Memory Corruption Vulnerability in SAMSoar Developer

SAMSoar Developer is a configuration software produced by Shenzhen Xianzhong Technology Co. SAMSoar Developer has a memory corruption vulnerability in the processing of ssp project files, which can be exploited by attackers to gain control of the user's system or crash the program...

[SECURITY] Fedora 30 Update: python-jinja2-2.10.1-1.fc30

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...

CVE-2019-9804

In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...

CVE-2019-9804

In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...

CVE-2019-9804

In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...

Command injection

In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...

CVE-2019-9804

In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...

CVE-2019-9804

In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...

CVE-2019-9804

CVE-2019-9804 is a macOS-specific issue in Firefox Developer Tools where pasting the output of the ‘Copy as cURL’ command could cause the execution of unintended additional bash commands if the URL was maliciously crafted. The root cause is tied to how the native Bash on macOS handles the pasted ...

Google Chrome Developer Tools Incorrect Escape Vulnerability

Google Chrome is a web browser from Google, and Developer Tools is one of the developer tools components. A security vulnerability exists in Developer Tools in Google Chrome versions prior to 74.0.3729.108. The vulnerability can be exploited by an attacker to bypass security restrictions and gain...

Developers Versus Automation Engineers: How We Ended the Fighting with the Right CI Process

Hey developers and DevOps professionals: what if I told you that how you wrap and execute your automation tests could be the key to making your development process faster, more professional and stable, and stop the bickering between your developers and automation teams? This post will describe ho...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 & 8 and IBM® Runtime Environment Java™ Version 7 & 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java S...

Design/Logic Flaw

Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 74 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 74.0.3729.108 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcomin...

SAMSoar Developer suffers from dll hijacking vulnerability

Shenzhen Xianzhong Technology is a national high-tech enterprise specializing in the research and development, production, sales and service of Industry 4.0 core products. SAMSoar Developer has a dll hijacking vulnerability when processing ssp files, which can be exploited by attackers to load...

CVE-2019-3789: Gorouter allows space developer to hijack route services hosted outside the platform | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CF Routing All versions prior to 0.188.0 Description Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the...

CVE-2019-4203

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124...

Design/Logic Flaw

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124...

CVE-2019-4202

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123...

CVE-2019-4202

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123...