Beyond Asset Discovery: How Attack Surface Management Prioritizes Vulnerability Remediation

As the business environment becomes increasingly connected, organizations' attack surfaces continue to expand, making it challenging to map and secure both known and unknown assets. In particular, unknown assets present security challenges related to shadow IT, misconfigurations, ineffective scan...

RHEL 8 : python27:2.7 (RHSA-2023:3780)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3780 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types...

Cyber Asset Attack Surface Management 101

Understanding CAASM This article was written by Ethan Smart, Co-Founder and Chief Solution Architect, appNovi a Rapid7 integration partner. It's essential for security and IT teams to have a comprehensive view and control of their cyber assets. This is why Cyber Asset Attack Surface Management...

Ransomware Insurance: Security Strategies to Obtain Coverage

Ransomware accounts for 75% of all cyber insurance claims, yet 40% of business currently lack the coverage needed. Discover security strategies to help you meet ransomware insurance requirements...

[SECURITY] Fedora 37 Update: python-starlette-0.20.4-3.fc37

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =EF=BF=BD=EF=BF=BD=EF=BF=BD A lightweight, low-complexity HTTP web framewor k. =EF=BF=BD=EF=BF=BD=EF=BF=BD WebSocket support...

Rapid7 Recognized as a Strong Performer in The Forrester Wave™ for MDR, Q2 2023

Rapid7 recognized amongst the top MDR providers in the industry. As security teams try to do more with less, addressing the sprawling attack surface and monitoring the escalating threat and risk landscape, it inherently leaves them at a disadvantage. Rapid7 Managed Threat Complete empowers...

io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.27.4 <=1.27.5.1), io.jenkins.plugins:code-coverage-api (>=4.2.0 <=4.7.0) +12 more potentially affected by CVE-2023-32977 via org.jenkins-ci.plugins.workflow:workflow-job (>=0.1-beta-1 <=1292.v27d8cc3e2602)

org.jenkins-ci.plugins.workflow:workflow-job MAVEN version =0.1-beta-1, =1.27.4, =4.2.0, =1.17.vd2468d9c5e85, =0.1-beta-1, =1.14, =1.16.4 - org.jenkins-ci.plugins:gradle =2.12.0.1 - org.jenkins-ci.plugins:inline-pipeline =1.0.3 Source cves: CVE-2023-32977 Source advisory: OSV:GHSA-2WVV-PHHW-QVMC...

OSV-2023-380 UNKNOWN WRITE in bool OT::Layout::Common::Coverage::serialize<hb_map_iter_t<hb_map_iter_t<hb_filt

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58663 Crash type: UNKNOWN WRITE Crash state: bool OT::Layout::Common::Coverage::serialize::subset hbsubsetcontextt::returnt OT::Layout::GSUBimpl::SubstLookupSubTable::dispat...

Oracle Patch Tuesday April 2023 Security Update Review

Oracle has released the second quarterly edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components...

GHSA-XJ29-GFWW-J67G Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action. Version 3.3.2.1 escapes clas...

SUSE-SU-2023:1714-1 Security update for flatpak

This update for flatpak fixes the following issues: - CVE-2023-28101: Fixed misleading terminal output with metadata with ANSI control codes bsc1209410. - CVE-2023-28100: Fixed unsandboxed TIOCLINUX commands bsc1209411. Update to version 1.10.8: - If an app update is blocked by parental controls...

Food giant Dole reveals more about ransomware attack

Fruit and vegetable producer Dole has confirmed attackers behind its February ransomware attack accessed employee data. The company hasn't revealed the number of staff impacted. In an annual report filed to the US Securities and Exchange Commission SEC last week, Dole said: "In February of 2023, ...

CVE-2023-28669

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...

CVE-2023-28669

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...

Design/Logic Flaw

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...

CVE-2023-28098 OpenSIPS has vulnerability in the Digest Authentication Parser

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parseparamname . This issue was discovered while performing coverag...

Wiz enhances its industry leading data security solution with broader cloud data coverage and customizable platform capabilities

Wiz for DSPM, now generally available, helps customers reduce the time it takes to discover and fix cloud data exposure before it becomes a costly breach...

OSV-2023-137 Heap-buffer-overflow in OT::Layout::Common::Coverage::get_population

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510 Crash type: Heap-buffer-overflow READ 1 Crash state: OT::Layout::Common::Coverage::getpopulation OT::Layout::GPOSimpl::SinglePosFormat1::sanitize hbsanitizecontextt::returnt OT::Layout::GPOSimpl::PosLookupSubTable::dispa...

GeoServer OGC Filter SQL Injection Vulnerabilities

Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...

UBUNTU-CVE-2022-48320

Cross-site Request Forgery CSRF in Tribe29's Checkmk = 2.1.0p17, Checkmk = 2.0.0p31, and all versions of Checkmk 1.6.0 EOL allow an attacker to add new visual elements to multiple pages...