5834 matches found
Integer overflow
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...
CVE-2019-16535
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...
CVE-2019-16535
ClickHouse vulnerability CVE-2019-16535 affects all versions before 19.14. The root cause is an out-of-bounds read/write and an integer underflow in decompression algorithms used by the native protocol, which can lead to remote code execution or denial of service via the native protocol. Affected...
Mean Time to Hardening: The Next-Gen Security Metric
On average, it takes an organization 15 times longer to close a vulnerability than it does for attackers to weaponize and exploit one. Seven days to weaponize and 102 days to patch. Let that sink in. Once a vulnerability is disclosed, it’s you against them in a race to either secure or exploit; a...
Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by a FasterXML jackson-databind vulnerability (CVE-2019-14439)
Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in FasterXML jackson-databind Vulnerability Details CVEID: CVE-2019-14439 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occur...
Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Kafka vulnerability (CVE-2018-17196)
Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in Apache Kafka Vulnerability Details CVEID: CVE-2018-17196 DESCRIPTION: In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypass...
Security Bulletin: : Netcool Operations Insight - Cloud Native Event Analytics is affected by a FasterXML jackson-databind vulnerability (CVE-2019-12814)
Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in FasterXML jackson-databind Vulnerability Details CVEID: CVE-2019-12814 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Defaul...
Dsiem - Security Event Correlation Engine For ELK Stack
Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and...
[SECURITY] Fedora 30 Update: oniguruma-6.9.2-4.fc30
Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. supported APIs: GNU regex, POSIX and Oniguruma native...
CVE-2019-2230
In nfcManagerrouteAid and nfcManagerunrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...
[SECURITY] Fedora 31 Update: oniguruma-6.9.4-1.fc31
Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. supported APIs: GNU regex, POSIX and Oniguruma native...
Denial Of Service (DoS) Through Infinite Loop
react-native-root-siblings is vulnerable to denial of service DoS attack. The vulnerability is due to a faulty iteration logic in the function getActiveManager in RootSiblingsManager, triggering an infinite loop and consuming CPU memory...
Fileless Attacks: The Next Frontier for Cybercrime
The world of cybersecurity is rapidly evolving, and so are the methods of cybercriminals. More and more attackers are moving away from traditional malware—in fact, 60% of today’s attacks involve fileless techniques. A fileless attack also known as a “memory-based” or “live-off-the-land” attack is...
openSUSE Security Update : java-11-openjdk (openSUSE-2019-2565)
This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed October 2019 CPU bsc1154212: - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Bett...
openSUSE Security Update : java-11-openjdk (openSUSE-2019-2557)
This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed October 2019 CPU bsc1154212: - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Bett...
[SECURITY] Fedora 29 Update: oniguruma-6.9.1-3.fc29
Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. supported APIs: GNU regex, POSIX and Oniguruma native...
[SECURITY] Fedora 30 Update: oniguruma-6.9.2-3.fc30
Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. supported APIs: GNU regex, POSIX and Oniguruma native...
Gartner Says the Future of Network Security Lies with SASE
Cloud services and networking are driving the concept of digital businesses, yet traditional networking and cybersecurity architectures are far from meeting the demands of the digital business. Gartner's "The Future of Network Security Is in the Cloud" report spells out the potential for the...
Microsoft Cloud Security solutions provide comprehensive cross-cloud protection
The infrastructure, data, and apps built and run in the cloud are the foundational building blocks for a modern business. No matter where you are in your cloud journey, you likely utilize every layer of the cloud—from infrastructure as a service IaaS to platform as a service PaaS to software as a...
Azure Sentinel updates: Improve your security operations with innovations from a cloud-native SIEM
Just a month ago, I communicated the details about Azure Sentinel reaching general availability. Since then, many customers have shared how Azure Sentinel has empowered their teams to be nimble and more efficient. ASOS, one of the largest online fashion retailers, is an excellent example of this...