Several security vulnerabilities were discovered in XStream, a Java library to serialize objects to XML and back again. CVE-2020-26258 Continue Reading — Debian LTS: DLA-2507-1: libxstream-java security update>
Unix, Linux, DevOps , Cloud computing and BigData Knowledge-Base
It was discovered that minidlna does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue (CVE-2020-12695). Continue Reading — Mageia 2020-0483: minidlna security update>
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. (CVE-2020-8231). A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP addres… Continue Reading...
The package thunderbird before version 78.6.0-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing and information disclosure. Continue Reading — ArchLinux: 202012-23: thunderbird: multiple issues>
The package tensorflow before version 2.4.0-1 is vulnerable to multiple issues including information disclosure and denial of service. Continue Reading — ArchLinux: 202012-22: tensorflow: multiple issues>
AWS Control Tower now includes an organization-level aggregator, which assists in detecting external AWS Config rules. This will provide you with visibility in the AWS Control Tower console to see externally created AWS Config rules in addition to thos… Continue Reading — AWS Control Tower...