5GAA & Global Certification Forum Connect on New Cert.

The Global Certification Forum GCF and the 5G Automotive Association 5GAA announced their collaboration on a new program that will support the drive for interoperability, reliability, and safety of up and coming C-V2X systems...

CoolCollege has an information breach

CoolCollege is a course service platform tailored for various companies. The software enhances learning efficiency and more through 36 scenarios such as course creation, assignment tracking, data analysis, and job certification. An information disclosure vulnerability exists in CoolCollege, which...

Microsoft Signed Malware That Spreads Through Gaming

Microsoft signed a driver being distributed within gaming environments that turned out to be a malicious network filter rootkit. G DATA malware analyst Karsten Hahn first noticed the rootkit, publicly posting the find on June 17 and simultaneously reaching out to Microsoft. Hahn noted that the co...

SUSE: Security Advisory (SUSE-SU-2020:0568-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Redhat redhat-certification access control error vulnerability

Red Hat Certification is a software package from Red Hat USA. An Access Control Error vulnerability exists in Redhat redhat-certification 7 that stems from an inability to properly limit the number of recursive definitions of entities in an XML document. An attacker could exploit the vulnerabilit...

Redhat redhat-certification access control error vulnerability (CNVD-2021-40155)

Red Hat Certification is a software package from Red Hat USA. An access control error vulnerability exists in Redhat redhat-certification 7 that stems from the component not restricting access to files in the update results page. An attacker could exploit this vulnerability to delete any file...

RedHat redhat-certification authorization issue vulnerability

Red Hat Certification is a software package from Red Hat USA. A security vulnerability exists in redhat-certification 7 that allows an unauthenticated user to invoke the "restart" RPC method on any accessible host. An attacker could exploit this vulnerability to cause a denial of service...

Unspecified vulnerability in Red Hat-certification (CNVD-2021-40152)

Red Hat Certification is a software package from Red Hat USA. A security vulnerability exists in Red Hat-certification 7, which can be exploited by attackers to gather sensitive information...

Unspecified Vulnerability in Red Hat-certification

Red Hat Certification is a software package from Red Hat USA. A security vulnerability exists in Red Hat-certification 7 that allows an unauthenticated user to invoke the "restart" RPC method on any accessible host. An attacker could exploit this vulnerability to cause a denial of service...

Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents

Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the...

SOC 2 Type 2 Guide⚠️: Compliance and Certification — Part 1

SOC 2 Type 2 Guide⚠️: Compliance and Certification — Part 1 First part. Learn about SOC 2 compliance. Why it matters when choosing a SaaS provider. Protect your clients’ privacy Every day, the way we use the internet continues to evolve. And as a result, it’s now easier for people to access their...

CVE-2018-10867

Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user...

CVE-2018-10863

It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information...

CVE-2018-10866

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him...

CVE-2018-10865

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him...

CVE-2018-10867

Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user...

CVE-2018-10865

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him...

CVE-2018-10863

It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information...

CVE-2018-10866

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him...

CVE-2018-10868

redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host...