K48127735: Apache log4net Vulnerability CVE-2018-1285
Apache log4net Vulnerability CVE-2018-1285 Security Advisory Security Advisory Description Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net ...
K05328500: MySQL vulnerability CVE-2022-21490
MySQL vulnerability CVE-2022-21490 Security Advisory Security Advisory Description Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that ...
K04665443: OpenSSH vulnerability CVE-2021-36368
OpenSSH vulnerability CVE-2021-36368 Security Advisory Security Advisory Description ** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication ...
K31323265: OpenSSL vulnerability CVE-2022-0778
OpenSSL vulnerability CVE-2022-0778 Security Advisory Security Advisory Description The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop ...
K03007515: Linux kernel vulnerabilities CVE-2018-7755 and CVE-2019-14283
Linux kernel vulnerabilities CVE-2018-7755 and CVE-2019-14283 Security Advisory Security Advisory Description CVE-2018-7755 An issue was discovered in the fd_locked_ioctl function in drivers/block ...
Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards
“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion: His two cats. They’re always by his side...
Mitsubishi Electric MELSEC iQ-F Series
This advisory contains mitigations for Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC iQ-F Series CPU modules.
K11414891: Linux Kernel vulnerability CVE-2018-13053
Linux Kernel vulnerability CVE-2018-13053 Security Advisory Security Advisory Description The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an ...
K27003374: Linux Kernel vulnerability CVE-2018-14734
Linux Kernel vulnerability CVE-2018-14734 Security Advisory Security Advisory Description drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a ...
K57454331: Linux Kernel vulnerability CVE-2018-10853
Linux Kernel vulnerability CVE-2018-10853 Security Advisory Security Advisory Description A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/ ...
K21548854: zlib vulnerability CVE-2018-25032
zlib vulnerability CVE-2018-25032 Security Advisory Security Advisory Description zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant ...
K83120834: Diffie-Hellman key agreement protocol vulnerability CVE-2002-20001
Diffie-Hellman key agreement protocol vulnerability CVE-2002-20001 Security Advisory Security Advisory Description The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the ...
K82896488: Cyrus SASL vulnerability CVE-2022-24407
Cyrus SASL vulnerability CVE-2022-24407 Security Advisory Security Advisory Description In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL ...
K91589041: Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827
Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827 Security Advisory Security Advisory Description CVE-2021-45960 In Expat (aka libexpat) before 2.4.3, a left ...
K18484125: Eclipse Jetty vulnerability CVE-2020-27216
Eclipse Jetty vulnerability CVE-2020-27216 Security Advisory Security Advisory Description In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 ...
Microsoft patches the patch that broke Windows authentication
May 10 update addressed serious vulns but also had problems of its own Microsoft has released an out-of-band patch to deal with an authentication issue that was introduced in the May 10 Windows update.…
Closing the Gap Between Application Security and Observability
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell.
Nikkei Says Customer Data Likely Impacted in Ransomware Attack
Asian media giant Nikkei has disclosed a ransomware attack that might have impacted customer data.
read more
New Open Source Project Brings Consistent Identity Access to Multicloud
Hexa and IDQL allows organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.
New Brute Force Attacks Against SQL Servers Use PowerShell Wrapper
Microsoft has warned organizations of a new wave of brute force cyberattacks that target SQL servers and use a rather uncommon living-off-the-land binary (LOLBin).
Specifically, the attackers rely on a legitimate utility called sqlps.exe to achieve fileless persistence on SQL...
