63 matches found
Exploit for Deserialization of Untrusted Data in Alibaba Fastjson
json.org CVE-2022-45688 true & false positive WTF ?? The p...
The Unknown Risks of The Software Supply Chain: A Deep-Dive
In a world where more & more organizations are adopting open-source components as foundational blocks in their application's infrastructure, it's difficult to consider traditional SCAs as complete protection mechanisms against open-source threats. Using open-source libraries saves tons of coding...
Discover and Assess the Risk of Embedded Open-Source Software (OSS) Vulnerabilities
Runtime Software Composition Analysis with the Qualys Cloud Agent In a blog post published last week, we discussed the importance of managing risk across software developed in-house. A great deal of that risk is introduced by vulnerabilities in open-source packages like Log4Shell, OpenSSL, etc...
Protecting your IT infrastructure with Security Configuration Assessment (SCA)
Security Configuration Assessment SCA is critical to an organization's cybersecurity strategy. SCA aims to discover vulnerabilities and misconfigurations that malicious actors exploit to gain unauthorized access to systems and data. Regular security configuration assessments are essential in...
Grepmarx - A Source Code Static Analysis Platform For AppSec Enthusiasts
Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases. Features SAST Static Analysis Security Testing capabilities: Multiple languages support: C/C++, C, Go, HTML, Java, Kotlin, JavaScript,...
SUSE CVE-2009-0906
The Service Component Architecture SCA feature pack for IBM WebSphere Application Server WAS SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors...
SUSE-FU-2022:4496-1 Feature update for SCA patterns
This update for SCA patterns fixes the following issues: sca-patterns-base: - Version update from 1.3.1 to 1.5.0 to implement the conversion of SCA Tool to Python3 jscSLE-25064, jscSLE-24335: Convert SCA Tool from Python2 to Python3 bsc1191005, SLE-21579 Added Core.loadFullFile for sectionless...
CVE-2021-4142
The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA simple content access certificate for authentication with Candlepin...
CVE-2021-4142
The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA simple content access certificate for authentication with Candlepin...
Authentication flaw
The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA simple content access certificate for authentication with Candlepin...
MAL-2022-3835 Malicious code in ing-orange-login-sca-es (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ead5ed601ba0e5ae4f1c0bb3896d3e65abf85e1407cbed94361b44a0e676793 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3819 Malicious code in ing-app-login-sca-es (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2733895abf197c52df4677d58952c072674d664777a0ff775d6bb7c7b9c59dbf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Closing the Gap Between Application Security and Observability
Infosec Insiders columnist Daniel Kaar, global director application security engineering at Dynatrace. When it’s all said and done, application security pros may come to look upon the Log4Shell vulnerability as a gift. Potentially one of the most devastating software flaws ever found, Log4Shell...
ALBA-2022:0897 subscription-manager bug fix and enhancement update
The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the AlmaLinux entitlement platform. Bug Fixes and Enhancements: Subscription manager sends redundant requests to the server in SCA mode BZ2044349...
subscription-manager bug fix and enhancement update
An update is available for subscription-manager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The subscription-manager packages provide programs and libraries...
subscription-manager bug fix and enhancement update
The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the AlmaLinux entitlement platform. Bug Fixes and Enhancements: Subscription manager sends redundant requests to the server in SCA mode BZ2044349...
CVE-2021-4142
The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA simple content access certificate for authentication with Candlepin. Mitigation Mitigation for this issue is not available because it doesnt meet the Re...
tCell by Rapid7 Supports the Newly Released .NET 6.0
We’re excited to share that we've coordinated our recent .NET and .NET Core agent releases with the brand new .NET 6.0 release from Microsoft. What is tCell? Since the founding of tCell by Rapid7, our web application and API protection solution, we’ve prided ourselves on providing both breadth an...
SUSE: Security Advisory (SUSE-SU-2021:1497-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2021:1497-1 Security update for sca-patterns-sle11
This update for sca-patterns-sle11 fixes the following issues: - New regular patterns 1 for version 1.3.1 Special Register Buffer Data Sampling aka CrossTalk CVE-2020-0543 bsc1154824...