8752 matches found
RHEL 8 : libyang (RHSA-2019:4360)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4360 advisory. The libyang package provides a library for YANG data modeling language. libyang is a YANG data modelling language parser and toolkit written...
CVE-2019-19691
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability...
[SECURITY] Fedora 31 Update: python-django-2.2.8-1.fc31
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
USN-4224-1: Django vulnerability
Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts...
2019 Hackathon Challenges Imperva to Solve Problems Together
The smell of pizza –150 boxes to be exact – filled our global offices last week as more than 220 Impervians technical and non-technical rolled up their sleeves to participate in Imperva’s annual company-wide hackathon. As chair of the event this year, I was determined to host a hackathon that...
Google Offers Financial Support to Open Source Projects for Cybersecurity
Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products. The...
How We Streamlined Infrastructure and Tooling as a Service for Development
At VMware Carbon Black, we’ve historically acquired a broad technology stack in our journey to build the premier security solution that understands cybercriminal behavior. Inheriting such a variety of tooling and storage solutions presented a challenge for us operationally. So, in order to reduce...
jersey code problem vulnerability
jersey is an open source web development framework. A code issue vulnerability exists in jersey. The vulnerability arises from an improperly designed or implemented code development process for a web system or product. No detailed vulnerability details are provided at this time...
5 Reasons Why Programmers Should Think like Hackers
Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation. It's a meticulous process that cannot be completed without going through all the essential points. In all of these,...
CyberRange - The Open-Source AWS Cyber Range
This CyberRange project represents the first open-source Cyber Range blueprint in the world. This project provides a bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using the AWS Cloud. This project contains...
Adobe Fixes 17 Critical Acrobat, Photoshop and Brackets Flaws
Adobe Systems is stomping out 17 critical vulnerabilities in Acrobat Reader, Photoshop and Brackets, which could lead to arbitrary code execution if exploited. Overall, Adobe released patches – as part of its regularly-scheduled updates – addressing 25 CVEs across various products, including its...
EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2019-2374)
According to the version of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.Security...
Improve cyber supply chain risk management with Microsoft Azure
For years, Microsoft has tracked threat actors exploiting federal cyber supply chain vulnerabilities. Supply chain attacks target software developers, systems integrators, and technology companies. Tactics often include obtaining source code, build processes, or update mechanisms to compromise...
JDK: Unrestricted access to diagnostic operations
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks...
Unikrn: Staging Rabbitmq instance is exposed to the internet with default credentials
Description: RabbitMQ is an open-source message-broker software sometimes called message-oriented middleware that originally implemented the Advanced Message Queuing Protocol AMQP and has since been extended with a plug-in architecture to support Streaming Text Oriented Messaging Protocol STOMP,...
[SECURITY] Fedora 30 Update: python-pillow-5.4.1-3.fc30
Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...
Autodesk FBX Software Development Kit Buffer Overflow Vulnerability
Autodesk FBX Software Development Kit is a software development kit SDK for working with FBX format files from Autodesk USA. A buffer overflow vulnerability exists in the Autodesk FBX Software Development Kit. The vulnerability originates when a networked system or product performs an operation i...
Explained: What is containerization?
Containerization. Another one of those tech buzzwords folks love to say but often have no idea what it means. A better way to organize children's toys? The act of bringing tupperware out to dinner to safely transport home leftovers? Another name for Russian dolls? Containerization is, of course,...
CVE-2019-7366
Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system...
CVE-2019-7366
Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system...