Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

JBoss: JAXP in EAP 7.0 allows RCE via XSL

It was found that the JAXP implementation used in EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing...

Working for a Winning Company

My interest in Imperva was indirectly created two years ago through an introduction to the Thoma Bravo TB team. After meeting a number of the key players at TB, I made a mental note that given the opportunity, this was a group I would love to work for someday. Two years later that opportunity...

[SECURITY] [DLA 2042-1] python-django security update

Package : python-django Version : 1.7.11-1+deb8u8 CVE ID : CVE-2019-19844 Debian Bug : 946937 It was discovered that there was a potential account hijack vulnerabilility in Django, the Python-based web development framework. Djangos password-reset form used a case-insensitive query to retrieve...

GHSA-7CG8-PQ9V-X98Q Sandbox Breakout in realms-shim

Versions of realms-shim prior to 1.2.1 are vulnerable to a Sandbox Breakout. The Realms evaluation function has an option to apply Babel-like transformations to the source code before it reaches the evaluator. One portion of this transform pipeline exposed a primal-Realm object to the rewriting...

Sandbox Breakout

realms-shim is vulnerable to sandbox breakout. The Realms evaluation function has an option to apply Babel-like transformations to the source code before it reaches the evaluator. An attacker is able to provide a malicious rewriter function that uses the confined code used within the evaluator...

CVE-2019-1003002

A flaw was found in Jenkins Pipeline. Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. This allows users with Overall/Read permission, or able to control Jenkinsfile or...

The vulnerabilities of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, are related to an unacceptable grid size during QCMS transformations. This allows attackers to disclose protected information.

The vulnerability of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, is related to an unacceptable grid size during QCMS transformations. Exploiting this vulnerability allows a malicious actor to disclose sensitive information obtained by reading beyond the buffer limit...

NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0011)

The remote NewStart CGSL host, running version MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough...

NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0124)

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough...

Rules-Based Policy Approaches Need to Go

Enterprises are making tremendous investments in their digital transformations, and no wonder: Increasingly, those who can more rapidly part from old, manual and antiquated ways of managing technology and shift to new ways of thinking will come out on top. That’s especially true when it comes to...

Use-After-Free

Firefox is vulnerable to use-after-free vulnerability. This occurs during XSL transformations. An attacker could cause a potentially exploitable crash resulting a denial of service condition...

The vulnerability of NSS libraries, related to errors in cryptographic transformations, allows attackers to gain unauthorized access to protected information.

The vulnerability of the NSS libraries is related to errors in cryptographic transformations. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Stack-based Buffer Overflow

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

Use After Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

Buffer Overflow

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

The vulnerability of the OpenSSL library, related to errors in cryptographic transformations, allows a hacker to disclose the protected information.

The vulnerability of the OpenSSL library is related to errors in cryptographic transformations. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...