CVE-2018-17244

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; wh...

CVE-2018-17244

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; wh...

CVE-2018-17244

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; wh...

CVE-2018-17244

CVE-2018-17244 affects Elasticsearch Security versions 6.4.0–6.4.2 where request headers may be misapplied during concurrent authentication across AD/LDAP/Native/File realms, causing a run-as to impersonate another user and potentially access restricted information. The connected documents refere...

Welcome, Brooke Motta!

By Ivan Novikov I am excited to announce a great addition to our Go-To-Market team. Brooke Motta has joined Wallarm as Vice President of Sales. Brooke brings 15 years of Cyber Security Sales Experience to the team. She has experience selling up and down the organization from an individual securit...

Memory Leak

react-native-video is vulnerable to memory leak. The vulnerability is possible because it does not properly handle the mp.selectTrack call to listen to timed meta data update...

WebKit JIT - Int32Double Arrays can have Proxy Objects in the Prototype Chains

WebKit JIT - Int32Double Arrays can have Proxy Objects in the Prototype Chains didBecomePrototype; if structurevm-hasMonoProto DeferredStructureTransitionWatchpointFire deferredvm, structurevm; Structure newStructure = Structure::changePrototypeTransitionvm, structurevm, prototype, deferred;...

WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains Exploit

didBecomePrototype; if structurevm-hasMonoProto DeferredStructureTransitionWatchpointFire deferredvm, structurevm; Structure newStructure = Structure::changePrototypeTransitionvm, structurevm, prototype, deferred; setStructurevm, newStructure; else putDirectvm, knownPolyProtoOffset, prototype; if...

Wallarm to Sponsor KubeCon + CloudNative Con

If you have not registered yet for the main Kubernetes event in North America which will start on December 10th in Seattle, you may be out of luck. The event is sold out and is only taking the waitlist applications. But if you are going, KubeCon + CloudNativeCon promises to be a treat with the...

Happy graduation, Envoy!

Envoy, the new darling of the DevOps community, performs the role of a service and edge proxy. With advanced features such as timeouts, rate limiting, circuit breaking, load balancing, retries, stats, logging, and distributed tracing are required to handle network failures in a fault tolerant and...

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-12539)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Elastic Storage Server. This issue was disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Details CVEID: CVE-2018-12539 DESCRIPTION: Eclipse OpenJ9 could allow a local attacker to...

How was I to find Donald Daters applications database vulnerabilities-vulnerability warning-the black bar safety net

Monday night as usual I watch TV to pass the time, but there is nothing interesting in the program. So I decided on the phone looking for fun, I started aimlessly on Twitter through various tweets, a Fox News push content caught my attention. ! Someone of Trump's supporters developed a...

Elasticsearch ESA-2018-16

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; wh...

native-phrase-blog.com XSS vulnerability

Open Bug Bounty ID: OBB-691828 Description| Value ---|--- Affected Website:| native-phrase-blog.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

Apache Tika allows Java code execution for serialized objects embedded in MATLAB files

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

Microsoft Edge Chakra JIT - Type Confusion

/ The switch statement only handles Js::TypeIdsArray but not Js::TypeIdsNativeIntArray and Js::TypeIdsNativeFloatArray. So for example, a native float array can be considered as of type ObjectType::Object under certain circumstances where "objValueType.IsLikelyArrayOrObjectWithArray" is not...

RHEL 6 / 7 : Red Hat JBoss Web Server 5.0 Service Pack 1 (RHSA-2018:2868)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2868 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.0 Service Pack 1 security and bug fix update

An update is now available for Red Hat JBoss Web Server 5.0 for RHEL 6 and Red Hat JBoss Web Server 5.0 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

List of changes and fixed issues in the .NET Framework 3.5 Service Pack 1

List of changes and fixed issues in the .NET Framework 3.5 Service Pack 1 Summary This article describes the following aspects of the Microsoft .NET Framework 3.5 Service Pack 1 SP1: Hotfixes that are included in this service pack New features and functionalities Note This update also includes...