EulerOS 2.0 SP2 : samba (EulerOS-SA-2021-1357)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user...

The Coronavirus Pandemic Is Widening the Cybersecurity Skills Gap

While there are undoubtedly many major challenges within the world of cybersecurity, one of the principal roadblocks to the implementation of effective data security is the lack of skilled cybersecurity practitioners. In a November 2019 report, the International Information System Security...

Mitsubishi Electric MELFA (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELFA FR Series, MELFA CR Series, MELFA ASSISTA Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

The vulnerability of the TrueConf software, related to insufficient requirements for password complexity, allows a hacker to gain access to the user account.

The vulnerability of the TrueConf software is related to insufficient requirements for the complexity of passwords. Exploiting this vulnerability can allow a malicious actor to gain access to user accounts by guessing passwords...

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

Regular Expression Denial of Service in CairoSVG

Doyensec Vulnerability Advisory Regular Expression Denial of Service REDoS in cairosvg Affected Product: CairoSVG v2.0.0+ Vendor: https://github.com/Kozea Severity: Medium Vulnerability Class: Denial of Service Authors: Ben Caller Doyensec Summary When processing SVG files, the python package...

Digital Footprint Intelligence Report

Introduction The Digital Footprint Intelligence Service announces the results of research on the digital footprints of governmental, financial and industrial organizations for countries in the Middle East region: Bahrain, Egypt, Iran, Iraq, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Suda...

VideoBytes: Offensive security tools and the bad guys that use them

Hello Folks! In this Videobyte, we’re talking about what penetration testing tools malware gangs love to use and why they are better than what you can get on the black market. This article describes the VirusBulletin talk of a security researcher from Interzer Labs, Paul Litvak, in which he...

CVE-2020-35586

In Solstice Pod before 3.3.0 or Open4.3, the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement e.g., it might be all digits or all lowercase letters...

Design/Logic Flaw

In Solstice Pod before 3.3.0 or Open4.3, the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement e.g., it might be all digits or all lowercase letters...

Ripple20 Treck TCP/IP Stack Vulnerabilities

Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. A summary of JSOF’s research is here, along with a technical whitepaper. See the Rapid7 Analysis tab for further...

Kubernetes: Code Injection via Insecure Yaml.load

Report Submission Form Summary: The Kubernetes repo and tool, test-infra, uses the insecure yaml.load function to set or update the Gubernator configuration with a yaml file which allows for code injection. Vulnerable Line of Code:...

GaussDB Kernel: Configuring the Password Complexity Check

For database security purposes, password complexity is checked during user creation and password changes. Passwords not meeting complexity requirements are not allowed in GaussDB Kernel. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources,...

VMware Workspace Security: A Major Leap Towards Unified Endpoint Mobility & Security

The rate of change in the way people work, driven by the need to work remotely, has exacerbated IT and security concerns. And this change in the way we work is likely to be permanent as organizations see performance benefits resulting from the remote work environment. New work expectations have...

Mitsubishi Electric MELSEC iQ-R Series (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a...

A vulnerability in the microprogramming software subsystem of the Intel Converged Security and Manageability Engine (CSME) allows a perpetrator to gain unauthorized access to protected information.

The vulnerability in the Intel Converged Security and Manageability Engine CSME microprogramming subsystem is related to algorithmic complexity. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Live Webinar: Reducing Complexity by Increasing Consolidation for SMEs

Complexity is the bane of effective cybersecurity. The need to maintain an increasing array of cybersecurity tools to protect organizations from an expanding set of cyber threats is leading to runaway costs, staff inefficiencies, and suboptimal threat response. Small to medium-sized enterprises...

Live Webinar: Reducing Complexity by Increasing Consolidation for SMEs

Complexity is the bane of effective cybersecurity. The need to maintain an increasing array of cybersecurity tools to protect organizations from an expanding set of cyber threats is leading to runaway costs, staff inefficiencies, and suboptimal threat response. Small to medium-sized enterprises...

PT-2020-6937 · Pypi +3 · Pypdf +3

Name of the Vulnerable Software and Affected Versions: pypdf versions prior to 1.27.9 Description: The issue is related to algorithmic complexity in the pypdf library, which can be exploited by an attacker to craft a PDF that leads to unexpected long runtime, blocking the current process and...

openGauss: Configuring the Password Complexity Check

For database security purposes, password complexity is checked during user creation and password changes. Passwords not meeting complexity requirements are not allowed in openGauss. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and a...