Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU minus CVE-2019-2949

Summary All applicable Java SE CVEs published by Oracle as part of their October 2019 Critical Patch Update, except for CVE-2019-2949, plus one additional vulnerability. See attached document for full details. Note that the following CVEs were incorrectly added to the list of vulnerabilities...

CVE-2019-10790

CVE-2019-10790 concerns the taffydb package (taffydb/taffydb.html) where versions up to 2.7.3 are affected. The issue, as described across multiple sources in the connected documents, is that an attacker can forge the internal index used per data item by injecting extra properties into user input. I...

CVE-2019-10790

taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found...

February 2020 security updates are available

We have released the February security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. The post February...

February 2020 security updates are available

We have released the February security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide...

February 2020 security updates are available

We have released the February security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide...

DEBIAN-CVE-2014-2581

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit...

Design/Logic Flaw

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit...

UBUNTU-CVE-2014-2581

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit...

CVE-2014-2581

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit...

sLoad launches version 2.0, Starslord

sLoad, the PowerShell-based Trojan downloader notable for its almost exclusive use of the Background Intelligent Transfer Service BITS for malicious activities, has launched version 2.0. The new version comes on the heels of a comprehensive blog we published detailing the malware’s multi-stage...

CVE-2020-2680

Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While th...

UBUNTU-CVE-2020-2682

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ...

[SECURITY] Fedora 31 Update: python3-3.7.6-1.fc31

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

Basic Citrix Licensing Information

How does Citrix licensing work? Citrix product goes through a three-step process to check out licenses; information on Licensing overview, visit Citrix Documentation athttps://docs.citrix.com/en-us/licensing/current-release.html Available License types? Visit Citrix Documentation...

Bottle Exploit Kit Landing Page

Bottle exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

GHSA-4X6V-RWH4-55JW Pomelo allows external control of critical state data

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

Ransomware: 30 Years and Still Going Strong

In the tech world, systems – and methods to break said systems – seem to evolve by the minute. Technological advancement grows exponentially each year, and the realm of cybersecurity is no exception. However, some entities have survived and even thrived over the decades, rather than falling...

November 2019 security updates are available!

We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...

Purple Fox Exploit Kit Landing Page

Purple Fox exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...