4991 matches found
Paessler PRTG Network Monitor Denial of Service Vulnerability
Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler AG, Germany. A security vulnerability exists in Paessler PRTG Network Monitor prior to version 18.1.39.1648, which can be exploited to cause a denial of service due to a failure of the progra...
[SECURITY] Fedora 27 Update: perl-5.26.2-404.fc27
Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...
Oracle Java SE Multiple Vulnerabilities (April 2018 CPU)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components : - AWT - Concurrency - Hotspot - Install -...
CVE-2018-2794
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...
Encryption 101: decryption tool code walkthrough
We have reached the final installment of our Encryption 101 series. In the prior post, we walked through, in detail, the thought process while looking at the Princess Locker ransomware. We talked about the specific ways to narrow down the analysis toward the encryption portions, the weaknesses in...
golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting
It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application...
[SECURITY] Fedora 26 Update: python3-3.6.5-1.fc26
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as t...
CA API Developer Portal Cross-Site Scripting Vulnerability (CNVD-2018-06877)
CA API Developer Portal is a set of applications for software developers to provide API Application Programming Interface query function of the U.S. CA. apiExplorer is one of the API detector. A cross-site scripting vulnerability exists in apiExplorer in CA API Developer Portal, which stems from...
[SECURITY] Fedora 28 Update: python-notebook-5.4.0-2.fc28
The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...
[SECURITY] Fedora 28 Update: golang-1.10-2.fc28
The Go Programming Language...
[SECURITY] Fedora 27 Update: python-notebook-5.2.1-2.fc27
The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...
Important: Red Hat Security Advisory: rh-ruby24-ruby security, bug fix, and enhancement update
An update for rh-ruby24-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
Forgot About Default Accounts? No Worries, GoScanSSH Didn’t
This blog post was authored by Edmund Brumaghin, Andrew Williams, and Alain Zidouemba. Executive Summary During a recent Incident Response IR engagement, Talos identified a new malware family that was being used to compromise SSH servers exposed to the internet. This malware, which we have named...
Debian: Security Advisory (DLA-1294-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 27 Update: golang-1.9.4-2.fc27
The Go Programming Language...
Denial of Service Vulnerability in Auto Station
Auto Station is a PLC-IVC series programming software from INVT. Auto Station suffers from a denial of service vulnerability. When the input 'data content' is more or less than its corresponding 'length', an attacker can obtain a null address via the GetVauleName function, resulting in a denial o...
[SECURITY] Fedora 27 Update: ruby-2.4.3-87.fc27
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...
[SECURITY] Fedora 26 Update: golang-1.8.7-1.fc26
The Go Programming Language...
[SECURITY] Fedora 26 Update: ldns-1.7.0-4.fc26
ldns is a library with the aim to simplify DNS programming in C. All low-level DNS/DNSSEC operations are supported. We also define a higher level API which allows a programmer to for instance create or sign packets...
[SECURITY] Fedora 27 Update: golang-1.9.4-1.fc27
The Go Programming Language...