[SECURITY] Fedora 36 Update: python3.7-3.7.16-1.fc36

Python 3.7 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, see other distributions that support it, such as an older Fedora release...

Microsoft Security Update Validation Report December 2022

Microsoft’s December 2022 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...

Top 5 Web App Vulnerabilities and How to Find Them

Web applications, often in the form of Software as a Service SaaS, are now the cornerstone for businesses all over the world. SaaS solutions have revolutionized the way they operate and deliver services, and are essential tools in nearly every industry, from finance and banking to healthcare and...

GHSA-67FX-WX78-JX33 Helm vulnerable to denial of service through schema file

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...

Helm vulnerable to denial of service through schema file

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...

GHSA-53C4-HHMH-VW5Q Helm vulnerable to denial of service through through repository index file

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the repo package that can cause a segmentation violation. Applications that use functions from the repo package in the Helm SDK can have a Denial of Service attack when they use this package and it panics...

Helm vulnerable to denial of service through through repository index file

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the repo package that can cause a segmentation violation. Applications that use functions from the repo package in the Helm SDK can have a Denial of Service attack when they use this package and it panics...

Helm vulnerable to denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service atta...

Internet Bug Bounty: CVE-2022-23519: Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)

The following is from: https://hackerone.com/reports/1656627 Intro The Rails HTML sanitzier allows to set certain combinations of tags in it's allow list that are not properly handled. Similar to the report 1530898, which identified the combinationselect and style as vulnerable, my fuzz testing...

CVE-2022-23512

MeterSphere (open source continuous testing platform) has a path injection vulnerability in ApiTestCaseService::deleteBodyFiles. The issue arises when a user-supplied string id is concatenated into the file path (BODY_FILE_DIR + "/" + testId) and later deleted via file.delete(), enabling manipula...

Siemens Polarion ALM Host Header Injection Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single unified solution for requirements, coding, testing and release.A security vulnerability exists in Siemens Polarion ALM, which could be exploited by attackers to spoof host...

Helm vulnerable to denial of service through through repository index file

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the repo package that can cause a segmentation violation. Applications that use functions from the repo package in the Helm SDK can have a Denial of Service attack when they use this package and it panics...

Helm vulnerable to denial of service through schema file

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...

Helm vulnerable to denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service atta...

Low PVS boot throughput

A customer observed that PVS target device boot statistics, viewed in status tray tool, showed low throughput and a long boot time on existing target devices. Testing a new vdisk, minimal install with just PVS target device software and not domain joined, showed much quicker boot time and higher...

Misconfigured or malicious MANAGER Can drain, lose or steal ALL of the collateral.

Lines of code Vulnerability details Impact Collateral.sol allows withdrawal of funds to an arbitrary manager account. There are no inherent limitation to: 1. identity of manager address 2. withdrawable amount Details of 1. : manager setter is access controlled still may be misconfigured or a...

[SECURITY] Fedora 35 Update: python3.7-3.7.16-1.fc35

Python 3.7 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, see other distributions that support it, such as an older Fedora release...

The vulnerability of NVIDIA’s graphics processor display driver allows attackers to enhance their privileges.

The vulnerability of NVIDIA’s graphics processor display driver exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code or gain increased privileges...

Why Chaos Engineering is a Good Stress Test Strategy

Learn about chaos engineering, a method of resilience testing that intentionally introduces “chaos” into a system to discover vulnerabilities and weaknesses that can be exploited by attackers...

The 5 Core Principles of the Zero-Trust Cybersecurity Model

When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero-trust model, every organization should be actively moving in that...