CVE-2018-12558

The parse method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f"...

CVE-2018-12558

The parse method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f"...

CVE-2018-9028

Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking...

Security Bulletin:IBM Security Identity Manager is vulnerable to Cross-Site Request Forgery (CVE-2014-6168)

Summary IBM Security Identity Manager is vulnerable to Cross-Site Request Forgery. Vulnerability Details CVEID: CVE-2014-6168 DESCRIPTION: IBM Security Identity Manager is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticate...

Security Bulletin: A vulnerability in IBM Java SDK affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-4872)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 and 7, that is used by IBM OS Images for Red Hat Linux Systems, AIX, and Windows. The issue was disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: A...

10 Endpoint Security Problems Solved by the Cloud – An Introduction

Question: Where do 70% of successful breaches begin? Answer: The endpoint. The State of Endpoint Security Traditional defensive security solutions are fighting a losing battle against hackers and malware. With each day, new attacks and viruses appear and keeping systems safe is like bailing out a...

Thomas Dullien on Complexity and Security

For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I've ever provided. Video. Slides...

The Recipe for Web Performance Starts with the Right Ingredients: Page Construction Metrics

You can't manage what you can't measure. As devices grow in capacity and innovations allow us to do more with web apps, the complexity of our pages has grown, too. It becomes a balancing act to increase functionality while maintaining a performant and responsive site. Just like a great recipe, to...

FreeBSD : ipsec-tools -- remotely exploitable computational-complexity attack (974a6d32-3fda-11e8-aea4-001b216d295b)

Robert Foggia via NetBSD GNATS reports : The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly...

Don’t Trust Android OEM Patching, Claims Researcher

Many Android device manufacturers are not telling the truth when they say they have patched phone vulnerabilities in new updates, researchers found. Karsten Nohl and Jakob Lell, researchers with Security Research Labs, told Threatpost they have tested the firmware on close to 3,000 phones and fou...

CVE-2018-4878 case: for a Hong Kong Telecommunications Company website is intrusion investigations-vulnerability and early warning-the black bar safety net

! Earlier, a researchers found that a Hong Kong Telecommunications Company website hacking attack, 3 May 21, Morphisec laboratory on the site of attack to carry out the investigation, investigators eventually found that the telecommunications company of the Group's official website was hacked, th...

Microsoft Outlook retrieves remote OLE content without prompting

Overview When a Rich Text RTF email is previewed in Microsoft Outlook, remotely-hosted OLE content is retrieved without requiring any additional user interaction. This can leak private information including the user's password hash, which may be cracked by an attacker. Description Microsoft Outlo...

DefenseMatrix - Full security solution for Linux Servers

Full security solution for Linux Servers. SCUTUM is to be added into DefenseMatrix Project After consideration, SCUTUM, as a nice firewall controller, is to be added into DefenseMatrix. It will soon replace the iptables controller and arptables controller in DefenseMatrix. Expect lots of...

openSUSE Security Update : ipsec-tools (openSUSE-2018-159)

This update for ipsec-tools fixes one issue. This security issue was fixed : - CVE-2016-10396: The racoon daemon contained a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments that allowed a remote attacker to exhaust computational resources on the remo...

SUSE SLES12 Security Update : ipsec-tools (SUSE-SU-2018:0424-1)

This update for ipsec-tools fixes one issue. This security issue was fixed : - CVE-2016-10396: The racoon daemon contained a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments that allowed a remote attacker to exhaust computational resources on the remo...

SUSE-SU-2018:0424-1 Security update for ipsec-tools

This update for ipsec-tools fixes one issue. This security issue was fixed: - CVE-2016-10396: The racoon daemon contained a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments that allowed a remote attacker to exhaust computational resources on the remot...

Debian: Security Advisory (DLA-1044-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JBOSSAS 4.x Deserializer Vulnerability

Exploit for java platform in category web applications JBOSSAS 4.x Deserializer Vulnerability The MITRE CVE dictionary describes this issue as: https://access.redhat.com/security/cve/cve-2017-7504 HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is...

JBOSSAS 4.x 反序列化命令执行漏洞（CVE-2017-7504）

The MITRE CVE dictionary describes this issue as: HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server = Jboss 4.X does not restrict the classes for which it performs deserialization, which allows...

JBOSSAS 5.x/6.x 反序列化命令执行漏洞（CVE-2017-12149）

CVE-2017-12149 It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization. This allows an attacker to execute arbitrary code via crafted serialized data. Find out more about CVE-2017-12149 from the MITRE CV...