Third-party software libraries introduce efficiency and risk into enterprise applications. Two researchers will identify some of the most vulnerable libraries during a talk at the upcoming Black Hat conference.
Browsing Tag: vulnerabilities
IBM recently patched a handful of vulnerabilities in some of its KVM switches that if exploited, could have given an attacker free reign over any system attached to it.
The EFF is working on an open wireless router firmware that’s designed to be a secure and flexible alternative to the existing software that runs on home and small business routers, much of which is notoriously insecure. The Open Wireless Router project, which the organization announced at the HOPE X conference over the weekend, is[…]
Cisco patched a critical remote code execution bug in its Cisco Wireless Residential Gateway product.
There are five vulnerabilities fixed in the latest release of the Apache Web server, including a buffer overflow and several denial-of-service vulnerabilities. Fixes for these flaws have landed in the developer release of the server, 2.4.10-dev. The buffer overflow vulnerability is rated moderate by the Apache Software Foundation, but it could be used for remote code[…]
A paper published by Microsoft and researchers at Carleton University declare password re-use and weak credentials have their place for users managing multiple accounts.
OpenVPN is advising users of its Desktop Client to upgrade as soon as possible to avoid attacks against a CSRF vulnerability that can allow remote code execution. The vulnerability lies in a product that the company no longer supports and considers obsolete. An attacker could exploit the vulnerability if a user running a vulnerable version visits[…]
The OpenBSD project patched a vulnerability in the LibreSSL random number generator; both sides of the issue concede the test program used to trigger the flaw was either unusual or unrealistic.
Oracle is expected to release 113 patches across its product lines as part of its quarterly Critical Patch Updates.
Apple acknowledged on Thursday that it has updated its OSX plugin blacklist to reflect a critical vulnerability in Adobe Flash made public earlier this week.