Code execution vulnerability in Ocean CMS (CNVD-2021-25370)

Ocean CMS, also known as SEACMS, is completely open source and free of charge, adaptive to computers, cell phones, tablets, APP multi-terminal, no encryption, more secure, it is your best station-building tool! Ocean CMS code execution vulnerabilities, attackers can use the vulnerability to obtai...

CVE-2020-28653

creationtimestamp| type| source ---|---|--- 2021-02-03 18:49:33+00:00| seen| https://t.me/cibsecurity/23028 2021-09-20 17:34:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/opmanagersumpdudeserialization.rb 2025-02-06 03:13:44+00:00| seen|...

CVE-2020-23522

creationtimestamp| type| source ---|---|--- 2021-01-19 16:55:59+00:00| seen| https://t.me/cibsecurity/22258 2021-05-31 03:55:03+00:00| seen| https://t.me/pwnwikizhchannel/553 2024-11-14 06:08:14+00:00| seen| MISP/099a7f3f-a9c7-40b7-ba9b-5e5e0a42542e...

RubyGems Packages Laced with Bitcoin-Stealing Malware

RubyGems, an open-source package repository and manager for the Ruby web programming language, has taken two of its software packages offline after they were found to be laced with malware. RubyGems provides a standard format for distributing Ruby programs and libraries in the service of building...

Security Bulletin: Open Source Security issues for NPS service provider

Summary Fixed OSS issue for listed CVE Vulnerability Details CVEID: CVE-2019-11253 DESCRIPTION: The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to...

Security Bulletin: Open Source Secuity issues fixed for NPS softlayer provisioner.

Summary Fixed OSS issus for listed CVEs. Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. CVSS Base score: 7.5 CVSS Temporal Score:...

Rethinking IoT/OT Security to Mitigate Cyberthreats

We live in an exciting time. We’re in the midst of the fourth industrial revolution—first steam, followed by electricity, then computers, and, now, the Internet of Things. A few years ago, IoT seemed like a futuristic concept that was on the distant horizon. The idea that your fridge would be...

Microsoft Joins Open Source Security Foundation

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...

Microsoft Joins Open Source Security Foundation

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...

Hello open source security! Managing risk with software composition analysis

When first learning to code many people start with a rudimentary “Hello World” program. Building the program teaches developers the basics of a language as they write the code required to display “Hello World” on a screen. As developers get more skilled, the complexity of the programs they build...

Eclipse Jetty Information Disclosure Vulnerability (CNVD-2021-28269)

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty versions 9.4.27.v20200227 through 9.4.29.v20200521. The vulnerability stems from an error in configuration or other errors in the operati...

OSSEM - Open Source Security Events Metadata

The Open Source Security Events Metadata OSSEM is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems. Security events are documented in a dictionary format and can be used as a reference fo...

OSSEC-HIDS Server Component Buffer Overflow Vulnerability (CNVD-2020-04124)

OSSEC-HIDS is an open source intrusion detection tool. A buffer overflow vulnerability exists in the OSSEC-HIDS server component. The vulnerability originates when a network system or product performs operations on memory without properly validating data boundaries, resulting in incorrect read an...

RSA Conference 2020—Empower your defenders with artificial intelligence and automation

The RSA Conference 2020 kicks off in less than three weeks, and the Microsoft Security team can’t wait. This is one of our most important annual events because it provides an invaluable opportunity for us to connect with customers, partners, and other security thought leaders. New ideas are...

Google Offers Financial Support to Open Source Projects for Cybersecurity

Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products. The...

CVE-2019-15635

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

UPDATE: OWASP Dependency-Check 5.0.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. About 18 hours ago, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP...

Announcing the new Security Engineering website

To meet users’ expectations for security when using a product or cloud service, security must be an integral part of all aspects of the lifecycle. We all know this, and yet time has proven that this is far easier said than done because there is no single approach nor silver bullet that works in...

Rogue Developer Infects Widely Used NodeJS Module to Steal Bitcoins

A widely used third-party NodeJS module with nearly 2 million downloads a week was compromised after one of its open-source contributor gone rogue, who infected it with a malicious code that was programmed to steal funds stored in Bitcoin wallet apps. The Node.js library in question is...

Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2016-0736 CVE-2016-2161 CVE-2016-8743)

Summary A vulnerability in Open Source Apache HTTP Server affects the PureSystems® Managers used by IBM PureApplication System. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in modsessioncrypt...