7400 matches found
[SECURITY] Fedora 40 Update: python3.6-3.6.15-31.fc40
Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...
SUSE CVE-2024-39499
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
How to Test a Network Throughput Using Iperf
This article describes how to test a network throughput using Iperf. Iperf allows administrators and engineers to test throughput between any two hosts, including physical systems and Virtual Machines VMrunning on XenServer. Requirements Iperf for Windows Download a copy of Iperf for Windows. Thi...
When to Enable Intermediate Buffering for Local Hard Drive Cache?
Background Enabling Intermediate Buffering improves throughput performance with writing to the write cache drive and can improve target device performance as well. Refer to Buffered Services for additional information on buffered file I/O services. The following are some points to consider before...
CVE-2024-39499
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
CVE-2024-41006
CVE-2024-41006 : Linux kernel vulnerability where a memory leak in nr_heartbeat_expiry() could occur due to the sock_hold() logic. The fix removes sock_hold() for non-listening sockets and retains it only for listening sockets, addressing a syzkaller-reported leak in nr_create(). The linked advis...
CVE-2024-39499 vmci: prevent speculation leaks by sanitizing event in event_deliver()
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
CVE-2024-39499 vmci: prevent speculation leaks by sanitizing event in event_deliver()
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
U.S. Dept Of Defense: Blind Sql Injection in https://████
A SQL injection vulnerability was discovered in the User-Agent parameter of the website "https://██████████/". The vulnerability allowed an attacker to inject SQL commands through the User-Agent HTTP header...
CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte
Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...
Pen testing cruise ships
New build ships contracted for build from 1st July 2024 must comply with IACS UR E26 & 27. What does this mean for assessing the cyber security of a cruise ship? What’s the risk profile? Cruise ships have a unique risk profile. This is due to the huge number of guests on board, highly complex...
Exploit for CVE-2024-34361
CVE-2024-34361 Pi-hole Remote Code Execution SSRF to RCE...
Fedora 39 : firmitas (2024-139cdfb1fc)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-139cdfb1fc advisory. Cryptography v42 is the new thing. Please follow the steps provided here https://github.com/fedora-infra/firmitas/blob/main/README.md for testing. References...
Fedora 40 : firmitas (2024-71ef04b872)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-71ef04b872 advisory. Cryptography v42 is the new thing. Please follow the steps provided here https://github.com/fedora-infra/firmitas/blob/main/README.md for testing. References...
Spring Tips: Testcontainers, Docker Compose, and Service Connections, oh my
Hi, Spring fans! In this installment, we look at the amazing service connection mechanism in Spring Boot. Service connections are what allow Spring Boot to connect to Testcontainers or Docker Compose containers for supporting infrastructure like SQL databases, middleare, and more. java...
CLSA-2024-1719925589 openssl: Fix of 2 CVEs
CVE-2022-1292: crehash: Do not use shell to invoke openssl to prevent command injection - CVE-2022-2068: crehash: Fix file operations to prevent command injection - Update expired smime certificates - Add testing using old certificates sha1 to have both types of certificates sha1, sha256 checked...
kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQMEMRECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in checkflushdependency is being triggered. This seems to be...
CBL Mariner 2.0 Security Update: iperf3 (CVE-2023-7250)
The version of iperf3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-7250 advisory. - A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or...
CVE-2024-39878
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection...
Exploit for Path Traversal in Solarwinds Serv-U
CVE-2024-28995 Automated Path Traversal & Local File Read...