ALSA-2020:1317 Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 For more details about the security issues, including the impact, a CVSS score,...

CVE-2020-8016

A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows...

CVE-2020-8016

CVE-2020-8016 is a local-privilege issue described as a race condition in the packaging of texlive-filesystem affecting SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SLED/SLES 12-SP4/12-SP5, and openSUSE Leap 15.1. The underlying problem: a race condition in linking during packagi...

Important: nodejs:12 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 For more details about the security issues, including the impact, a CVSS score,...

PT-2020-10924 · Parrot · Parrot Anafi

Name of the Vulnerable Software and Affected Versions: Parrot ANAFI affected versions not specified Description: The web server running on Parrot ANAFI can be crashed due to the SDK command Common CurrentDateTime being sent to the control service with a larger than expected date length...

Consumerization: a better way to answer cybersecurity challenges

A version of this article originally appeared in Forbes on February 12, 2020. Consumerization: The specific impact that consumer-originated technologies can have on enterprises. Gartner More and more, enterprises are coming to understand that they need to adopt the agile processes and product...

Unauthorized Access Vulnerability in Kodak Video Surveillance Devices

hereinafter referred to as KODAK is a provider of video and security products and solutions, dedicated to video conferencing, video surveillance and a wealth of video application solutions to help all kinds of government and enterprise customers to solve the visual communication and management...

Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.19.0. Security Fixes: nodejs: HTTP request smuggling using malformed...

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All...

PT-2020-10459 · Heartland & Global Payments · Heartland & Global Payments Php Sdk

Name of the Vulnerable Software and Affected Versions: Heartland & Global Payments PHP SDK versions prior to 2.0.0 Description: The issue concerns the failure to enforce SSL certificate validations in the Gateways/Gateway.php file. This could potentially lead to security risks, as it may allow fo...

CVE-2019-17519

The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet...

CVE-2019-19196

The Bluetooth Low Energy Secure Manager Protocol SMP implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices accepts a pairing request with a key size greater than 16 bytes, allowing an...

Introducing Microsoft Application Inspector

Modern software development practices often involve building applications from hundreds of existing components, whether they’re written by another team in your organization, an external vendor, or someone in the open source community. Reuse has great benefits, including time-to-market, quality, a...

EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2019-2374)

According to the version of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.Security...

Autodesk FBX Software Development Kit Buffer Overflow Vulnerability

Autodesk FBX Software Development Kit is a software development kit SDK for working with FBX format files from Autodesk USA. A buffer overflow vulnerability exists in the Autodesk FBX Software Development Kit. The vulnerability originates when a networked system or product performs an operation i...

Explained: What is containerization?

Containerization. Another one of those tech buzzwords folks love to say but often have no idea what it means. A better way to organize children's toys? The act of bringing tupperware out to dinner to safely transport home leftovers? Another name for Russian dolls? Containerization is, of course,...

CVE-2019-7366

Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system...

CVE-2019-7366

Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system...

RUSTSEC-2019-0031 spin is no longer actively maintained

The author of the spin crate does not have time or interest to maintain it. Consider the following alternatives all of which support nostd: - conquer-once - lockapi a subproject of parkinglot - spinningtop spinlock crate built on lockapi - spinning...

A New Playground for Cybercrime: Why Supply Chain Security Must Cover Software Development

Most organisations see supply chains as providers of physical goods and services. The supply chain management function in these companies usually provides the governance framework to reduce third-party risks and prevent hackers from stealing data, disrupting daily operations and affecting busines...