Millions of GoDaddy customer data compromised in breach

Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission SEC that it had suffered a security breach. In the notice, it explained it had been compromised via an "unauthorized third-party access to our Managed WordPress hosting...

Security update for transfig (important)

openSUSE Security Update: Security update for transfig Announcement ID: openSUSE-SU-2021:1481-1 Rating: important References: 1189325 1189343 1189345 1189346 1190607 1190611 1190612 1190615 1190616 1190617 1190618 1192019 Cross-References: CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-215...

Security update for tinyxml (low)

openSUSE Security Update: Security update for tinyxml Announcement ID: openSUSE-SU-2021:1474-1 Rating: low References: 1191576 Cross-References: CVE-2021-42260 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for tinyxml fixes...

With SLAs for DDoS Mitigation, the devil is in the details

When it comes to choosing the right DDoS protection there are many factors to consider including Network Capacity, Reliability, Service, Price and Time to Mitigation TTM. In a recent survey, we asked participants what factor they considered most critical when choosing a DDoS protection solution...

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

Security update for transfig (important)

openSUSE Security Update: Security update for transfig Announcement ID: openSUSE-SU-2021:1458-1 Rating: important References: 1189325 1189343 1189345 1189346 1190607 1190611 1190612 1190615 1190616 1190617 1190618 1192019 Cross-References: CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-215...

Security update for qemu (important)

openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2021:3605-1 Rating: important References: 1189234 1189702 1189938 1190425 Cross-References: CVE-2021-3713 CVE-2021-3748 CVSS scores: CVE-2021-3713 SUSE: 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-3748...

SUSE-RU-2021:3551-1 Recommended update for SUSE Manager 4.2.3 Release Notes

This update for SUSE Manager 4.2.3 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.2.3 - aarch64 support for CentOS 7/8, Oracle Linux 7/8, Rocky Linux 8, AlmaLinux 8, Amazon Linux 2 and openSUSE Leap 15.3 - Package Locking features is now available fo...

CVE-2021-35233

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client...

CVE-2021-35233

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client...

Design/Logic Flaw

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client...

CVE-2021-35233

CVE-2021-35233 affects SolarWinds Kiwi Syslog Server 9.7.1 and earlier, where enabling HTTP TRACK & TRACE can cause the server to echo the exact HTTP request in the response, potentially leaking sensitive information such as internal authentication headers appended by reverse proxies. The issue i...

Solarwinds Kiwi Syslog Server 配置错误漏洞

Solarwinds Kiwi Syslog Server is an affordable Syslog management tool for network and system engineers from Solarwinds USA. It is used to receive syslog messages and Snmp traps from network devices routers, switches, firewalls, etc. and Linux®/Unix® hosts. A security vulnerability exists in...

CVE-2021-41035

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods...

CVE-2021-41035

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods...

Eclipse Openj9 安全漏洞

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A security vulnerability exists in Eclipse Openj9 versions prior to 0.29.0 that stems from the JVM not throwing an IllegalAccessError exception for MethodHandles that...

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in the field for so long, we have witnessed some major changes in the cybercrime worlds modus operandi. This report shares our insights into the Russian-speaking cybercrime worl...

Security update for ncurses (moderate)

openSUSE Security Update: Security update for ncurses Announcement ID: openSUSE-SU-2021:3490-1 Rating: moderate References: 1190793 Cross-References: CVE-2021-39537 CVSS scores: CVE-2021-39537 SUSE: 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 An update...

rust-crossbeam-deque: race condition may lead to double free

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

rust-crossbeam-deque: race condition may lead to double free

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...