SUSE CVE-2022-41999

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability...

5 Cloud Security Challenges Solved by CNAPP

Configuration errors are a major cause of cloud security challenges for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve them...

GSD-2023-1002118 platform/surface: aggregator: Add missing call to ssam_request_sync_free()

platform/surface: aggregator: Add missing call to ssamrequestsyncfree This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.89 by commit...

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices

A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things IIoT devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology OT environments. "Threat actors can exploit...

A Cybersecurity Risk Assessment Guide for Leaders

Cybersecurity risk assessment provides the continuous asset detection, analysis, prioritization, and risk scoring needed to keep pace with a continuously growing digital attack surface...

When Pwning Cisco Persistence Is Key When Pwning Supply Chain Cisco Is Key

When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key By Trellix · February 1, 2023 This story was also written by Kasimir Schulz and Sam Quinn. Unlike those of the past, modern routers now function like high-powered servers with many ethernet ports running not only routi...

GSD-2023-1001755 platform/surface: aggregator: Add missing call to ssam_request_sync_free()

platform/surface: aggregator: Add missing call to ssamrequestsyncfree This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.89 by commit...

Managing Security Configuration Risk with the Most Comprehensive Configuration Compliance Solution!

Qualys leads the industry with 850 policies, 19000 controls, 350 technologies, and 100 frameworks Remote and hybrid work, digital transformation, and customer experience initiatives require rapid and continuous technology additions and changes. This requires continual additions of and deployments...

The Definitive Browser Security Checklist

Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it ...

CVE-2023-0435

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

Code injection

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

CVE-2023-0435 Excessive Attack Surface in pyload/pyload

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

PT-2023-16267 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyload/pyload versions prior to 0.5.0b3.dev41 Description: The issue concerns an excessive attack surface in the GitHub repository pyload/pyload. Recommendations: For versions prior to 0.5.0b3.dev41, update to version 0.5.0b3.dev41 or later t...

CVE-2023-0435

CVE-2023-0435 affects pyload/pyload (GitHub repo) prior to version 0.5.0b3.dev41. The underlying issue is an Excessive Attack Surface, leading to a high/critical risk (NVD score 9.8). Affected component is the pyload/pyload codebase; root cause described as too many attack surfaces. Remediation: ...

CVE-2023-0435 Excessive Attack Surface in pyload/pyload

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

What is Business Attack Surface Management?

Explore how businesses can make internal and external attack surface management ASM actionable...

Patch Where it Hurts: Effective Vulnerability Management in 2023

A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all...

Patch Where it Hurts: Effective Vulnerability Management in 2023

A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all...

PT-2024-11812 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to a missing call to ssam request sync free in the platform/surface: aggregator component. Although rare, ss...

Year in Review: Rapid7 Cybersecurity Research

Welcome to 2023, a year that sounds so futuristic it is hard to believe it is real. But real it is, and make no mistake, threat actors are still out there, working hard to get into networks the world over. So, at the start of the new year, I am reminded of two particular phrases: Those who do not...