Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server shipped with IBM WebSphere Application Server Patterns (CVE-2020-4362)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed i...

CVE-2019-5489

A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be us...

Will Social Distancing Break the Internet?

First off, no -- the Internet is not going to break! That said, the news media is awash with stories and statistics about how the Internet is faring with the increase in traffic due to isolation protocols forcing daily functions online. Which functions? In my house, we have remote work, e-learnin...

Security update for tor (moderate)

openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2020:0428-1 Rating: moderate References: 1167013 1167014 Cross-References: CVE-2020-10592 CVE-2020-10593 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...

openSUSE Security Update : tor (openSUSE-2020-406)

This update for tor to version 0.3.5.10 fixes the following issues : - tor was updated to version 0.3.5.10 : - CVE-2020-10592: Fixed a CPU consumption denial of service and timing patterns boo1167013 - CVE-2020-10593: Fixed a circuit padding memory leak boo1167014 C Tenable Network Security, Inc...

openSUSE: Security Advisory for tor (openSUSE-SU-2020:0406-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for tor (moderate)

openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2020:0406-1 Rating: moderate References: 1167013 1167014 Cross-References: CVE-2020-10592 CVE-2020-10593 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description: Thi...

Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server shipped with IBM WebSphere Application Server Patterns (CVE-2019-17573)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed i...

Privilege escalation

Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh TRR, aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit...

CVE-2020-2140

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability...

Cross site scripting

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability...

CVE-2020-2140

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability...

CVE-2020-2140

CVE-2020-2140 affects Jenkins Audit Trail Plugin (versions 3.2 and earlier). The vulnerability is a reflected cross-site scripting due to improper escaping in the URL Patterns field form validation. Exploitation could allow injection of malicious scripts via the error message. The issue is docume...

UPDATE: Electronegativity v1.4.0

Electronegativity v1.4.0 was released some time ago. My first post about this open source Electron Security tool was titled – Electronegativity: An Open Source Electron Security Auditor which contains several bug fixes and a new feature. What is Electronegativity? Electronegativity is an open...

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletinss...

ALPINE-CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

DEBIAN-CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

UBUNTU-CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...