182 matches found
[SECURITY] Fedora 29 Update: python3-3.7.4-1.fc29
Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...
[SECURITY] Fedora 29 Update: python3-3.7.3-3.fc29
Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...
Drupal 7.x < 7.67 Third-Party Libraries Vulnerability
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.67, 8.6.x prior to 8.6.16, or 8.7.x prior to 8.7.1. It is, therefore, affected by a path traversal vulnerability. This security release fixes third-party dependencies included in or...
Drupal 8.6.x < 8.6.16 Third-Party Libraries Vulnerability
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.67, 8.6.x prior to 8.6.16, or 8.7.x prior to 8.7.1. It is, therefore, affected by a path traversal vulnerability. This security release fixes third-party dependencies included in or...
Drupal 8.7.x < 8.7.1 Third-Party Libraries Vulnerability
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.67, 8.6.x prior to 8.6.16, or 8.7.x prior to 8.7.1. It is, therefore, affected by a path traversal vulnerability. This security release fixes third-party dependencies included in or...
Drupal Third-party Libraries Vulnerability (SA-CORE-2019-007) - Windows
Drupal is prone to a vulnerability in the 3rd party library Phar Stream Wrapper. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Drupal Third-party Libraries Vulnerability (SA-CORE-2019-007) - Linux
Drupal is prone to a vulnerability in the 3rd party library Phar Stream Wrapper. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2019-007
This security release fixes third-party dependencies included in or required by Drupal core. As described in TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor: In order to intercept file invocations like fileexists or stat on compromised Phar archives the base name has ...
[SECURITY] Fedora 30 Update: python3-3.7.2-8.fc30
Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...
[SECURITY] Fedora 29 Update: python3-3.7.2-4.fc29
Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...
[SECURITY] Fedora 28 Update: python3-3.6.8-1.fc28
Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...
Drupal core - Critical - Third Party Libraries - SA-CORE-2019-001
Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...
Fedora 28 : clamav (2018-eff94da132)
ClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities. Fixes for the following ClamAV vulnerabilities: CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service DoS...
Nextcloud: Missing memory corruption protection on Windows release built
Hi, we have noticed that the Windows Desktop Client doesn't enable the protections ASLR and DEP and others. These protections are per-default enabled since approximately 10 years in Visual Studio and are very important because they make exploitation a lot harder or even make some vulnerabilities...
Securing Modern Web Applications: Threats and Types of Attacks
Web Application Firewalls are the most advanced firewall capabilities available to IT teams. Deploying the appropriate WAF is important, especially these days when the security threat landscape is changing so rapidly. In a previous post, we introduced Web Application Firewalls: Securing Modern We...
[SECURITY] Fedora 28 Update: python3-3.6.5-1.fc28
Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...
Merlin - A cross-platform post-exploitation HTTP/2 Command & Control server and agent
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. An introductory blog post can be found here: https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a Getting Started The quickest and easiest way to start using Merlin is download the...
Stable Channel Updates for Chrome OS
The Stable channel has been updated to 57.0.2987.137 Platform version: 9202.60.0 for all Chrome OS devices except AOpen Chromebase Mini, AOpen Chromebox Mini, Google Chromebook Pixel 2015, ASUS Chromebook Flip C100PA, Samsung Chromebook Plus. This build contains a number of bug fixes, security...
Code Reuse a Peril for Secure Software Development
The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It’s a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off...
Automated Security Response: Falcon Orchestrator
CrowdStrike Falcon Orchestrator is an extendable Windows-based application that provides workflow automation, case management and security response functionality. The tool leverages the highly extensible APIs contained within the CrowdStrike Falcon Connect program. Falcon Orchestrator has only be...