7 matches found
A patched Windows attack surface is still exploitable
On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege EoP, which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of th...
Mageia: Security Advisory (MGASA-2014-0065)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DevSecOps and the New Scope of Application Development
Hand in hand: Application development and application security As expectations of developers change, so too do those of security teams. It’s more of a collective effort than ever as business dependence on applications continues to grow. Security must shift further left into the software developme...
Unauthorized Access Vulnerability in Nacos
Nacos is an Alibaba open source distributed configuration and registry center, Nacos by providing easy-to-use dynamic service discovery, service configuration, service sharing and management and other service infrastructure, to help users in the cloud native era, in the private cloud, hybrid clou...
Principles of a Cloud Migration – Security W5H – The WHERE
“Wherever I go, there I am” -Security I recently had a discussion with a large organization that had a few workloads in multiple clouds while assembling a cloud security focused team to build out their security policy moving forward. It’s one of my favorite conversations to have since I’m not jus...
Mandriva Linux Security Advisory : varnish (MDVSA-2014:036)
Updated varnish packages fix security vulnerabilities : Varnish before 3.0.5 allows remote attackers to cause a denial of service child-process crash and temporary caching outage via a GET request with trailing whitespace characters and no URI CVE-2013-4484. Also, the services have been converted...
Updated varnish packages fix CVE-2013-4484 and correct service behaviour
Updated varnish packages fix security vulnerabilities: Varnish before 3.0.5 allows remote attackers to cause a denial of service child-process crash and temporary caching outage via a GET request with trailing whitespace characters and no URI CVE-2013-4484. Also, the services have been converted...