Background mujs is an embeddable Javascript interpreter in C. Description Multiple vulnerabilities have been discovered in mujs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround...

Fedora: Security Advisory for perl (FEDORA-2020-fd73c08076)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2020-13859 · Go +6 · X/Text +6

Name of the Vulnerable Software and Affected Versions: x/text package versions prior to 0.3.3 Description: The issue is related to the UTF-16 decoder in the encoding/unicode component, which could enter an infinite loop if a single byte is provided to a UTF16 decoder instantiated with UseBOM or...

[SECURITY] Fedora 31 Update: perl-5.30.3-452.fc31

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

Security Bulletin: Vulnerability in Go programming language affects IBM Spectrum Protect Server (CVE-2019-16276)

Summary The Go programming language could allow a remote attacker to bypass security restrictions which affects the IBM Spectrum Protect Server. Vulnerability Details CVEID: CVE-2019-16276 DESCRIPTION: Golang could allow a remote attacker to bypass security restrictions, caused by improper...

Debian DLA-2244-1 : libphp-phpmailer security update

It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The Content-Type and Content-Disposition headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. F...

[SECURITY] Fedora 32 Update: perl-5.30.3-453.fc32

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

[SECURITY] Fedora 32 Update: python3-3.8.3-1.fc32

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now

If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any informatio...

The Safety Boat: Kubernetes and Rust

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...

The Safety Boat: Kubernetes and Rust

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...

The vulnerability of the Go programming language’s crypto/x509 package, which allows a hacker to trigger a service failure

The vulnerability of the Go programming language’s crypto/x509 package is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

python27:2.7 security, bug fix, and enhancement update

An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-requests, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet,...

Banking.BR Android Trojan Emerges in Credential-Stealing Attacks

A recently uncovered banking trojan aims to steal Android victims’ online banking credentials and take over their bank accounts, using “elaborate” overlay attack capabilities. The malware, dubbed “Banker.BR” by researchers with IBM X-Force, was spotted in messages targeting users in countries tha...

The vulnerability of the exif_iif_add_value function in the EXIF interpreter for the PHP programming language allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the exifiifaddvalue function in the EXIF extension of the PHP interpreter is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...

SAP NetWeaver AS ABAP Cross-Site Scripting Vulnerability

SAP NetWeaver AS ABAP Business Server is an application server for ABAP Advanced Business Application Programming from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver AS ABAP Business Server Pages application CRMBSPFRAME. The vulnerability stems from a lack of proper...

Domained - Multi Tool Subdomain Enumeration

A domain name enumeration tool The tools contained in domained requires Kali Linux preferred or Debian 7+ and Recon-ng domained uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting with categorized screenshots,...

[SECURITY] Fedora 31 Update: golang-1.13.9-1.fc31

The Go Programming Language...

CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

CVE-2016-5386

An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTPPROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTPPROXY" is used by numerous web clients, including Go's net/http package,...