CVE-2020-25016

A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to for example dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations...

CloudForms: User Impersonation in the API for OIDC and SAML

A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request...

[SECURITY] Fedora 32 Update: lua-5.3.5-8.fc32

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...

Get Lifetime Access to 1000+ Premium Online Training Courses for Just $59

"In today's knowledge economy, continual learning is an imperative." — Those words from Aytekin Tank, the founder of JotForm, are particularly important for anyone working in IT or development. With over 1,000 premium courses complete list from top instructors, StackSkills Unlimited provides...

Get Lifetime Access to 1000+ Premium Online Training Courses for Just $59

"In today's knowledge economy, continual learning is an imperative." — Those words from Aytekin Tank, the founder of JotForm, are particularly important for anyone working in IT or development. With over 1,000 premium courses complete list from top instructors, StackSkills Unlimited provides...

ALEOS API Abuse Vulnerability

ALEOS is an integrated development environment for building customized embedded M2M applications. An API abuse vulnerability exists in the AT Command API in ALEOS versions prior to 4.13.0, 4.9.5, and 4.4.9, which stems from a lack of length checking when processing certain user-supplied values, a...

Cisco Data Center Network Manager REST API Endpoint Input Validation Error Vulnerability

Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. An input validation error vulnerability exists in the REST API endpoint in Cisco...

mysql: Server: C API unspecified vulnerability (CPU Oct 2019)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: C API. Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

SAP NetWeaver AS ABAP and ABAP Platform Code Injection Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A code injection vulnerability exists in SAP NetWeaver AS ABAP and ABAP Platform, which can be exploited by an...

Control Flow Guard for Clang/LLVM and Rust

As part of our ongoing efforts towards safer systems programming, we’re pleased to announce that Windows Control Flow Guard CFG support is now available in the Clang C/C++ compiler and Rust. What is Control Flow Guard? What is Control Flow Guard? CFG is a platform security technology designed to...

[SECURITY] Fedora 31 Update: python3-3.7.8-2.fc31

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

CVE-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...

CVE-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...

LY Corporation: Deleting someone else's profile image with a GraphQL query in programming education service (https://entry.line.me)

LINE entry is a service that provides programming education for children https://entry.line.me. LINE entry provides users with the ability to add profile images. It was possible to delete other people's profile images or thumbnails using a GraphQL query...

Debian DLA-2306-1 : libphp-phpmailer security update

It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The Content-Type and Content-Disposition headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. F...

Fedora: Security Advisory for python3-docs (FEDORA-2020-c3b07cc5c9)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: golang-1.14.6-1.fc32

The Go Programming Language...

[SECURITY] Fedora 31 Update: golang-1.13.14-1.fc31

The Go Programming Language...

Background mujs is an embeddable Javascript interpreter in C. Description Multiple vulnerabilities have been discovered in mujs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround...

Thinking of a Cybersecurity Career? Read This

Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Heres a look at a recent survey that identified some of the bigger skills gaps, and some...