[SECURITY] Fedora 35 Update: golang-github-google-martian-3.1.0-9.fc35

Martian Proxy is a programmable HTTP proxy designed to be used for testing. Martian is a great tool to use if you want to: - Verify that all or some subset of requests are secure - Mock external services at the network layer - Inject headers, modify cookies or perform other mutations of HTTP...

[SECURITY] Fedora 35 Update: golang-github-facebookincubator-contest-0-0.4.20210706gitceebc35.fc35

Run continuous and on-demand system testing for real and virtual hardware...

[SECURITY] Fedora 35 Update: golang-github-burntsushi-toml-test-0.2.0-11.20210108git9767d20.fc35

Toml-test is a higher-order program that tests other TOML decoders or encoder s. The goal is to make it comprehensive. Tests are divided into two groups: inva lid TOML data and valid TOML data. Decoders that reject invalid TOML data pass invalid TOML tests. Decoders that accept valid TOML data an...

GHSA-8MJR-JR5H-Q2XR OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli

Impact This vulnerability affects all accounts vanilla and ethereum flavors in the v0.2.0 release of OpenZeppelin Contracts for Cairo, which are not whitelisted on StarkNet mainnet, so only goerli deployments of v0.2.0 accounts are affected. This faulty behavior is not observed in StarkNet's...

Bypass-Url-Parser - Tool That Tests Many URL Bypasses To Reach A 40X Protected Page

Tool that tests MANY url bypasses to reach a 40X protected page. If you wonder why this code is nothing but a dirty curl wrapper, here's why: Most of the python requests do url/path/parameter encoding/decoding, and I hate this. If I submit raw chars, I want raw chars to be sent. If I send a weird...

Microsoft Security Update Validation Report July 2022

Microsoft’s July 2022 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English-only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

The vulnerability of the database of the Mendix software platform for deploying and testing software applications allows a perpetrator to disclose protected information.

The vulnerability of the software platform for deploying and testing Mendix application programs is related to configuration errors. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

The vulnerability of the Mendix software platform for deploying and testing software applications allows a perpetrator to uncover the structure of the created project.

The vulnerability of the Mendix software deployment and application testing platform is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor to disclose the structure of the created project...

Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems

Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for...

The vulnerability of the mobile plugin for data processing in Atlassian Jira Server and Data Center allows a perpetrator to execute an SSRF attack.

The vulnerability of the mobile plugin for data processing in Atlassian Jira Server and Data Center is related to insufficient testing of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

CrackQL - GraphQL Password Brute-Force And Fuzzing Utility

CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations. How it works? CrackQL works by automatically batching a single GraphQL...

Dynamic analysis of firmware components in IoT devices

Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. In most cases, such devices are analyzed using the black box testing approach, in which the researcher has virtually no knowledge about the object ...

EFB Tampering. Holdover Time

TL;DR Holdover applications are a relatively new method of calculating the effectiveness of anti-icing fluid sprayed onto aircraft wings. Applications such as these have additional attack surfaces as the developer and source databases need to be considered Airlines often view limits as targets to...

Fedora: Security Advisory for golang-github-gohugoio-testmodbuilder (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-onsi-ginkgo-2 (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-google-martian (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-gucumber (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

RUSTSEC-2022-0033 Heap memory corruption with RSA private key operation

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-32210

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API...

[SECURITY] Fedora 36 Update: subfinder-2.5.2-2.fc36

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing...