CVE-2017-20146
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the...
CVE-2016-15005
CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker...
CVE-2015-10004
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an...
CVE-2014-125026
LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user...
CVE-2013-10005
The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a...
Everything You Need to Know About Identity Remediation
There are no ifs, ands, or buts about it: A stolen identity creates a mess. Once they have a few key pieces of personally identifiable...
Arresting IT Administrators
This is one way of ensuring that IT keeps up with patches: Albanian prosecutors on Wednesday asked for the house arrest of five public employees...
CVE-2018-25049
A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The...
CVE-2015-10005
A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The...
A Vulnerability in KSMBD for Linux Could Allow for Remote Code Execution
A vulnerability have been discovered in KSMBD for Linux that could allow for remote code execution. KSMBD is a Linux kernel daemon which implements the...