Cyber Security Newsfeeds from around the world
bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. bpo-37764: Fixes email._header_value_parser.get_un…
Continue ReadingDrupal Forms Steps: information disclosure Synthesis of the vulnerability An attacker can bypass access restrictions to data of Drupal Forms Steps, in order to obtain sensitive information. Vulnerable software:
Severity of this announce: 2/4. Conseque…
Continue ReadingCisco released a security update for critical Authentication Bypass vulnerability that resides in the Cisco REST API virtual service container for Cisco IOS XE Software allows a remote attacker to bypass the authentication in managed Cisco devices. Cis…
Continue Reading2) Deserialization of untrusted data. Severity: High. CVSSv3: [PCI] CVE-ID: CVE-2017-17485. CWE-ID: Description. CWE-502 – Deserialization of Untrusted Data The vulnerability allows a remote attacker to execute arbitrary code on the target system. The …
Continue ReadingThe documentation XML-RPC server in various Python versions has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrar…
Continue Reading. Posted: October 18, 2019 by Pieter Arntz In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October…
Continue ReadingCurrent Description. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low …
Continue ReadingA popular endpoint security strategy for users who have access to important data is to implement a physical air gap, also known as “Privileged Access Workstations” (PAW) or “Secure Access Workstations” (SAW). With PAWs, each end user has a separate lap…
Continue ReadingBy Rick Anderson, delivery director, Wind River. While ATM security is not necessarily “life critical” as with many other industries (think transportation, medical and some industrial applications) there are certainly financial and identity theft risks…
Continue Reading. It sounds familiar, but I don’t think Humphrey Bogart is running the gin joint this time around. Questionable Casablanca references aside, Amnesty International has reported another attack against human rights workers. In this case, a pair of Morocca…
Continue Reading