1147 matches found
Ransom DDoS Enters its Fourth Wave
Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...
Security Bulletin: Multiple vulnerabilities in WebSphere Application Server shipped with IBM WebSphere Application Server Patterns
Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
[SECURITY] Fedora 34 Update: kxstitch-2.1.1-6.fc34
KXStitch can be used to create cross stitch patterns from scratch. It is also possible to convert existing images to a cross stitch pattern or scan one with a Sane supported scanner...
Prototype Pollution
algoliasearch-helper is vulnerable to prototype pollution. The merge function fails to validate the Object key values when users are able to define arbitrary search patterns, allowing attackers to perform prototype pollution attacks by modifying attributes such as proto...
Prototype Pollution in algoliasearch-helper
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...
GHSA-VPF5-82C8-9V36 Prototype Pollution in algoliasearch-helper
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...
Common Cloud Misconfigurations Exploited in Minutes, Report
Poorly configured cloud services can be exploit by threat actors in minutes and sometimes in under 30 seconds. Attacks include network intrusion, data theft and ransomware infections, researchers have found. Researchers at Palo Alto Networks’ Unit 42 used a honeypot infrastructure of 320 nodes...
CVE-2021-23433
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...
CVE-2021-23433
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...
New Rowhammer Technique
Rowhammer is an attack technique involving accessing -- thats "hammering" -- rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem. Well, there is a new enhancemen...
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
...
How Imperva Leverages AWS to Help Customers Prevent Attacks
At Imperva, we’re passionate about being a trusted security partner for our customers, so we continually invest in the availability, resiliency, and scalability of our global network. We’ve made significant investments over the past year to expand our cloud footprint, including rebuilding and...
DEBIAN-CVE-2021-42378
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvari function...
AZL-6348 CVE-2021-42381 affecting package busybox for versions less than 1.35.0-1
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hashinit function...
PT-2021-5546 · Busybox +5 · Busybox +5
Name of the Vulnerable Software and Affected Versions: Busybox affected versions not specified Description: A use-after-free issue in Busybox's awk applet can lead to denial of service and possibly code execution when processing a crafted awk pattern in the next input file function. This could...
BusyBox 资源管理错误漏洞
BusyBox is a set of applications containing several linux commands and tools by Denis Vlasenko, a Ukrainian personal developer. A resource management error vulnerability exists in the Busybox awk applet, which stems from a denial of service due to "use after free" in Busybox's awk applet when...
BusyBox 资源管理错误漏洞
BusyBox is a set of applications containing several linux commands and tools by Denis Vlasenko, a Ukrainian personal developer. BusyBox suffers from a resource management error vulnerability that stems from a denial of service and possible code enforcement due to post-release usage in Busybox's a...
[SECURITY] Fedora 35 Update: kxstitch-2.1.1-6.fc35
KXStitch can be used to create cross stitch patterns from scratch. It is also possible to convert existing images to a cross stitch pattern or scan one with a Sane supported scanner...
Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2021-2388, CVE-2021-2369, CVE-2021-2432)
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...