Security Bulletin: IBM Content Classification is affected by IBM SDK, Java Technology Edition Quarterly CPU - Jul 2018 - Includes Oracle Jul 2018 CPU

Summary There is vulnerability in IBM® SDK Java Technology Edition, Version 6 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Jul 2018. Vulnerability Details CVEID: CVE-2018-2973 DESCRIPTION: An unspecified vulnerability in Oracle Java SE...

Tcpreplay - Pcap Editing And Replay Tools For *NIX And Windows

Tcpreplay is a suite of GPLv3 licensed utilities for UNIX and Win32 under Cygwin operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4...

This Company Wants to Use the Blockchain to Stop Phishing

MetaCert has classified 10 billion URLs as either safe, a suspected source of phishes, or unknown...

RHEL 7 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1853)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1853 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service PaaS solution designed for on-premise or private cloud...

Cybersecurity and Class M Planets

I was considering another debate about appropriate cybersecurity measures and I had the following thought: not all networks are the same. Profound, right? This is so obvious, yet so obviously forgotten. Too often when confronting a proposed defensive measure, an audience approaches the concept fr...

Tools to address OWASP Top 10 Risks

In a recent article published by Security Boulevard. we talked about OWASP Top 10 Risk classification and overlap. In this post, we will look into the tools that may help address these risks. To understand what’s possible to cover with which protection mechanisms we can now color-code our OWASP...

Design/Logic Flaw

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

CVE-2018-14059

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

Security Bulletin: Vulnerability in IBM Java SDK affect IBM Content Classification

Summary There is vulnerability in IBM® SDK Java Technology Edition, Version 6 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details CVEID: CVE-2018-2582 DESCRIPTION: An unspecified vulnerability in Oracle Java SE...

Optimizing A Monitoring System: Three Methods for Effective Incident Management

Picture this: You’ve just returned from a well-deserved vacation and, upon opening up your security monitoring system you’re faced with the prospect of analyzing thousands of events. This isn’t an imaginary scenario, the security monitoring world actually monitoring in general is full of anomalie...

Back to Basics: Let’s Forget About the GDPR… For A Moment

At this point it’s fairly safe to assume that most everyone in the business of “data” has heard of the European Union EU-wide General Data Protection Regulation GDPR that was signed into law in late April 2016; with the compliance deadline having come into effect on May 25, 2018. Clearly, this ne...

Microsoft Windows: Boot-Start Driver Initialization Policy

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winbootstartdriverinitialization.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Boot-Start Driver Initialization Policy Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 6 and IBM® Runtime Environment Java Version 7 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10346...

Security Bulletin: IBM Content Classification is affected by a Open Source Commons FileUpload Apache Vulnerabilities

Summary IBM Content Classification has addressed the following vulnerability. Apache Commons FileUpload,could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in the DiskFileItem class of the FileUpload library. A remote attacker could...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 6 and IBM® Runtime Environment Java Version 7 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details CVEID: CVE-2017-10198...

Security Bulletin: IBM Content Classification is affected by an Open Source Eclipse Jetty Vulnerabilities

Summary IBM Content Classification has addressed the following vulnerability. Jetty could allow a remote attacker to obtain sensitive information, caused by a timing channel flaw in util/security/Password.java. By observing elapsed times before rejection of incorrect passwords, an attacker could...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Technology Edition, Version 6 and Version 7 that is used by IBM Content Classification. IBM Content Classification has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in Apr 2017. Vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Version 7 used by Content Classification.These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details CVEID: CVE-2016-5582...

Security Bulletin: Content Classification is affected by Open Source Apache Xerces-C XML parser Vulnerability (CVE-2016-0729)

Summary Content Classification is affected by Open Source Apache Xerces-C XML parser Vulnerability. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Content Classification (CVE-2016-3443 and CVE-2016-3422)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6.0 that is used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3443 DESCRIPTION: An unspecified vulnerability ...