[SECURITY] Fedora 31 Update: nodejs-12.19.0-1.fc31

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Chrome 86 Aims to Bar Abusive Notification Content

Google has added a new feature to Chrome 86 that aims to stomp out abusive notification content. Web notifications are utilized for a variety of applications – such as prompting site visitors to sign up for newsletters. However, they can also be misused for phishing, malware or fake messages that...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-2196)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Timers, Metrics, and Dimensions: What's New in mPulse in 2020

The October 2020 release marks the culmination of a large number of updates to mPulse, Akamai's real user monitoring RUM solution: 8 New timers 2 New metrics 5 New dimensions UI improvements Extra custom timer capabilities With all of these new changes, you can easily determine and tune the...

CVE-2017-10355

It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...

[SECURITY] Fedora 33 Update: nodejs-14.11.0-1.fc33

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

UBUNTU-CVE-2020-14378

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the movedesc function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause movedesc to get stuck in a 4,294,967,295-count iteration loop. Depending on how vhostcrypto is...

[SECURITY] Fedora 33 Update: squid-4.13-1.fc33

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service

By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the /proc//cmdline or /proc//environ files to block indefinitely...

UBUNTU-CVE-2020-0433

In blkmqqueuetagbusyiter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

CVE-2020-15786

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation incl. SIPLUS variants All versions V16, SIMATIC HMI Comfort Panels incl. SIPLUS variants All versions = V16, SIMATIC HMI Mobile Panels All versions = V16, SIMATIC HMI Unified Comfort Panels All versions = V16. Affected...

jackson-databind: Lacks certain xbean-reflect/JNDI blocking

A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...

jackson-databind: Lacks certain xbean-reflect/JNDI blocking

A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...

Fedora: Security Advisory for squid (FEDORA-2020-73af8655eb)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: squid-4.13-1.fc32

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

CVE-2020-5622

Shadankun Server Security Type excluding normal blocking method types Ver.1.5.3 and earlier allows remote attackers to cause a denial of service which may result in not being able to add newly detected attack source IP addresses as blocking targets for about 10 minutes via a specially crafted...

CVE-2020-5622

Shadankun Server Security Type excluding normal blocking method types Ver.1.5.3 and earlier allows remote attackers to cause a denial of service which may result in not being able to add newly detected attack source IP addresses as blocking targets for about 10 minutes via a specially crafted...

CVE-2020-5622

Shadankun Server Security Type excluding normal blocking method types Ver.1.5.3 and earlier allows remote attackers to cause a denial of service which may result in not being able to add newly detected attack source IP addresses as blocking targets for about 10 minutes via a specially crafted...

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

When attackers successfully breach a target network, their typical next step is to perform reconnaissance of the network, elevate their privileges, and move laterally to reach specific machines or spread as widely as possible. For these activities, attackers often probe the affected network’s...

CVE-2020-15152 Server-Side Request Forgery in ftp-srv

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...