Four features your data-centric security strategy must provide

Each year, the number of data breaches grows by 30%, underscoring the need for organizations to make data-centric security a business priority. Following the big data movement around the beginning of the 21st century, technological innovations have enabled companies to manage, store and process...

SUSE-SU-2021:2180-1 Security update for libsolv

This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodataschema2id bsc1161510 - CVE-2021-3200: testcaseread: error out if repos are added or the system is changed too late bsc1186229 Other issues fixed: - backport support f...

AZL-7194 CVE-2020-28200 affecting package dovecot for versions less than 2.3.20-1

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension...

DEBIAN-CVE-2020-28200

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension...

CVE-2020-28200

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension...

CVE-2020-28200

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension...

UBUNTU-CVE-2020-28200

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension...

Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.11.0 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

CVE-2021-26996

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks...

Code injection

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks...

CVE-2021-26996

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks...

SUSE: Security Advisory (SUSE-SU-2019:1792-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:1803-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Becoming resilient by understanding cybersecurity risks: Part 4—navigating current threats

In part three of this blog series on aligning security with business objectives and risk, we explored what it takes for security leaders to shift from looking at their mission as purely defending against technical attacks, to one that focuses on protecting valuable business assets, data, and...

Crash in `tf.transpose` with complex inputs

Impact Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash: python import tensorflow as tf tf.transposeconjugate=True, a=complex1 Patches We have received a patch for the issue in GitHub commit 1dc6a7ce6e0b3e27a7ae650bfc05b195ca793f88...

GHSA-XQFJ-CR6Q-PC8W Crash in `tf.transpose` with complex inputs

Impact Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash: python import tensorflow as tf tf.transposeconjugate=True, a=complex1 Patches We have received a patch for the issue in GitHub commit 1dc6a7ce6e0b3e27a7ae650bfc05b195ca793f88...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. An attacker is able to crash the system by passing a complex argument to tf.transpose and setting conjugate=True...

Google TensorFlow Denial of Service Vulnerability (CNVD-2021-36360)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a security vulnerability that can be exploited by an attacker to cause a crash by passing a complex parameter to tf.transpose while passing the conjugate=True parameter to...

CVE-2021-29618

TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFl...

PYSEC-2021-255

TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFl...