Hello open source security! Managing risk with software composition analysis

When first learning to code many people start with a rudimentary “Hello World” program. Building the program teaches developers the basics of a language as they write the code required to display “Hello World” on a screen. As developers get more skilled, the complexity of the programs they build...

Design/Logic Flaw

ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges member is able to upload this. It is possible to bypass the MIME type check and file-extension check...

June 9, 2020—KB4561621 (OS Build 17134.1550)

June 9, 2020—KB4561621 OS Build 17134.1550 IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional...

June 9, 2020—KB4561649 (OS Build 10240.18608)

June 9, 2020—KB4561649 OS Build 10240.18608 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer. Updates to improve...

WhiteSource Software Application Vulnerability Management Injection Vulnerability

WhiteSource Software Application Vulnerability Management AVM is a suite of application vulnerability management platforms from WhiteSource Software. The platform is mainly used to view and synchronize the review of its static application security test results SAST, dynamic application security...

May 12, 2020—KB4556846 (Monthly Rollup)

May 12, 2020—KB4556846 Monthly Rollup IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-securit...

Unspecified Vulnerability in Apple iOS and iPadOS Messages Composition Component

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple iPadOS is an operating system for iPad tablets. messages Composition is one of the message editing components. A security vulnerability exists in the Messages Compositio...

UPDATE: OWASP Dependency-Check 5.3.0

My first post about this open source OWASP project was about an older version. A while ago, a new version - OWASP Dependency-Check 5.3.0 was released. This post discusses the changes made to the open source software composition analysis utility in the latest release that includes a lot of bug fix...

Microsoft Windows Multiple Vulnerabilities (KB4534310)

This host is missing a critical security update according to Microsoft KB4534310 Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

January 14, 2020—KB4534303 (Monthly Rollup)

January 14, 2020—KB4534303 Monthly Rollup IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. IMPORTANT Customers who have purchased the Extended Security Update ESU for on-premises versions of some operating...

December 10, 2019—KB4530698 (Security-only update)

December 10, 2019—KB4530698 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Security updates to Windows Input and Composition, Windows Virtualization, Windows Kernel, Windows Peripherals, and Windows Server. For more information...

September 10, 2019—KB4516033 (Security-only update)

September 10, 2019—KB4516033 Security-only update IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. Improvements and fixes This security update includes quality improvements. Key changes include: Provides...

September 10, 2019—KB4516051 (Security-only update)

September 10, 2019—KB4516051 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling , for 32-B...

uriparser: Integer overflow via uriComposeQuery* or uriComposeQueryEx* function

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery or uriComposeQueryEx function because of an unchecked multiplication...

CVE-2019-13303

A heap-based buffer over-read was discovered in ImageMagick in the way it composes images. Applications compiled against ImageMagick libraries that accept untrustworthy images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the...

Bug in Anesthesia Respirators Allows Cyber-Tampering

A vulnerability in GE Healthcare’s Aestiva and Aespire anesthesia devices would allow an unauthenticated cybercriminal on the same network as the device to modify gas composition parameters within the devices’ respirator function, thus changing sensor readings for gas density. According to GE...

UPDATE: OWASP Dependency-Check 5.1.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. Some days back, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP...

June 11, 2019—KB4503293 (OS Build 18362.175)

June 11, 2019—KB4503293 OS Build 18362.175 Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Notes: This release also contains updates for Microsoft HoloLens OS Build 18362.1020 released June 11, 2019. Microsoft will release an update...

UPDATE: OWASP Dependency-Check 5.0.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. About 18 hours ago, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP...

[SECURITY] Fedora 30 Update: rubygem-actionmailer-5.2.3-1.fc30

Email on Rails. Compose, deliver, receive, and test emails using the famili ar controller/view pattern. First-class support for multipart email and attachments...