Vivo EasyShare 安全漏洞

Vivo EasyShare is a file sharing application developed by the Chinese company Vivo. Vivo EasyShare has a security vulnerability, which stems from issues with the authentication mechanism in certain features. If specific conditions in the local network are met, it may lead to data leakage...

PVS BIOS based target devices are slow to boot

PVS BIOS based target devices were slow to boot, with following observations: BIOS based target devices often taking tens of minutes to boot successfully, occasionally target devices may fail to boot. The network conditions in standard production network were non optimal for PVS boot performance...

Information Disclosure

grafana is vulnerable to information disclosure.The vulnerability exits in grafana backend plugin which allows a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource...

CVE-2022-31176 Grafana Image Renderer leaking files

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

Fedora: Security Advisory for golang-github-shopify-toxiproxy (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-shopify-toxiproxy-2.1.4-11.fc36

Toxiproxy is a framework for simulating network conditions. It's made specifically to work in testing, CI and development environments, supporting deterministic tampering with connections, but with support for randomized chaos and customization. Toxiproxy is the tool you need to prove with tests...

Grafana -- Unauthorized file disclosure

Grafana Labs reports: On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the Grafana Image Renderer plugin when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for “printing” of unauthorized files i...

[SECURITY] Fedora 35 Update: golang-github-shopify-toxiproxy-2.1.4-10.fc35

Toxiproxy is a framework for simulating network conditions. It's made specifically to work in testing, CI and development environments, supporting deterministic tampering with connections, but with support for randomized chaos and customization. Toxiproxy is the tool you need to prove with tests...

Pixel Perfect. Enhanced Optimizations Focused on Customer Experience

I remember the days when brands captivated users online with dancing aliens LowerMyBills.com and Elf Yourself advertising campaigns OfficeMax. In this new digital era, however, customers are smarter, more powerful, and dictate more than ever how and when they interact with brands. More important...

Security update for zstd (moderate)

openSUSE Security Update: Security update for zstd Announcement ID: openSUSE-SU-2019:1845-1 Rating: moderate References: 1082318 1133297 1142941 Cross-References: CVE-2019-11922 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has two fixes is now available...

curl: Libcurl ocasionally sends HTTPS traffic to port 443 rather than specified port 8080

Summary: We have encountered an issue with libcurl where, under certain network conditions, the library will attempt to submit data to an incorrect port as was set by CURLOPTPORT. As information is sent to an unauthorised port, we consider this an information disclosure issue. Our security softwa...

GHSA-HJHR-R3GQ-QVP6 Timing Attack in csrf-lite

Affected versions of csrf-lite are vulnerable to timing attacks as a result of testing CSRF tokens via a fail-early comparison instead of a constant-time comparison. Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character feedback ...

Image Management 101: The Web Developer's Guide

This article originally appeared on DevOps.com Online experiences have in many ways supplanted in-person experiences. Today, no one would hesitate to buy a luxury watch online instead of from a jewelry brick-and-mortar store. But as these online experiences become the norm, user expectations for ...

CVE-2017-9657

Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the central monitor,...

CVE-2017-9657

Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the central monitor,...

CVE-2017-9657

The CVE-2017-9657 entry describes an 802.11 WLAN issue in Philips IntelliVue MX40 (Version B.06.18) where partial re-association to the central monitor can leave the MX40 in telemetry mode while the central station expects local monitoring, potentially delaying alarms. Root causes cited include I...

How to Troubleshoot EDT Connections

Adaptive transport is a data transport mechanism for Citrix Virtual Apps and Desktops. It is faster, can scale, improves application interactivity, and is more interactive on challenging long-haul WAN and internet connections. Adaptive transport maintains high server scalability and efficient use...

Description of the security update for Skype for Business 2016: June 13, 2017

Description of the security update for Skype for Business 2016: June 13, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

Timing Attack

Overview Affected versions of cookie-signature are vulnerable to timing attacks as a result of using a fail-early comparison instead of a constant-time comparison. Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character feedback on...

Timing Attack

Overview Affected versions of csrf-lite are vulnerable to timing attacks as a result of testing CSRF tokens via a fail-early comparison instead of a constant-time comparison. Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character...