVE-2021-22926

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPTSSLCERT option --cert with the command line tool.When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificat...

How to manage a side-by-side transition from your traditional SIEM to Azure Sentinel

With every week bringing new headlines about crippling cyberattacks, and with organizations growing increasingly distributed, security teams are constantly asked to do more with less. Moving to cloud-native security information and event management SIEM can help security teams analyze data with t...

How to manage a side-by-side transition from your traditional SIEM to Azure Sentinel

With every week bringing new headlines about crippling cyberattacks, and with organizations growing increasingly distributed, security teams are constantly asked to do more with less. Moving to cloud-native security information and event management SIEM can help security teams analyze data with t...

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option...

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS that stems from a vulnerability due to improper security restrictions, where a sandboxed process may be able to bypass the sandbox restrictions. The vulnerabilit...

Apple iOS和Apple iPadOS 授权问题漏洞

Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets.Apple iOS 14.7 and iPadOS 14.7 are vulnerable to an authorization issue in the OS Kernel subsystem logic. Apple iOS 14.7 and iPad...

Apple macOS Big Sur 权限许可和访问控制问题漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. Apple macOS Big Sur 11.5 suffers from a Privilege Permission and Access Control Issue vulnerability that originates from a logic error within the OS Kernel subsystem. The vulnerability allows a native application to elevate privilege...

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option...

@acaciomartins/react-native-simpletable (>=0.0.1 <=0.0.2), @alan-ai/alan-sdk-react-native (>=1.0.4 <=1.0.7) +1206 more potentially affected by CVE-2020-1920 via react-native (>=0.59.0 <=0.62.2)

react-native NPM version =0.59.0, =0.0.1, =1.0.4, =2.3.3, =2.0.1, =2.0.1758683737, =2.1.87, =1.0.1767254401, =1.3.0, =0.1.0, =0.1.0, =0.1.1, =0.1.3 and more Source cves: CVE-2020-1920 Source advisory: OSV:GHSA-7F53-FMMV-MFJV...

@2600hz/sds-react-native-components (>=0.1.0 <=1.8.1), @abdur-rakib/react-native-button (>=0.0.1 <=0.0.3) +624 more potentially affected by CVE-2020-1920 via react-native (>=0.63.0 <=0.64.0)

react-native NPM version =0.63.0, =0.1.0, =0.0.1, =0.1.0, =2.5.0, =0.0.1, =1.0.0, =1.0.1, =1.1.4, =1.0.0, =1.0.4, =1.0.3, =3.0.0, =1.2.1, =1.0.0, =1.0.3 and more Source cves: CVE-2020-1920 Source advisory: OSV:GHSA-7F53-FMMV-MFJV...

GHSA-7F53-FMMV-MFJV Regular expression denial of service in react-native

A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...

Regular expression denial of service in react-native

A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...

Rapid7 Acquires IntSights to Tackle the Expanding Threat Landscape

I am pleased to share the exciting news that, today, Rapid7 acquired IntSights, a leading provider of cloud-native, external threat intelligence and proactive threat remediation. The IntSights team is fantastic, and their threat intelligence capabilities are equally impressive. I’ll share more...

Four features your data-centric security strategy must provide

Each year, the number of data breaches grows by 30%, underscoring the need for organizations to make data-centric security a business priority. Following the big data movement around the beginning of the 21st century, technological innovations have enabled companies to manage, store and process...

Unspecified Vulnerability in IBM Cloud Pak for Applications (CNVD-2021-51808)

IBM Cloud Pak for Applications is an application from IBM America, Inc. Provides cloud-native development solutions that deliver value quickly. A security vulnerability exists in IBM Cloud Pak for Applications v4.3, which can be exploited by attackers to obtain sensitive information...

IBM Cloud Pak for Applications Cross-Site Scripting Vulnerability (CNVD-2022-05115)

IBM Cloud Pak for Applications is an application from IBM of America, Inc. providing cloud-native development solutions that deliver rapid value. IBM Cloud Pak for Applications has a cross-site scripting vulnerability that stems from the application's IBM Cloud Pak being vulnerable to cross-site...

Security Bulletin: Eclipse OpenJ9 jio_snprintf() and jio_vsnprintf() buffer overflow and

Summary In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. These functions were not directly callable by non-native user code. And This...

Microsoft named a Visionary in the 2021 Gartner Magic Quadrant for SIEM for Azure Sentinel

We’re pleased to announce that in its first year of inclusion in the Gartner Magic Quadrant report, Microsoft Azure Sentinel has been named a Visionary, where we were recognized for our completeness of vision for SIEM.1 Gartner has said that “cloud SIEM will be the future of how many organization...