CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

CVE-2019-17338

The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0...

CVE-2019-17338

The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0...

CVE-2019-17338

CVE-2019-17338 affects TIBCO Patterns - Search (UI component). The issue is a set of vulnerabilities enabling authenticated users to perform persistent cross-site scripting (XSS). Affected releases are versions 5.4.0 and below. The TIBCO advisory notes remediation by upgrading to 5.5.0 or later. ...

Kernel: page cache side channel attacks

A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be us...

TIBCO Security Advisory: January 28, 2020 - TIBCOPatterns

TIBCO Patterns - Search Exposes Cross Site Scripting Vulnerabilities Original release date: January 28, 2020 Last revised: CVE-2019-17338 Source: TIBCOSoftware Inc. TIBCO Patterns - Search Exposes Cross Site Scripting Vulnerabilities Original release date: January 28, 2020 Last revised: --- Sourc...

TIBCO Security Advisory: January 28, 2020 - TIBCOPatterns

TIBCO Patterns - Search Exposes Cross Site Scripting Vulnerabilities Original release date: January 28, 2020 Last revised: CVE-2019-17338 Source: TIBCOSoftware Inc. TIBCO Patterns - Search Exposes Cross Site Scripting Vulnerabilities Original release date: January 28, 2020 Last revised: --- Sourc...

CVE-2020-5852

The CVE affects BIG-IP’s Traffic Management Microkernel (TMM) when using a virtual server configured with a FastL4 profile. The vulnerability causes traffic processing disruption while TMM restarts and is limited to specific engineering hotfixes, not affecting major/minor/maintenance releases. Af...

Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages

Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present,...

Security Bulletin: WebSphere Application Server bundled with IBM WebSphere Application Server Patterns is vulnerable to Apache Commons Beanutils (CVE-2019-10086)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed ...

Download: The 2020 Cybersecurity Salary Survey Results

The 2020 Cybersecurity Salary Survey was an online survey published in The Hacker News and created to provide insight into the details related to cybersecurity compensation. There were over 1,500 security professionals who completed the survey. Today you can access the aggregated and analyzed 202...

Kernel: page cache side channel attacks

A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be us...

Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines

Graphs help to spot anomalies and patterns in large datasets. This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j. Neo4j can be queried for find connections to certain hosts, from certain hosts, find out the usage or protocols and...

openSUSE Security Update : java-11-openjdk (openSUSE-2019-2557)

This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed October 2019 CPU bsc1154212: - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Bett...

Kernel: page cache side channel attacks

A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be us...

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Please consult the following...

[SECURITY] Fedora 30 Update: yara-3.10.0-2.fc30

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

Fedora Update for zeromq FEDORA-2019-4d8f9a9235

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: zeromq-4.1.7-1.fc29

The 0MQ lightweight messaging kernel is a library which extends the standard socket interfaces with features traditionally provided by specialized messaging middle-ware products. 0MQ sockets provide an abstraction of asynchronous message queues, multiple messaging patterns, message filtering...

[SECURITY] Fedora 30 Update: zeromq-4.3.2-1.fc30

The 0MQ lightweight messaging kernel is a library which extends the standard socket interfaces with features traditionally provided by specialized messaging middle-ware products. 0MQ sockets provide an abstraction of asynchronous message queues, multiple messaging patterns, message filtering...