[SECURITY] Fedora 31 Update: golang-1.13.3-1.fc31

The Go Programming Language...

IBM Cloud Orchestrator Security Bypass Vulnerability

IBM Cloud Orchestrator is a suite of cloud management solutions from IBM in the United States. The program provides extended internal and external deployment of cloud services and application program interfaces and tools to extend the integration with existing environments and other functions. A...

CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...

foreman: authorization bypasses in foreman-tasks leading to information disclosure

An authentication bypass vulnerability was discovered in Foreman. Previously, commit tasks were searched through findresource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover ...

An intern’s experience with Rust

Over the course of my internship at the Microsoft Security Response Center MSRC, I worked on the safe systems programming languages SSPL team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical...

An intern's experience with Rust

Over the course of my internship at the Microsoft Security Response Center MSRC, I worked on the safe systems programming languages SSPL team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical...

[SECURITY] Fedora 29 Update: golang-1.11.13-2.fc29

The Go Programming Language...

undertow: Information leak in requests for directories without trailing slashes

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

[SECURITY] Fedora 30 Update: golang-1.12.10-1.fc30

The Go Programming Language...

CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

CVE-2019-17375

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated SEC-517...

Design/Logic Flaw

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

CVE-2019-6467

CVE-2019-6467 affects BIND's nxdomain-redirect feature. A programming error can trigger an assertion failure in query.c when the alternate namespace used for NXDOMAIN redirection is a descendant of a locally served zone. Affected: BIND 9.12.0–9.12.4, 9.14.0, and all 9.13 development releases. Con...

Designing a COM library for Rust

I interned with Microsoft as a Software Engineering Intern in the MSRC UK team in Cheltenham this past summer. I worked in the Safe Systems Programming Language SSPL group, which explores safe programming languages as a proactive measure against memory-safety related vulnerabilities. This blog po...

Designing a COM library for Rust

I interned with Microsoft as a Software Engineering Intern in the MSRC UK team in Cheltenham this past summer. I worked in the Safe Systems Programming Language SSPL group, which explores safe programming languages as a proactive measure against memory-safety related vulnerabilities. This blog po...

[SECURITY] Fedora 31 Update: golang-1.13.1-1.fc31

The Go Programming Language...

Schneider Electric Modicon M580 UMAS cleartext data transmission vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An attacker can sniff network traffic to exploit this vulnerability. Tested Versions Schneider Electric...