Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

Mirth Connect PoC Script Simple Python script for security re...

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index PyPI repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib...

Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements

Impact An attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 on the kernel cmdline, it wi...

CVE-2020-11091

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...

Security Bulletin: IBM SmartCloud Analytics - Log Analysis is affected by Open Source Python Vulnerability (CVE-2014-9365)

Summary IBM SmartCloud Analytics - Log Analysis product bundles the Open Source Python which is vulnerable to CVE-2014-9365 Vulnerability Details CVEID: CVE-2014-9365 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certifica...