CVE-2020-15134

CVE-2020-15134 describes a TLS certificate verification flaw in Faye before 1.4.0, where the Ruby client uses em-http-request and faye-websocket, and EventMachine’s EM::Connection#start_tls does not verify server certificates by default. This can allow MITM attacks on https: or wss: connections, ...

Unbreakable Enterprise kernel security update

5.4.17-2011.4.6.el8uek - Revert 'uek-rpm: Move grub boot menu update to posttrans stage.' Somasundaram Krishnasamy Orabug: 31358097 5.4.17-2011.4.5.el8uek - IB/sa: Resolv use-after-free in ibnlmakerequest Divya Indi Orabug: 31631527 - certs: Remove Oracle cert compiled into the kernel Eric Snowbe...

Learn Machine Learning and AI – Online Training Program @ 93% OFF

Within the next decade, artificial intelligence is likely to play a significant role in our everyday lives. Machine learning already powers image recognition, self-driving cars, and Netflix recommendations. For any aspiring developer, learning how to code smart software is a good move. These skil...

CompTIA Certification Prep Courses – Get Lifetime Access @ 98% Discount

In the world of professional IT, recruiters look for certificates as an important criterion for eligibility and assessing skills. Any IT professional with résumé that includes CompTIA certificates tends to rise up the pile. Of course, there are many different CompTIA exams you can choose from bas...

CompTIA Certification Prep Courses – Get Lifetime Access @ 98% Discount

In the world of professional IT, recruiters look for certificates as an important criterion for eligibility and assessing skills. Any IT professional with résumé that includes CompTIA certificates tends to rise up the pile. Of course, there are many different CompTIA exams you can choose from bas...

What an IoT assurance scheme could look like

We’ve seen our fair share of vulnerable smart devices over recent years, our blog is littered with examples. We have already commented on the DCMS Secure by Design initiative, it’s a great initiative as is, however, we do want to see it evolve and become more rigorous over time. This should not b...

SQL Injection Vulnerability in the Information Management System of Certification Body of Shanghai Raspberry Information Technology Co.

Certification body information management system is a set of business management system customized and developed specifically for certification bodies. There is a SQL injection vulnerability in the Certification Body Information Management System of Shanghai Raspberry Information Technology Co. A...

SOC 2 Compliance During Covid-19 Times

A lot of IT Security Officers responsible for driving the SOC 2 certification in their companies are probably wondering how the switch to mostly remote workspaces will affect their SOC 2 landscape. I would say that there are two types of companies affected or not affected by the coronavirus:...

Design/Logic Flaw

When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...

Vault - A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management

Please note : We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please responsibly disclose by contacting us at [email protected]. Website: https://www.vaultproject.io IRC: vault-tool on Freenode Announcement list: Google...

Command Execution Vulnerability in CFCA Front Office Back Office Management System

CICC Financial Certification Center Limited is a national authoritative security certification body. A command execution vulnerability exists in the backend management system of CFCA's front-end, which can be exploited by an attacker to gain control of a web server...

uk.flightaware.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1167183 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Policy Compliance Library Updates, May 2020

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

Moderate: Red Hat Security Advisory: python-pip security update

An update for python-pip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2020-1952

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

CVE-2020-1952

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

[SECURITY] Fedora 31 Update: openvpn-2.4.9-1.fc31

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

Policy Compliance Library Updates, April 2020

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

Are you cyber seaworthy?

The decision to set sail in a commercial vessel rests with the captain. A captain with years of experience and training, who is skilled at sailing and navigating in all conditions. Increasingly, the state of a vessel’s cyber security will affect its seaworthiness. Yet in future we may expect a...

CVE-2018-10865

It has been discovered that redhat-certification does not perform an authorization check and allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system. An attacker could use this flaw to send requests to port 8009 of any host or to keep restarting the...