Lucene search
+L

45 matches found

SonarSource Blog
SonarSource Blog
added 2021/07/13 12:0 a.m.26 views

Etherpad 1.8.13 - Code Execution Vulnerabilities

Etherpad is one of the most popular online text editors that allows collaborating on documents in real-time. It is customizable with more than 250 plugins available and features a version history as well as a chat functionality. There are thousands of instances deployed worldwide with millions of...

6.5CVSS0.4AI score0.02229EPSS
Exploits2
Schneier on Security
Schneier on Security
added 2021/01/08 12:27 p.m.25 views

Russia’s SolarWinds Attack and Software Security

The information that is emerging about Russias extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now believed to have affected more than 250 federal agencies and businesses -- ­primarily...

0.5AI score
Exploits0
NVD
NVD
added 2020/12/25 2:15 a.m.14 views

CVE-2020-35702

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a...

7.8CVSS7.7AI score0.00861EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/12/25 1:2 a.m.18 views

CVE-2020-35702

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a...

7.7AI score0.00861EPSS
Exploits1References1
Akamai Blog
Akamai Blog
added 2020/11/18 5:30 p.m.30 views

Toward Inclusive Language in Software

Akamai opposes racism in all its forms and is committed to providing an inclusive, fair, and respectful environment for both our customers and our employees. As part of this commitment, we are joining other technology-industry leaders in removing biased, oppressive, and racially insensitive...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2020/05/26 1:58 p.m.19 views

GitLab: Possibilty to purchase Ultimate - 1 Year (EDU or OSS)

Hi, Any user can purchase Ultimate - 1 Year EDU or OSS which is for educational institutions or open source projects.I have found here https://gitlab.com/gitlab-org/customers-gitlab-com/-/issues/860 list of Gitlab plan id and found Ultimate - 1 Year which is free and purchased. Steps to reproduce...

Exploits0
The Hacker News
The Hacker News
added 2019/12/18 6:32 p.m.6 views

Google Offers Financial Support to Open Source Projects for Cybersecurity

Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products. The...

5.8AI score
Exploits0
ripstech
ripstech
added 2019/10/31 11:0 a.m.37 views

Official Code Analysis Partner for TYPO3

RIPS Technologies and TYPO3 are proud to announce their new technical partnership. TYPO3 will be using RIPS industry-leading code analysis solution to continuously scan the TYPO3 code base for security vulnerabilities and weaknesses. CEO Johannes Dahse explains: “This partnership represents anoth...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2019/07/17 10:47 p.m.453 views

Internet Bug Bounty: Multiple HTTP Smuggling reports

Theses reports spreads other several years and are all about HTTP Smuggling issues HTTP Requests or Responses splitting, Cache Poisoning, Security filter bypass. I've made reports on a wide range of open source projects, explaining the not always easy problems to the various security maintainers...

7.5CVSS7.7AI score0.73327EPSS
Exploits6
ThreatPost
ThreatPost
added 2018/06/12 5:26 p.m.25 views

Bypass Glitch Allows Malware to Masquerade as Legit Apple Files

Masquerading as an official Apple system file sounds like a wonderful way for malware to worm its way onto Macs – and a recently discovered code-signing bypass flaw allows bad code to do just that. The way some developers have implemented Apple’s official code-signing API can be exploited by...

6.8CVSS0.00857EPSS
Exploits6References1
Securelist
Securelist
added 2018/03/28 10:0 a.m.30 views

Your new friend, KLara

While doing threat research, teams need a lot of tools and systems to aid their hunting efforts – from systems storing Passive DNS data and automated malware classification to systems allowing researchers to pattern-match a large volume of data in a relatively short period of time. These tools ar...

6.9AI score
Exploits0
n0where
n0where
added 2017/08/15 1:59 a.m.45 views

Automated Android Malware Analysis: CuckooDroid

CuckooDroid is an extension of Cuckoo Sandbox the Open Source software for automating analysis of suspicious files. CuckooDroid brigs to cuckoo the capabilities of execution and analysis of android application. CuckooDroid is an automated, cross-platform, emulation and analysis framework based on...

1.1AI score
Exploits0References1
The Hacker News
The Hacker News
added 2017/03/02 12:48 a.m.69 views

Google Employees Help Thousands Of Open Source Projects Patch Critical ‘Mad Gadget Bug’

Last year Google employees took an initiative to help thousands of Open Source Projects patch a critical remote code execution vulnerability in a widely used Apache Commons Collections ACC library. Dubbed Operation Rosehub, the initiative was volunteered by some 50 Google employees, who utilized ...

7.5CVSS8.9AI score0.18763EPSS
Exploits1
Hacker One
Hacker One
added 2016/06/14 9:25 p.m.83 views

Internet Bug Bounty: CVE-2016-0772 - python: smtplib StartTLS stripping attack

python smtplib starttls stripping attack affects: basically all versions of smtplib with starttls support and projects relying on it python 2.7.2 - 2.7.11 dates back 14 years python 3.0 - 3.5.1 dates back 7 years Python's implementation of smtplib fails to raise an exception upon an unexpected...

5.8CVSS6.7AI score0.1503EPSS
Exploits3
ThreatPost
ThreatPost
added 2013/10/10 8:25 a.m.10 views

Google to Pay Rewards For Patches to Open Source Projects

Google, one of the first companies to offer a significant bug bounty program, is extending its rewards to researchers and developers who contribute patches to a variety of open source projects and have an effect on the security of the project. The new rewards will range from $500 to $3,133.70, an...

0.2AI score
Exploits0References3
OpenVAS
OpenVAS
added 2012/05/04 12:0 a.m.25 views

Fedora Update for bugzilla FEDORA-2012-6368

Check for the Version of bugzilla OpenVAS Vulnerability Test Fedora Update for bugzilla FEDORA-2012-6368 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

5.1CVSS6.3AI score0.01234EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/01/20 12:0 a.m.20 views

Fedora Update for bugzilla FEDORA-2012-0328

Check for the Version of bugzilla OpenVAS Vulnerability Test Fedora Update for bugzilla FEDORA-2012-0328 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

6.8CVSS6.4AI score0.01567EPSS
Exploits5References2
ThreatPost
ThreatPost
added 2011/08/30 2:29 p.m.12 views

Behind the Scenes of The Crypto Project

When a small group of activists announced the debut of The Crypto Project earlier this year, for many, ahem, mature, security and privacy advocates it brought to mind memories of the original cypherpunk movement that began in the 1990s and that group’s seminal efforts to encourage the use of stro...

7.1AI score
Exploits0References5
OpenVAS
OpenVAS
added 2011/02/04 12:0 a.m.27 views

Fedora Update for bugzilla FEDORA-2011-0755

Check for the Version of bugzilla OpenVAS Vulnerability Test Fedora Update for bugzilla FEDORA-2011-0755 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

5CVSS6.4AI score0.01521EPSS
Exploits1References2
Fedora
Fedora
added 2010/08/27 6:55 a.m.46 views

[SECURITY] Fedora 13 Update: bugzilla-3.4.8-2.fc13

Bugzilla is a popular bug tracking system used by multiple open source proj ects It requires a database engine installed - either MySQL, PostgreSQL or Oracl e. Without one of these database engines local or remote, Bugzilla will not work - see the Release Notes for details...

6.5CVSS1.7AI score0.02046EPSS
Exploits1
Rows per page
Query Builder