CVE-2024-41668 cBioPortal Proxy Endpoint Vulnerabliity

The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery SSRF attack. Logged in users...

Critical Photon OS Security Update - PHSA-2019-3.0-0003

Updates of 'openssh', 'kubernetes', 'libsolv', 'nginx', 'python3', 'perl' packages of Photon OS have been released...

Researchers Defeat AMD's SEV Virtual Machine Encryption

German security researchers claim to have found a new practical attack against virtual machines VMs protected using AMD's Secure Encrypted Virtualization SEV technology that could allow attackers to recover plaintext memory data from guest VMs. AMD's Secure Encrypted Virtualization SEV technology...

How to protect web applications on Google Cloud Platform with WAF?

Many of the developers we speak to are interested in taking advantage of Google Compute Cloud for developing and hosting their web applications. The advantages are many from reasonable costs to built in scalability to high level of availability built right into the platform. However, the develope...

Null pointer dereference

os/unix/ngxfiles.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service NULL pointer dereference and worker process crash via a crafted request, involving writing a client request body to a temporary file...

OpenSSL DROWN drown vulnerability detection and repair method-vulnerability warning-the black bar safety net

A, vulnerability Description: The now popular server and client to use TLS encryption,SSL and TLS protocols to ensure that users are surfing the Internet,shopping,instant messaging and not be read by third parties. DROWNdrownvulnerabilities allow an attacker to compromise the encryption system,by...