ATENTIONβΌ New - CVE-2014-0161
π Read
via "National Vulnerability Database".
ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-0104
π Read
via "National Vulnerability Database".
In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-0048
π Read
via "National Vulnerability Database".
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-4752
π Read
via "National Vulnerability Database".
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3621
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3607. Reason: This candidate is a reservation duplicate of CVE-2013-3607. Notes: All CVE users should reference CVE-2013-3607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3620
π Read
via "National Vulnerability Database".
Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3619
π Read
via "National Vulnerability Database".
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.π Read
via "National Vulnerability Database".
π How to install and use git-secret π
π Read
via "Security on TechRepublic".
Learn how to gain more security in your git repository with the help of the git-secret tool.π Read
via "Security on TechRepublic".
TechRepublic
How to install and use git-secret
Learn how to gain more security in your git repository with the help of the git-secret tool.
π 3 security tips to protect yourself from skimming attacks π
π Read
via "Security on TechRepublic".
E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.π Read
via "Security on TechRepublic".
TechRepublic
3 security tips to protect yourself from skimming attacks
E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.
π Alert overload is burning out security analysts π
π Read
via "Security on TechRepublic".
Survey suggests overall volume and high rate of false problems are changing priority lists in security operations centers.π Read
via "Security on TechRepublic".
TechRepublic
Alert overload is burning out security analysts
Survey suggests overall volume and high rate of false problems are changing priority lists in security operations centers.
π FBI Issues Alert on LockerGoga and MegaCortex Ransomware π
π Read
via "Subscriber Blog RSS Feed ".
The FBI sounded the alarm around two strains of ransomware, LockerGoga and MegaCortex, shortly before the holiday break.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
FBI Issues Alert on LockerGoga and MegaCortex Ransomware
The FBI sounded the alarm around two strains of ransomware, LockerGoga and MegaCortex, shortly before the holiday break.
β Data Breach Affects 63 Landryβs Restaurants β
π Read
via "Threatpost".
Landry's announced that more than 60 of its restaurants may be affected by payment processing system malware.π Read
via "Threatpost".
Threat Post
Data Breach Affects 63 Landryβs Restaurants
Landry's announced that more than 60 of its restaurants may be affected by payment processing system malware.
ATENTIONβΌ New - CVE-2013-3946
π Read
via "National Vulnerability Database".
Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3945
π Read
via "National Vulnerability Database".
The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3944
π Read
via "National Vulnerability Database".
Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3941
π Read
via "National Vulnerability Database".
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3939
π Read
via "National Vulnerability Database".
xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3937
π Read
via "National Vulnerability Database".
Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3932
π Read
via "National Vulnerability Database".
SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3931
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3247
π Read
via "National Vulnerability Database".
Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.π Read
via "National Vulnerability Database".