Delta Electronics DIAEnergie HandlerEnergyType Parameter Name Cross-Site Scripting Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...

postgresql: memory disclosure in certain queries

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

postgresql: memory disclosure in certain queries

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

selinux-policy bug fix and enhancement update

An update is available for selinux-policy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The selinux-policy packages contain the rules that govern how confined...

RHEL 7 : rh-postgresql12-postgresql (RHSA-2021:5197)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5197 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

Developing a Repeatable and Sustainable Security Exploitable Risk Reporting Program

Introduction The key to creating a practical Reporting Philosophy is/are well-written vulnerability management policies, standards, and guidelines. These are often referred to as a Security, Governance, Risk, and Compliance SGRC program and a well-defined risk exception and acceptance RA program,...

New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes

We analyzed new samples of the Yanluowang ransomware. One interesting aspect of these samples is that the files are code-signed. They also terminate various processes which are related to database and backup management...

Privilege Escalation

jenkins is vulnerable to privilege escalation. The vulnerability exists due to a lack of limiting the agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library wit...

jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

Trend Micro Worry-Free Business Security has an unspecified vulnerability (CNVD-2022-08933)

Trend Micro Worry-Free Business Security is an enterprise-class information security protection solution from Trend Micro, Inc. The product provides anti-spam, anti-virus, network security and email protection features.A security vulnerability exists in Trend Micro Worry-Free Business Security,...

Development of Corporate Applications Based on Artificial Intelligence

By Owais Sultan Technologies based on Artificial intelligence can be used in corporate management since the indisputable advantage of these technologies is the ability to analyze large amounts of data without significant resource costs. The ability to use AI technologies is especially relevant wh...

RHEL 8 : OpenShift Container Platform 4.8.22 (RHSA-2021:4829)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4829 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Trend Micro Worry-Free Business Security 安全漏洞

Trend Micro Worry-Free Business Security is a suite of enterprise-class information security protection solutions from Trend Micro. The product provides anti-spam, anti-virus, network security and email protection. Trend Micro Worry-Free Business Security suffers from a security vulnerability tha...

Trend Micro Worry-Free Business Security 安全漏洞

Trend Micro Worry-Free Business Security is an enterprise-class information security protection solution from Trend Micro, Inc. The product provides anti-spam, anti-virus, network security and email protection features.A security vulnerability exists in Trend Micro Worry-Free Business Security,...

jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

CVE-2021-3962

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this...

Jenkins Enterprise and Operations Center < 2.277.43.0.2 / 2.303.3.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-11-04)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.2, or 2.x prior to 2.303.3.3. It is, therefore, affected by multiple vulnerabilities, including the following: - Agent processes are able to completely bypass file path...

gcc security and bug fix update

8.5.0-3.0.2 - Fix Orabug 33451471 and backport CTF/BTF enhancements ctfc: Free CTF container elements in ctfcdeletecontainer ctf: Do not warn for CTF not supported for GNU GIMPLE ICE in btffinalize when compiling with -gbtf PR debug/102507, Orabug 33451471 Reviewed-by: Jose E. Marchesi 8.5.0-3.0....

How Open Systems uses Microsoft tools to improve security maturity

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. We’ve all seen it happen—an organization has all the top-notch security tools in place and still, they get breached. In today’s rapidly evolving threat landscape, complexity leads to...