Astra Linux - уязвимость в pcre2

A out-of-bounds read vulnerability was discovered in the PCRE2 library, specifically in the getrecursedatalength function of the pcre2jitcompile.c file. This issue affects recursions in JIT-compiled regular expressions due to duplicate data transfers...

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New research my team just published puts...

Manual Processes Are Putting National Security at Risk

Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense and governme...

CVE-2022-50541 dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Reset UDMACHANRT byte counters to prevent overflow UDMACHANRTBCNTREG stores the real-time channel bytecount statistics. These registers are 32-bit hardware counters and the driver uses these counters to...

European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China

Austrian privacy non-profit None of Your Business noyb has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users' data to China. The advocacy group is seeking an...

New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy

The U.S. Department of Justice DoJ has issued a final rule carrying out Executive Order EO 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China including Hong Kong and Macau, Cuba, Iran, North Korea, Russia, and Venezuela. "This final rule is a...

Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S.

The Dutch Data Protection Authority DPA has fined Uber a record €290 million $324 million for allegedly failing to comply with European Union E.U. data protection standards when sending sensitive driver data to the U.S. "The Dutch DPA found that Uber transferred personal data of European taxi...

SUSE CVE-2023-52700

In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... 13.396352 RIP: 0010:copyfromiter+0xb4/0x550 ... 13.398494 Call Trace: 13.398630 13.398630 ? allocskb+0xed/0x1a...

CentOS 9 : qemu-kvm-7.1.0-2.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the qemu- kvm-7.1.0-2.el9 build changelog. - heap buffer overflow in DMA read data transfers rhel-9.0 CVE-2021-3507 Note that Nessus has not tested for this issue but has instead relied onl...

Ubuntu 18.04 ESM : PCRE vulnerabilities (USN-5627-2)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5627-2 advisory. USN-5627-1 fixed several vulnerabilities in PCRE. This update provides the corresponding fixes for Ubuntu 18.04 ESM. Tenable has extracted the preceding...

Meta’s $1.3 Billion Fine Is a Strike Against Surveillance Capitalism

The record-breaking GDPR penalty for data transfers to the US could upend Meta's business and spur regulators to finalize a new data-sharing agreement...

Amazon Linux 2023 : pcre2, pcre2-devel, pcre2-static (ALAS2023-2023-045)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-045 advisory. An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue ...

SUSE CVE-2011-4137

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

SUSE CVE-2013-7110

Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073...

SUSE CVE-2022-1587

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the getrecursedatalength function of the pcre2jitcompile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers...

EulerOS Virtualization 3.0.6.0 : pcre2 (EulerOS-SA-2022-2580)

According to the versions of the pcre2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the...

Security Bulletin: IBM Sterling Connect:Direct for OpenVMS. Unencrypted data transfers can occur even when SSL encryption is specified in the security configuration. (CVE-2013-4035)

Abstract Unencrypted data transfers can occur even when SSL encryption is specified in the security configuration. Content VULNERABILITY DETAILS: CVEID: CVE-2013-4035 DESCRIPTION: When Connect:Direct for OpenVMS is the server in a TCP/IP session, and the client requests an unencrypted session, C:...

EulerOS Virtualization 2.9.1 : pcre2 (EulerOS-SA-2022-2361)

According to the versions of the pcre2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the...

The vulnerabilities of OPC UA data transfer protocol implementations in industrial networks, related to uncontrolled resource consumption, allow attackers to cause service failures.

The vulnerability of implementations of data transfer specifications in industrial networks OPC UA is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

SUSE SLES12 Security Update : pcre2 (SUSE-SU-2022:2565-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2565-1 advisory. - An out-of-bounds read vulnerability was discovered in the PCRE2 library in the getrecursedatalength function of the pcre2jitcompile.c file...