CVE-2021-21378

Summary of CVE-2021-21378 (Envoy): In Envoy 1.17.0, the JWT Authentication filter can bypass authentication when configured with the allowed-missing option under requires_any, due to a faulty handling of an unknown issuer. A JwtUnknownIssuer error was mistakenly converted to JwtMissed, causing a ...

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform (CVE-2020-1971)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function...

EulerOS Virtualization 3.0.6.6 : bind (EulerOS-SA-2021-1458)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM Spectrum Scale RAID/IBM GPFS Native RAID. These issues were disclosed as part of the IBM Java SDK updates for October 2015. Vulnerability Details CVEID: CVE-2015-4843 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM Spectrum Scale RAID/IBM GPFS Native RAID. These issues were disclosed as part of the IBM Java SDK updates for October 2015. Vulnerability Details CVEID: CVE-2015-4843 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM GPFS Native RAID (CVE-2015-2638, CVE-2015-4760, CVE-2015-2619, CVE-2015-2613)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition Versions 6 and 7 that are used by IBM GPFS Native RAID. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2638 DESCRIPTION: An...

Security Bulletin: Vulnerability in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM Spectrum Scale RAID/IBM GPFS Native RAID. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID:...

Security Bulletin: Vulnerability in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM Spectrum Scale RAID/IBM GPFS Native RAID. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID:...

@apollosproject/apollos-cli (>=2.43.1 <=3.0.0-canary.57), @apollosproject/react-native-make (>=3.0.4 <=3.0.5) +22 more potentially affected by CVE-2021-29060 via color-string (>=1.2.0 <=1.5.3)

color-string NPM version =1.2.0, =2.43.1, =3.0.4, =3.0.2, =1.0.0, =2.1.2, =3.0.1, =2.4.0, =3.2.4, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.3, =0.0.0, =0.0.7 and more Source cves: CVE-2021-29060 Source advisory: SNYK:JS-COLORSTRING-1082939...

Microsoft unifies SIEM and XDR to help stop advanced attacks

For all of us in security, the last twelve months have been an incredible series of challenges—from balancing remote work with family priorities, to helping build resilient businesses, and protecting against the latest attacks. 2020 showed us that while we have made great progress, there is still...

IBM Squashes Critical Remote Code-Execution Flaw

IBM has patched a critical buffer-overflow error that affects Big Blue’s Integration Designer toolset, which helps enterprises create business processes that integrate applications and data. If exploited, the flaw could enable remote code execution. Click to Register The flaw CVE-2020-27221 has a...

VMware Carbon Black Named to the 2021 CRN Security 100 List

We are proud to announce that CRN®, a brand of The Channel Company, has named VMware Carbon Black to its annual Security 100 list. The Security 100 list features leading IT channel security vendors and is compiled by a panel of CRN editors, recognizing channel-focused security vendors across five...

Cloud Data Security is Now Available in AWS Marketplace

We’re pleased to announce that Imperva Cloud Data Security is now available in the Amazon Web Services Marketplace. Database security shouldn’t be hard, so Imperva has made it simple. Imperva Cloud Data Security CDS is a SaaS solution specifically designed to secure organizations’ data stored in...

First Malware Designed for Apple M1 Chip Discovered in the Wild

One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company's latest generation of Macs powered by its own processors. While the transiti...

6 strategies to reduce cybersecurity alert fatigue in your SOC

Today, organizations are faced with the increasingly difficult task of trying to protect their expanding digital estate from sophisticated cybersecurity threats. Migration to the cloud and a mobile workforce has dissolved the network boundary and projected the digital estate beyond its traditiona...

6 strategies to reduce cybersecurity alert fatigue in your SOC

Today, organizations are faced with the increasingly difficult task of trying to protect their expanding digital estate from sophisticated cybersecurity threats. Migration to the cloud and a mobile workforce has dissolved the network boundary and projected the digital estate beyond its traditiona...

Can security and compliance for managed database services be simple?

Actual Tech Media recently released a new entry in its Gorilla Guide series for IT professionals, focused on simplifying security and compliance for Database as a Service DBaaS. The Gorilla Guide To® Securing Database as a Service DBaaS features Imperva Cloud Data Security as a solution to help...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.4.1 Security Update

Updated Red Hat JBoss Web Server 5.4.1 packages are now available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Microsoft Office 365 Attacks Sparked from Google Firebase

A phishing campaign bent on stealing Microsoft login credentials is using Google Firebase to bypass email security measures in Microsoft Office 365, researchers said. Researchers at Armorblox uncovered invoice-themed emails sent to at least 20,000 mailboxes that purport to share information about...

Does CWAL support http store

This article is intended for Citrix administrators and technical teams only.Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information Does CWAL supports http store in Native receiver or Storebrowse?...