1250 matches found
Security Bulletin: Vulnerability in Go programming language affects IBM Spectrum Protect Server (CVE-2019-16276)
Summary The Go programming language could allow a remote attacker to bypass security restrictions which affects the IBM Spectrum Protect Server. Vulnerability Details CVEID: CVE-2019-16276 DESCRIPTION: Golang could allow a remote attacker to bypass security restrictions, caused by improper...
Debian DLA-2244-1 : libphp-phpmailer security update
It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The Content-Type and Content-Disposition headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. F...
[SECURITY] Fedora 32 Update: perl-5.30.3-453.fc32
Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...
[SECURITY] Fedora 32 Update: python3-3.8.3-1.fc32
Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...
An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now
If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any informatio...
The Safety Boat: Kubernetes and Rust
Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...
The Safety Boat: Kubernetes and Rust
Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...
The vulnerability of the Go programming language’s crypto/x509 package, which allows a hacker to trigger a service failure
The vulnerability of the Go programming language’s crypto/x509 package is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
python27:2.7 security, bug fix, and enhancement update
An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-requests, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet,...
Banking.BR Android Trojan Emerges in Credential-Stealing Attacks
A recently uncovered banking trojan aims to steal Android victims’ online banking credentials and take over their bank accounts, using “elaborate” overlay attack capabilities. The malware, dubbed “Banker.BR” by researchers with IBM X-Force, was spotted in messages targeting users in countries tha...
The vulnerability of the exif_iif_add_value function in the EXIF interpreter for the PHP programming language allows a perpetrator to gain unauthorized access to protected information or cause service failures.
The vulnerability of the exifiifaddvalue function in the EXIF extension of the PHP interpreter is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...
SAP NetWeaver AS ABAP Cross-Site Scripting Vulnerability
SAP NetWeaver AS ABAP Business Server is an application server for ABAP Advanced Business Application Programming from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver AS ABAP Business Server Pages application CRMBSPFRAME. The vulnerability stems from a lack of proper...
Domained - Multi Tool Subdomain Enumeration
A domain name enumeration tool The tools contained in domained requires Kali Linux preferred or Debian 7+ and Recon-ng domained uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting with categorized screenshots,...
[SECURITY] Fedora 31 Update: golang-1.13.9-1.fc31
The Go Programming Language...
CVE-2018-1000622
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...
CVE-2016-5386
An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTPPROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTPPROXY" is used by numerous web clients, including Go's net/http package,...
UBUNTU-CVE-2015-5741
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...
CVE-2019-20446
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...
Debian DLA-2057-1 : pillow security update
It was discovered that there were three vulnerabilities in Pillow, an imaging library for the Python programming language : - CVE-2019-19911: Prevent a denial of service vulnerability caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is...
Ruby Information Disclosure Vulnerability
Ruby is a cross-platform, object-oriented, dynamically typed programming language from the software developer Gyohiro Matsumoto. A security vulnerability exists in Ruby. An attacker can exploit this vulnerability by hijacking a session through a timing attack on the session ID...