SUSE CVE-2021-39146

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

SUSE CVE-2021-39147

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

SUSE CVE-2021-39150

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

SUSE CVE-2021-39154

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

sgpmlp.abgf.gov.br Cross Site Scripting vulnerability OBB-3187481

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

eru.rescuegroups.org Cross Site Scripting vulnerability OBB-3138170

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fabuloushaircosmetics.nl Cross Site Scripting vulnerability OBB-3132240

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

drinklicious.nl Cross Site Scripting vulnerability OBB-3123938

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

XStream can cause Denial of Service via stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...

zentrus.ch Cross Site Scripting vulnerability OBB-3111326

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Introducing PEACH, a tenant isolation framework for cloud applications

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation by reducing your cloud applications’ attack surface...

Ease Your Cybersecurity Maturity Model Certification Journey With Qualys

The Cybersecurity Maturity Model Certification CMMC is a cybersecurity training, certification, and assessment program from the United States Department of Defense DoD. CMMC is designed to provide increased assurance to the DoD that a contractor can adequately protect controlled unclassified...

CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain 

Today, CISA, the National Security Agency NSA, and the Office of the Director of National Intelligence ODNI, published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series - Recommended Practices Guide for Customers. This publication follow...

Microsoft contributes S2C2F to OpenSSF to improve supply chain security

On August 4, 2022, Microsoft publicly shared a framework.pdf that it has been using to secure its own development practices since 2019, the Secure Supply Chain Consumption Framework S2C2F, previously the Open Source Software-Supply Chain Security OSS-SSC Framework. As a massive consumer of and...

CVE-2022-41547

Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...

CVE-2022-41547

Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is Mobile Security Framework open source an automated all-in-one mobile application . Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

CVE-2022-41547

Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...

Apache Shiro Authentication Bypass Vulnerability (CNVD-2022-68497)

Apache Shiro is a Java security framework with authentication, access authorization, data encryption, session management, etc. An authentication bypass vulnerability exists in Apache Shiro, which is caused when requests are forwarded or requests are included via the RequestDispatcher interface, a...

New Report on IoT Security

The Atlantic Council has published a report on securing the Internet of Things: "Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem." The report examines the regulatory approaches taken by four countries--the US, the UK, Australia, and Singapore--to secur...