8751 matches found
Fedora Update for edk2 FEDORA-2019-d47a9d4b8b
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 30 Update: edk2-20190501stable-2.fc30
EDK II is a development code base for creating UEFI drivers, applications and firmware images...
CVE-2019-9012
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.2...
Atlassian Crowd 2.1.x < 3.0.5 RCE Vulnerability
According to its self-reported version number, the Atlassian Crowd application running on the remote host is 2.1.x prior to 3.0.5, 3.1.x prior to 3.1.6, 3.2.x prior to 3.2.8, 3.3.x prior to 3.3.5 or 3.4.x prior to 3.4.4. It is, therefore, affected by a remote code execution RCE vulnerability. An...
Atlassian Crowd 3.4.x < 3.4.4 RCE Vulnerability
According to its self-reported version number, the Atlassian Crowd application running on the remote host is 2.1.x prior to 3.0.5, 3.1.x prior to 3.1.6, 3.2.x prior to 3.2.8, 3.3.x prior to 3.3.5 or 3.4.x prior to 3.4.4. It is, therefore, affected by a remote code execution RCE vulnerability. An...
CVE-2019-14940
In Storage Performance Development Kit SPDK before 19.07, a user of a vhost can cause a crash if the target is sent invalid input...
CVE-2019-14940
In Storage Performance Development Kit SPDK before 19.07, a user of a vhost can cause a crash if the target is sent invalid input...
CVE-2019-14940
CVE-2019-14940 affects SPDK prior to 19.07, where a user of a vhost can cause a crash by sending invalid input to the target. The root cause is an input validation issue in SPDK’s vhost handling, leading to an availability impact (crash) with network-accessible exposure implied by the CVSS data. ...
SUSE SLED15 / SLES15 Security Update : polkit (SUSE-SU-2019:2018-1)
This update for polkit fixes the following issues : Security issue fixed : CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend bsc1121826. Note that Tenable Network Security has extracted the preceding description block directly from...
SUSE SLED12 / SLES12 Security Update : bzip2 (SUSE-SU-2019:2013-1)
This update for bzip2 fixes the following issues : Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors bsc1139083. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...
Supply-Chain Attack against the Electron Development Platform
Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From a news article: At the BSides LV security conference o...
[SECURITY] Fedora 29 Update: php-7.2.21-1.fc29
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Debian: Security Advisory (DLA-1872-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Three Keys to Infusing Security into your Corporate Culture
Creating a security-oriented culture is a challenge for many businesses. There's a natural tension between development teams, that are under constant pressure to get new applications and features to market as quickly as possible, and security teams that need to protect critical systems and...
IBM SDK, Java Technology Edition Privilege Vulnerability
IBM SDK, Java Technology Edition is a software development kit for Java application development from IBM, USA. An elevation of privilege vulnerability exists in IBM SDK, Java Technology Edition for AIX-based platforms, which can be exploited by a local attacker to inject code and elevate privileg...
W13Scan - Passive Security Scanner
W13scan is a proxy-based web scanner that runs on Linux/Windows/Mac systems. Begin Demo Pure Python and Python version = 3 Can you use star to encourage the author ? Install pip3 install w13scan Usage help w13scan -h running w13scan -s 127.0.0.1:7778 HTTPS Support If you want w13scan to support...
CVE-2007-6763
SAS Drug Development SDD before 32DRG02 mishandles logout actions, which allows a user who was previously logged in to access resources by pressing a back or forward button in a web browser...
CVE-2007-6763
SAS Drug Development SDD before 32DRG02 mishandles logout actions, which allows a user who was previously logged in to access resources by pressing a back or forward button in a web browser...
CVE-2007-6763
CVE-2007-6763 concerns SAS Drug Development (SDD) prior to 32DRG02, which mishandles logout actions. According to the sources, a user who was previously authenticated can regain access to resources by using the browser’s back or forward buttons after logout. The vulnerability is described consist...
New Re2PCAP tool speeds up PCAP process for Snort rules
By Amit Raut We often joke that for SNORT® rule development, you have to live by the saying “PCAP or it didn’t happen.” PCAP files are very important for Snort rule development, and a new tool from Cisco Talos called “Re2Pcap” allows users to generate a PCAP file in seconds just from a raw HTTP...