A vulnerability affecting GitLab Community and Enterprise Editions, has been assigned the highest possible CVSS score of 10.0. GitLab is a web-based Git repository used for remote code management by developers and their teams, with approximately 30 million registered users. GitLab have released an emergency security update to address this critical flaw which they advise […]
Maximum Severity Flaw Patched in GitLab Read More »
A remote code execution vulnerability has been found in the Apache Commons Text library, an open-source Java library used by developers. The vulnerability tracked as CVE-2022-42889 has been given a CVSS base score of 9.8, and a critical severity rating. A GitHub threat analyst discovered this flaw back in March and reported it to Apache.
Apache Commons Remote Code Vulnerability Read More »
The recent Windows 11 2022 Update has been experiencing issues and failing to finish installing due to provisioning issues, leaving some partially configured endpoints vulnerable. Also known as version 22H2, this update immediately impacted some users by causing Remote Desktop clients to not connect, randomly disconnect, or freeze unexpectedly. Since then, Microsoft have released issue
Issues with Windows 11 22H2 Update Addressed Read More »
GitLab have published a critical security release this week to notify their users about an update that contains important security fixes. Versions 15.3.1, 15.2.3, and 15.1.5 were released for GitLab Community Edition (CE) and Enterprise Edition (EE), in order to patch a remote code execution (RCE) vulnerability. GitLab is used as a DevOps platform for
GitLab Patch Critical Remote Code Execution Flaw Read More »
Spring is a popular enterprise grade application framework for Java, and Spring4Shell is the name given to a remote code execution vulnerability disclosed at the end of March. There has been a lot of hype and confusion in the tech press surrounding this vulnerability, including confusing it with a CVE for Spring Cloud Function which
What is the Spring4Shell vulnerability? Read More »
‘Use After Free’ is the name given to security vulnerabilities that occur because of a problem with the way an application is managing its memory. When one part of a program attempts to use some memory that another part of the program has released because it is no longer needed the application may crash, produce
What is a Use After Free Vulnerability? Read More »
When it comes to security vulnerabilities, they don’t get any worse than the one recently disclosed in the Log4j utility which was awarded the maximum CVSS severity of 10. This is not some theoretical risk, it is an open door to affected systems. The NCSC calls it: ‘potentially the most severe computer vulnerability in years.’
How serious is the Log4j vulnerability? Read More »
Mozilla has published a security advisory warning of a critical security vulnerability in the Network Security Services libraries which are widely used by open-source software. While the bug does not impact Mozilla Firefox, it is thought to affect many other email clients and PDF viewers that use the electronic signature verification features of the Network
Mozilla warns of digital signature vulnerability Read More »
Long considered a theoretical attack, HTTP request smuggling is now ‘soaring in popularity’ according to a new research paper published this month. What is HTTP request smuggling and what risk does it pose to your network? HTTP Request Smuggling (HRS) was first documented back in 2005. It is made possible by the way different web
What is HTTP request smuggling? Read More »
Blacksmith is a new kind of Rowhammer attack that has been proved to successfully bypass existing Rowhammer protections in modern DDR4 memory chips – allowing researchers to extract security secrets and change memory contents on victim computers. What is Rowhammer? Modern computer memory chips are physically very dense – with billions of memory cells (each
Blacksmith brings down the Rowhammer Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.