45 matches found
Etherpad 1.8.13 - Code Execution Vulnerabilities
Etherpad is one of the most popular online text editors that allows collaborating on documents in real-time. It is customizable with more than 250 plugins available and features a version history as well as a chat functionality. There are thousands of instances deployed worldwide with millions of...
Russia’s SolarWinds Attack and Software Security
The information that is emerging about Russias extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now believed to have affected more than 250 federal agencies and businesses -- primarily...
CVE-2020-35702
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a...
CVE-2020-35702
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a...
Toward Inclusive Language in Software
Akamai opposes racism in all its forms and is committed to providing an inclusive, fair, and respectful environment for both our customers and our employees. As part of this commitment, we are joining other technology-industry leaders in removing biased, oppressive, and racially insensitive...
GitLab: Possibilty to purchase Ultimate - 1 Year (EDU or OSS)
Hi, Any user can purchase Ultimate - 1 Year EDU or OSS which is for educational institutions or open source projects.I have found here https://gitlab.com/gitlab-org/customers-gitlab-com/-/issues/860 list of Gitlab plan id and found Ultimate - 1 Year which is free and purchased. Steps to reproduce...
Google Offers Financial Support to Open Source Projects for Cybersecurity
Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products. The...
Official Code Analysis Partner for TYPO3
RIPS Technologies and TYPO3 are proud to announce their new technical partnership. TYPO3 will be using RIPS industry-leading code analysis solution to continuously scan the TYPO3 code base for security vulnerabilities and weaknesses. CEO Johannes Dahse explains: “This partnership represents anoth...
Internet Bug Bounty: Multiple HTTP Smuggling reports
Theses reports spreads other several years and are all about HTTP Smuggling issues HTTP Requests or Responses splitting, Cache Poisoning, Security filter bypass. I've made reports on a wide range of open source projects, explaining the not always easy problems to the various security maintainers...
Bypass Glitch Allows Malware to Masquerade as Legit Apple Files
Masquerading as an official Apple system file sounds like a wonderful way for malware to worm its way onto Macs – and a recently discovered code-signing bypass flaw allows bad code to do just that. The way some developers have implemented Apple’s official code-signing API can be exploited by...
Your new friend, KLara
While doing threat research, teams need a lot of tools and systems to aid their hunting efforts – from systems storing Passive DNS data and automated malware classification to systems allowing researchers to pattern-match a large volume of data in a relatively short period of time. These tools ar...
Automated Android Malware Analysis: CuckooDroid
CuckooDroid is an extension of Cuckoo Sandbox the Open Source software for automating analysis of suspicious files. CuckooDroid brigs to cuckoo the capabilities of execution and analysis of android application. CuckooDroid is an automated, cross-platform, emulation and analysis framework based on...
Google Employees Help Thousands Of Open Source Projects Patch Critical ‘Mad Gadget Bug’
Last year Google employees took an initiative to help thousands of Open Source Projects patch a critical remote code execution vulnerability in a widely used Apache Commons Collections ACC library. Dubbed Operation Rosehub, the initiative was volunteered by some 50 Google employees, who utilized ...
Internet Bug Bounty: CVE-2016-0772 - python: smtplib StartTLS stripping attack
python smtplib starttls stripping attack affects: basically all versions of smtplib with starttls support and projects relying on it python 2.7.2 - 2.7.11 dates back 14 years python 3.0 - 3.5.1 dates back 7 years Python's implementation of smtplib fails to raise an exception upon an unexpected...
Google to Pay Rewards For Patches to Open Source Projects
Google, one of the first companies to offer a significant bug bounty program, is extending its rewards to researchers and developers who contribute patches to a variety of open source projects and have an effect on the security of the project. The new rewards will range from $500 to $3,133.70, an...
Fedora Update for bugzilla FEDORA-2012-6368
Check for the Version of bugzilla OpenVAS Vulnerability Test Fedora Update for bugzilla FEDORA-2012-6368 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for bugzilla FEDORA-2012-0328
Check for the Version of bugzilla OpenVAS Vulnerability Test Fedora Update for bugzilla FEDORA-2012-0328 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Behind the Scenes of The Crypto Project
When a small group of activists announced the debut of The Crypto Project earlier this year, for many, ahem, mature, security and privacy advocates it brought to mind memories of the original cypherpunk movement that began in the 1990s and that group’s seminal efforts to encourage the use of stro...
Fedora Update for bugzilla FEDORA-2011-0755
Check for the Version of bugzilla OpenVAS Vulnerability Test Fedora Update for bugzilla FEDORA-2011-0755 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
[SECURITY] Fedora 13 Update: bugzilla-3.4.8-2.fc13
Bugzilla is a popular bug tracking system used by multiple open source proj ects It requires a database engine installed - either MySQL, PostgreSQL or Oracl e. Without one of these database engines local or remote, Bugzilla will not work - see the Release Notes for details...