Apache Dubbo 格式化字符串错误漏洞

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation. It provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A code injection vulnerability exists in Apache Dubbo, which...

Security update for openssl-1_0_0 (low)

openSUSE Security Update: Security update for openssl-100 Announcement ID: openSUSE-SU-2021:2994-1 Rating: low References: 1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 SUSE: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: openSUSE Leap 15.3 An update that...

ROS-2-2192

2.2192 VLC vulnerabilities with specially designed playlists 1. Vulnerability description: A remote user can create a specially crafted file that can cause various issues. It is possible to trigger remote code execution through a specially created playlist and trick the user into interacting with...

ROS-2-1917

2.1917 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

ROS-2-1645

2.1645 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-1960

2.1960 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-2093

2.2093 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

ROS-2-1638

2.1638 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

How to Exploit SQL Server Using OLE Automation

As part of the Imperva Research Labs we have the opportunity to examine various security scenarios. In this post, we will consider database security on SQL Server. One standard method that security practitioners use to protect databases is deploying honeypots and waiting for hackers to take the...

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1...

Security update for ffmpeg (important)

openSUSE Security Update: Security update for ffmpeg Announcement ID: openSUSE-SU-2021:2919-1 Rating: important References: 1129714 1186849 1186859 1186861 1186863 1189142 1189348 1189350 Cross-References: CVE-2019-9721 CVE-2020-21688 CVE-2020-21697 CVE-2020-22046 CVE-2020-22048 CVE-2020-22049...

hw: L1D Cache Eviction Sampling

A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the “fill buffers” and not properly cleared by the MDS mitigations. The fill buffer contents which were expected to be blank can be inferred usi...

GHSA-26RR-V2J2-25FH Layout XML Arbitrary Code Fix

Impact Layout XML enabled admin users to execute arbitrary commands via block methods...

Layout XML Arbitrary Code Fix

Impact Layout XML enabled admin users to execute arbitrary commands via block methods...

The 4 most common bad bot attack methods targeting financial services

Organizations in the financial services sector are high-value targets for cybercriminals. In recent years, more sophisticated botnets and other bad bot attack methods have enabled malicious hackers to ratchet up the speed of attacks on this sector. The four most common ways hackers deploy botnets...

Security update for openexr (important)

openSUSE Security Update: Security update for openexr Announcement ID: openSUSE-SU-2021:1198-1 Rating: important References: 1188457 1188458 1188459 1188460 1188461 1188462 Cross-References: CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476 CV...

Security update for dbus-1 (moderate)

openSUSE Security Update: Security update for dbus-1 Announcement ID: openSUSE-SU-2021:1204-1 Rating: moderate References: 1172505 Cross-References: CVE-2020-12049 CVSS scores: CVE-2020-12049 NVD : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12049 SUSE: 5.5...

Security update for libspf2 (critical)

openSUSE Security Update: Security update for libspf2 Announcement ID: openSUSE-SU-2021:1187-1 Rating: critical References: 1189104 Cross-References: CVE-2021-20314 Affected Products: openSUSE Leap 15.2 openSUSE Backports SLE-15-SP3 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 An...

Criminals exploited weak checks and old tech to pull off vast COVID benefit fraud

In life, when you encounter something momentuous—a sudden job loss, a routine check-up that revealed an illness you cant afford the medical bills for—you can be assured that the federal or state government has benefits you can apply for it. And where there are benefits, you can also be assured th...

Security Misconfiguration☝️ — What you need to know

Security Misconfiguration☝️ — What you need to know Introduction API7:2019 Security Misconfiguration ‍What is Security Misconfiguration? There are several factors that might indicate a Security Misconfiguration. We should be very careful with handling configurations because if the correct security...