8752 matches found
In Conversation: Career Development as a Parent
Technology can only continue to thrive with the direct influence of those involved in its evolution. When the experiences of those people are broad, the tech industry benefits from the diversity of what they bring to the table. At Akamai,...
UBUNTU-CVE-2019-6471
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 - 9.11.7, 9.12.0 - 9.12.4-P1, 9.14.0 - 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of...
Moderate: Red Hat Security Advisory: java-11-openjdk security update
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
[SECURITY] Fedora 30 Update: python-django-2.1.9-1.fc30
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
[SECURITY] Fedora 29 Update: nss-3.44.0-2.fc29
Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...
Security Bulletin: IBM Security Information Queue discloses internal data left over from the product development phases
Summary The initial versions of IBM Security Information Queue ISIQ disclose internal data left over from the product development and Beta phases. In most cases, the data is specific to ISIQ's development environment and not useful to an attacker. Some of it, however, such as ISIQ's exact HTTP...
OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
Safari Webkit Proxy Object Type Confusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Safari Webkit Proxy Object Type Confusion', 'Description' = %q This module exploits a type confusion bug in the Javascript Proxy object in WebKit...
Directory Traversal in ltt.js
Affected versions of ltt.js resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
GHSA-6QH5-WX38-Q92G Directory Traversal in ltt.js
Affected versions of ltt.js resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
CVE-2019-6957
A recently discovered security vulnerability affects all Bosch Video Management System BVMS versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager VRM, Video Streaming Gateway VSG, Configuration Manager, Building Integration System BIS with Video Engine, Access...
PT-2019-18378 · Bosch · Configuration Manager +7
Name of the Vulnerable Software and Affected Versions: Bosch Video Management System BVMS versions 9.0 and below DIVAR IP versions 2000 through 7000 Configuration Manager affected versions not specified Building Integration System BIS with Video Engine affected versions not specified Access...
CVE-2019-12250
IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. NOTE: the software maintainer disputes that this is a vulnerability because the request logger is not...
Solaris 7/8/9 (#SPARC) - (dtprintinfo) Local Privilege Escalation (1) Exploit
Exploit for solaris platform in category local exploits / raptordtprintnamesparc.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability an...
SecurityRAT - Tool For Handling Security Requirements In Development
OWASP Security RAT Requirement Automation Tool is a tool supposed to assist with the problem of addressing security requirements during application development. The typical use case is: specify parameters of the software artifact you're developing based on this information, list of common securit...
Slow performance for a single tenant database backup of the SAP HANA system
Challenge When backing up a small 128 GB tenant/system DB of SAP HANA, the backup performance might be comparatively slower than a file based backup or using a different backup solution. Cause After several customers pointed out the performance degradation - compared to file based backups - the...
Machinae v1.4.8 - Security Intelligence Collector
Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes, and SSL fingerprints. It was inspired by Automater, another excellent tool for collecting information. The Machinae...
OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022)
Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...
How to build your own PoC framework Pocsuite3 using the article-the vulnerability warning-the black bar safety net
Compared to boring the usage of the description, the more I want to say about Pocsuite3 why will have these features as well as how to achieve. If you also want to build a similar tool, Pocsuite3 some of the thoughts may be able to help you. This article is also recorded Pocsuite3 development...
Online Development, Inc. PCIC-E ControlNet Interface Communication Adapter
Binary data 754799.prm...