Credential leak in react-native-fast-image

This affects all versions before version 8.3.0 of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session toke...

Top Challenges for Security Analytics and Operations, and How a Cloud-Based SIEM Can Help

As the attack surface continues to grow, the job of a security professional is getting exponentially more complicated. With the surge in remote work over the last year, this has only accelerated. To keep up and combat key security operations challenges, many organizations are making the move to t...

ByeIntegrity-UAC - Bypass UAC By Hijacking A DLL Located In The Native Image Cache

Bypass User Account Control UAC to gain elevated Administrator privileges to run any program at a high integrity level. Requirements Administrator account UAC notification level set to default or lower How it works ByeIntegrity hijacks a DLL located in the Native Image Cache NIC. The NIC is used ...

DevSecOps and the New Scope of Application Development

Hand in hand: Application development and application security As expectations of developers change, so too do those of security teams. It’s more of a collective effort than ever as business dependence on applications continues to grow. Security must shift further left into the software developme...

Unspecified Vulnerability in Oracle WebLogic Server (CNVD-2021-30934)

Oracle WebLogic Server is a cloud-native, enterprise-grade Java platform application server for multi-tier distributed enterprise application development and deployment. A security vulnerability exists in the Coherence Container component in Oracle WebLogic Server versions 12.1.3.0.0, 12.2.1.3.0,...

Unspecified Vulnerability in Oracle WebLogic Server (CNVD-2021-30930)

Oracle WebLogic Server is a cloud-native, enterprise-grade Java platform application server for multi-tier distributed enterprise application development and deployment. A security vulnerability exists in the Web Services component of Oracle WebLogic Server versions 10.3.6.0.0, 12.2.1.3.0,...

Unspecified Vulnerability in Oracle WebLogic Server (CNVD-2021-30935)

Oracle WebLogic Server is a cloud-native, enterprise-grade Java platform application server for multi-tier distributed enterprise application development and deployment. A security vulnerability exists in the Core component of Oracle WebLogic Server versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, an...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 12 security update

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.4.2 Security Update

Updated Red Hat JBoss Web Server 5.4.2 packages are now available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

@gsandf/react-native-oauth (>=2.1.16 <=2.2.2), react-native-oauth (>=1.1.0 <=2.2.0) +5 more potentially affected by CVE-2019-10805 via valib (=2.0.0)

valib NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on valib and may be impacted: - @gsandf/react-native-oauth =2.1.16, =1.1.0, =2.1.16, =2.1.15, =0.1.0, =0.4.6 Source cves: CVE-2019-10805 Source advisory: OSV:GHSA-PMPR-VC5Q-H3JW...

Vlad Tansky swiper 安全漏洞

Vlad Tansky swiper is a Vlad Tansky open source application . Used in mobile websites , mobile Web applications and mobile native , hybrid applications . Vlad Tansky swiper 6.5.1 version of the previous security vulnerability , there is no detailed vulnerability details provided...

ThreatMapper - Identify Vulnerabilities In Running Containers, Images, Hosts And Repositories

The Deepfence Runtime Threat Mapper is a subset of the Deepfence cloud native workload protection platform, released as a community edition. This community edition empowers the users with following features: 1. Visualization: Visualize kubernetes clusters, virtual machines, containers and images,...

Wallarm API Discovery: Discover API endpoints automatically and secure them

What do you know about your APIs? Why are the vulnerable v2 and v3 still exposed if they are deprecated for almost a year? What else is exposed and you don’t even know? Are Swagger specs up to date? Teaser: Surely not. A lot of questions, right? Meet Wallarm’s latest feature for API Discovery and...

NATS Server Access Control Error Vulnerability

NATS Server is an open source messaging system. The system is mainly used for cloud-native applications, IoT messaging and microservices architecture. An access control error vulnerability exists in NATS Server 2.x before 2.2.0 and JWT library before 2.0.1, which stems from improper handling of...

A Quick Look Into Cloud Security Posture Management (CSPM)

The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security...

Tuf - A Framework For Securing Software Update Systems

This repository is the reference implementation of The Update Framework TUF. It is written in Python and intended to conform to version 1.0 of the TUF specification. This implementation is in use in production systems, but is also intended to be a readable guide and demonstration for those workin...

Apple macOS Big Sur 权限许可和访问控制问题漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. A vulnerability in privilege permission and access control issues exists in Apple macOS Big Sur prior to version 11.0.1, which stems from a native application that can enumerate a user's iCloud documents...

KICS - Find Security Vulnerabilities, Compliance Issues, And Infrastructure Misconfigurations Early In The Development Cycle Of Your Infrastructure-As-Code

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. KICS stands for K eeping I nfrastructure as C ode S ecure, it is open source and is a must-have for any cloud native project...

Securing Containers and Kubernetes-Orchestrated Environments

In a recent Black Hat webcast, “Securing Containers and Kubernetes-Orchestrated Environments,” sponsored by VMware Carbon Black, guest speakers Sheila A. Berta, Offensive Security Specialist, Dreamlab Technologies and Haim Helman, CTO, VMware Carbon Black App Security, VMware Security Business...

[SECURITY] Fedora 33 Update: golang-github-containerd-cri-1.19.0-3.20210307gitaa2d5a9.fc33

Cri is a native plugin of containerd 1.1 and above. It is built into contai nerd and enabled by default...