Security Bulletin: Apache POI as used in IBM QRadar SIEM is vulnerable to a denial of service. (CVE-2017-5644)

Summary Open Source Apache Poi Vulnerability Vulnerability Details CVEID: CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially-crafted OOXML file, a remote attacker could...

DEBIAN-CVE-2016-9066

A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

TensorFlow Dataset API for increasing training speed of neural networks

by M.Salnikov, Wallarm Research Wallarm AI engine is the heart of our security solution. Two key parameters of our AI engine efficiency are how fast neural networks can be train to reflect the updated training sets and how much compute power need to be dedicated to the training on the on-going...

Sit-down with Wallarm CTO, Alex Golovko

I have had a chance to pose a few questions to Alexander Golovko, one of the co-founders of Wallarm and our CTO. Here are Alex’s reflections on Wallarm and some technology trends. How did Wallarm get its start? Ivan Wallarm’s founder has involved me in various projects on and off since 2010. By...

What Will GDPR’s Impact Be On U.S. Consumer Privacy?

Will General Data Protection Regulation rules that go in effect on Friday impact the privacy of U.S. citizens? It depends who you ask, but the odds-on-favorite answer is “not by much.” The Facebook Cambridge Analytica scandal in March led to a firehose of rebuke against social media platforms,...

How to Allocate an Extra Management CPU to NetScaler MPX Appliance

The object is to add an additional Management CPU to the NetScaler MPX for Management data processing and monitoring...

Unspecified Denial of Service Vulnerability in SAP Adobe Document Services

SAP is a provider of enterprise application software solutions. An unspecified denial of service vulnerability exists in SAP Adobe Document Services. An attacker could exploit this vulnerability to cause a denial of service...

Critical Actions to Finalize Your GDPR Compliance Program

Starting May 25, 2018, enforcement begins for the new EU General Data Protection Regulation GDPR and its heightened principles and requirements regarding data privacy, data processing, and data security. The newly revised regulation applies to organizations doing business in the European Union or...

Carbon Black’s Commitment to GDPR & Keeping Customer Data Safe

At Carbon Black, keeping our customers’ data safe is a top priority. The European Union’s General Data Protection Regulation “GDPR”, a comprehensive European privacy law that takes effect on May 25, 2018, has shined a light on the importance of securing personal data. The GDPR is designed to...

GRR Rapid Response - Remote Live Forensics For Incident Response

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR...

SUSE-SU-2018:0784-1 Security update for libvorbis

This update for libvorbis fixes the following issues: - CVE-2018-5146: Fixed out of bounds memory write while processing Vorbis audio data bsc1085687...

SAP NetWeaver System Landscape Directory Authentication Bypass Vulnerability

SAP NetWeaver is a service-oriented, integrated application platform from SAP that provides a development and runtime environment for SAP applications. The platform provides a development and runtime environment for SAP applications, and the System Landscape Directory SLD is one of the components...

CVE-2017-1758

IBM Financial Transaction Manager for ACH Services for Multi-Platform IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A...

CVE-2018-1000047

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library...

Remote code execution

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library...

CVE-2018-1000047

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library...

CVE-2018-1000030

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are...

CVE-2018-1000030

CVE-2018-1000030 : The Python 2.7.14 heap-security issue is described as a Heap-Buffer-Overflow and Heap-Use-After-Free arising when multiple threads handle large data, caused by a race condition between buffer sizing and writes. Older Python 2.7.x versions may also be vulnerable; the risk is con...

Processing .docx and .xlsx files with Python

MS Office documents are probably one of the most inconvenient and poorly formalized data sources. It's much better to keep all the data in specialized databases or at least in wiki. But in real life, MS Office documents are in active use in nearly every organization. Simply because it is a flexib...

Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16409)

A memory corruption vulnerability exists in Adobe Acrobat And Reader. The vulnerability is due to an error in the image conversion engine when processing Enhanced Metafile Format EMF private data. A remote attacker may exploit this vulnerability by using the out of bounds access for unintended...