CVE-2017-7536

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the...

Qualys Cloud Platform 2.31 New Features

This release of the Qualys Cloud Platform version 2.31 includes updates and new features for AssetView, Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows. AssetView Use custom severities in AV searches and...

How to Collect Diagnostic Data by using the Command Line Interface on a WANOP

This article explains an alternative method for collecting Diagnostic Data by using the command line interface when the Graphical User Interface GUI is not accessible on a NetScaler SD-WAN WANOP appliance or WANOP VPX instance...

Apache Groovy MethodClosure Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Groovy. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on implementation. The specific flaw exists within the handling of...

CVE-2017-6094

CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value 48bit derived from the MAC. The algorithm used to compute the "chk" was disclosed ...

CVE-2016-10702

Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary...

Code injection

Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary...

OpenStack Nova Security Bypass Vulnerability (CNVD-2017-37172)

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Nova is one of the cloud computing construct controllers written in Python. It is part of the IaaS system. A security vulnerability exists in...

CVE-2017-16239

By rebuilding an instance using a new image, an authenticated user may be able to circumvent the Filter Scheduler, bypassing imposed filters for example, the ImagePropertiesFilter or the IsolatedHostsFilter...

DEBIAN-CVE-2017-16239

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters for example, the ImagePropertiesFilter or the IsolatedHostsFilter. All setups using Nova Filter...

Design/Logic Flaw

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters for example, the ImagePropertiesFilter or the IsolatedHostsFilter. All setups using Nova Filter...

CVE-2017-16239

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters for example, the ImagePropertiesFilter or the IsolatedHostsFilter. All setups using Nova Filter...

CVE-2017-16239

CVE-2017-16239 affects OpenStack Nova: when rebuilding an instance, authenticated users may bypass the Filter Scheduler (e.g., ImagePropertiesFilter, IsolatedHostsFilter), affecting all setups using the Nova Filter Scheduler across 14.x, 15.x, and 16.x branches. Root cause is a regression that al...

CVE-2017-16239

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters for example, the ImagePropertiesFilter or the IsolatedHostsFilter. All setups using Nova Filter...

CVE-2017-16239

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters for example, the ImagePropertiesFilter or the IsolatedHostsFilter. All setups using Nova Filter...

UBUNTU-CVE-2017-16239

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters for example, the ImagePropertiesFilter or the IsolatedHostsFilter. All setups using Nova Filter...

Phabricator: Command injection on Phabricator instance with an evil hg branch name

Hi phabricator, I found an evil branch name of hg a repo can lead to arbitrary command injection on phabricator instance. Here is the reproduction steps: 1. Monitor a remote mercurial repo with phabricator; 2. Create a branch and called "--config=hooks.pre-log=wget" on the remote; 3. After...

How to collect logs for cases involving Oracle

Challenge An issue with backing up of the Oracle database server and/or removal of Oracle archived logs is suspected. Veeam Technical Support would like to gather information from your servers and databases to investigate this issue. Additional logs must be gathered manually from the guest OS on...

SAP NetWeaver Instance Agent Service Information Disclosure Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP NetWeaver Instance Agent Service, which can be exploited b...

Starting/stopping Amazon EC2 instances using CLI and Python SDK

It's a very good practice to scan your perimeter from the outside of your network, simulating an attacker. However, you will need to deploy the scanners somewhere to do this. Hosting on Amazon EC2 can be a good and cost-effective option, especially if you start instances with vulnerability scanne...