Fedora: Security Advisory for clojure (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for objenesis (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for opentest4j (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: objenesis-3.3-9.fc40

Objenesis is a small Java library that serves one purpose: to instantiate a new object of a particular class. Java supports dynamic instantiation of classes using Class.newInstance; however, this only works if the class has an appropriate constructor. There are many times when a class cannot be...

[SECURITY] Fedora 40 Update: hamcrest-2.2-16.fc40

Provides a library of matcher objects also known as constraints or predicate s allowing 'match' rules to be defined declaratively, to be used in other frameworks. Typical scenarios include testing frameworks, mocking libraries a nd UI validation rules...

Identify and De-risk Unmanaged, Unauthorized Devices With Qualys CyberSecurity Asset Management (CSAM)

69% of organizations said they experienced at least one cyberattack resulting from an exploit of an unknown or unmanaged asset such as software, cloud-based workloads user accounts, and IoT devices. Ultimately, these attacks stem from visibility gaps in the attack surface. Bringing these assets...

Route-Detect - Find Authentication (Authn) And Authorization (Authz) Security Bugs In Web Application Routes

Find authentication authn and authorization authz security bugs in web application routes: Web application HTTP route authn and authz bugs are some of the most common security issues found today. These industry standard resources highlight the severity of the issue: 2021 OWASP Top 10 1 - Broken...

Unit Testing Frameworks: A Quick Comparison

Stepping Forward in Understanding Software Unit Evaluation Venturing into the realm of software creation, emphasizing quality takes center stage. This gold standard governs aspects such as operational capabilities, dependability, and the overall performance of your software. Regular assessments, ...

Living our Values and Leveraging Diverse Skill Sets: How Jonathan Atwood Built a Successful Career as a Customer Advisor at Rapid7

At Rapid7, our Customer Advisors play a pivotal role at ensuring our customers understand their threat landscape – and feel confident in their security programs. By collaborating across various internal teams, strengthening customer relationships, and proactively seeking solutions and advocating...

CVE-2023-49090

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...

CVE-2023-49090

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...

CVE-2023-49090

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...

CVE-2023-49090 CarrierWave has a content-type allowlist bypass vulnerability, possibly leading to XSS

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...

CVE-2023-49090

CarrierWave (Ruby/Rails file-upload library) contains a Content-Type allowlist bypass vulnerability (CVE-2023-49090). The issue arises because allowlisted_content_type? validates Content-Type via partial matching, enabling an attacker to craft content_type values that bypasses the allowlist, pote...

CVE-2023-49090 CarrierWave has a content-type allowlist bypass vulnerability, possibly leading to XSS

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...

CVE-2023-49090 CarrierWave has a content-type allowlist bypass vulnerability, possibly leading to XSS

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...

Qualys Named a Leader in KuppingerCole CSPM Report

Cloud Security Posture Management CSPM is a crucial requirement in cloud security. CSPM is all about identifying misconfiguration issues and compliance risks in cloud environments. Since cloud misconfigurations are the leading cause of data breaches, you want an excellent CSPM solution on your...

IoT Secure Development Guide

Introduction This guide deals with threat modelling and early stages of development so that security issues and controls are identified before committing to manufacturing. Current attack methods, and the pitfalls we find in embedded designs, have been highlighted so that a finished product is as...

[SECURITY] Fedora 37 Update: prrte-2.0.2-5.fc37

PRRTE is the PMIx Reference Run Time Environment. The project is formally referred to in documentation by "PRRTE", and the GitHub repository is "openpmix/prrte". However, we have found that most users do not like typing the two consecutive "r"s in the name. Hence, all of the internal API symbols,...

[SECURITY] Fedora 38 Update: prrte-2.0.2-5.fc38

PRRTE is the PMIx Reference Run Time Environment. The project is formally referred to in documentation by "PRRTE", and the GitHub repository is "openpmix/prrte". However, we have found that most users do not like typing the two consecutive "r"s in the name. Hence, all of the internal API symbols,...