FasterXML jackson-databind slf4j-ext Class Arbitrary Code Execution Vulnerability

A vulnerability in the FasterXML jackson-databind library could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because the affected software fails to block the slf4j-ext class from polymorphic deserialization. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. …

FasterXML jackson-databind slf4j-ext Class Arbitrary Code Execution Vulnerability Read More »

FasterXML jackson-databind Blaze-ds-Opt and Blaze-ds-Core Classes Arbitrary Code Execution Vulnerability

A vulnerability in the FasterXML jackson-databind library could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because the affected software fails to block blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted …

FasterXML jackson-databind Blaze-ds-Opt and Blaze-ds-Core Classes Arbitrary Code Execution Vulnerability Read More »

FasterXML jackson-databind Polymorphic Deserialization External XML Entity Vulnerability

A vulnerability in the FasterXML jackson-databind library could allow an unauthenticated, remote attacker to conduct an XML external entity (XXE) attack on a targeted system. The vulnerability exists because the affected software fails to block unspecified Java Development Kit (JDK) classes from polymorphic deserialization. An attacker could exploit this vulnerability by sending a request that …

FasterXML jackson-databind Polymorphic Deserialization External XML Entity Vulnerability Read More »

Jenkins wrapper Query Parameter Cross-Site Scripting Vulnerability

A vulnerability in the wrapper query parameter for the XML variant of the Jenkins remote API could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack on a targeted system. The vulnerability is due to insufficient validation of XML tag names by the affected software. An attacker could exploit this vulnerability …

Jenkins wrapper Query Parameter Cross-Site Scripting Vulnerability Read More »

Jenkins File Parameter Defining Path Traversal Vulnerability

A vulnerability in the core/src/main/java/hudson/model/FileParameterValue.java code of Jenkins could allow an authenticated, remote attacker to write arbitrary files on a targeted system. The vulnerability exists because the affected software could allow a file parameter definition to be defined outside the intended directory. An attacker with Job and Configure permissions could exploit this vulnerability by specifying …

Jenkins File Parameter Defining Path Traversal Vulnerability Read More »

AWS Elemental MediaConvert Adds IMF Input and Enhances Caption Burn-In Support

AWS Elemental MediaConvert has added a new feature, IMF (Interoperable Master Format) package ingest, and enhanced an existing feature, caption burn-in, with the addition of several languages. Using MediaConvert, you can now ingest packages with JPEG-2000 video, up to 10 bit UHD format, with IMSC1 text captions. You can pass through HDR (High Dynamic Range) …

AWS Elemental MediaConvert Adds IMF Input and Enhances Caption Burn-In Support Read More »

Intel kills Optane ‘Core+’ desktop processor bundles as 3D XPoint venture dissolves

Intel has officially killed off its “Core+” Optane processor bundles for desktop PCs in the wake of Micron’s decision to buy out Intel’s stake in the 3D XPoint fab once jointly operated by both companies. The Core+ branding was reserved for systems that shipped with both Core processors as well as Intel’s Optane Memory technology, …

Intel kills Optane ‘Core+’ desktop processor bundles as 3D XPoint venture dissolves Read More »

Driverless car laser ruined camera

A man took a photo of a lidar sensor system on display at a tech fair and found pink dots on all his photos afterwards. Source:: BBC News – Technology

KCOM Rival Pure Broadband Expand in East Yorkshire with ISP Acquisition

The East Riding of Yorkshire (England) focused ISP Pure Broadband, which primarily operates a mix of fibre optic (FTTP) and fixed wireless (5GHz) based broadband networks for businesses and homes in the Hull area, has said they have “big plans” to expand after gobbling rival provider Relax Broadband. At present Pure Broadband claims to be …

KCOM Rival Pure Broadband Expand in East Yorkshire with ISP Acquisition Read More »

STACK Infrastructure Launches National Data Center Platform

As hyperscale computing transforms the world of Internet infrastructure, new investors and new data center platforms are emerging to focus on the needs of hyperscale players. The latest is STACK Infrastructure, a new brand formed by investor IPI Data Center Partners with assets acquired from Infomart Data Centers and T5 Data Centers. STACK Infrastructure is …

STACK Infrastructure Launches National Data Center Platform Read More »

Mullvad vs. NordVPN: Two popular VPNs do battle

Choosing a VPN is no easy task when there are so many choices available—as our comprehensive roundup of VPN reviews demonstrates. Everywhere you look online, some service is offering to help obfuscate your location and protect your browsing habits from your internet service provider (ISP) and anyone else lurking around the web. Before you plunk …

Mullvad vs. NordVPN: Two popular VPNs do battle Read More »

Virgin Mobile UK Offers 120GB Data 4G SIM Plan for Just £20

New customers of cable operator Virgin Media’s mobile division (Virgin Mobile) can until 31st January 2019 buy a specially discounted 4G SIM-Only plan, which features unlimited calls, unlimited texts and 120GB of data (mobile broadband) for just £20 per month on a 12 month contract term. The plan in question usually costs £23 per month …

Virgin Mobile UK Offers 120GB Data 4G SIM Plan for Just £20 Read More »

ISP Hyperoptic Appoints New UK Boss of Full Fibre Infrastructure

Urban focused fibre optic broadband ISP Hyperoptic has today continued to build its new executive team by appointing Moray Falconer, an experienced civil engineer, to be its new Managing Director (MD) of Infrastructure. Falconer will report directly to CEO Dana Tobak. At present Hyperoptic’s 1Gbps capable ultrafast “full fibre” (FTTP/B) network is said to cover …

ISP Hyperoptic Appoints New UK Boss of Full Fibre Infrastructure Read More »

Openreach Trial Fibre Infrastructure Pre-build with Comms Providers

Openreach (BT) is to trial a new UK Fibre Infrastructure Pre-Build product for Communication Providers (ISPs etc.), which a briefing says will “allow them to start the fibre infrastructure build in parallel to their own site or network readiness.” The new solution appears to be based off the existing Network In Advance product. NIA supports …

Openreach Trial Fibre Infrastructure Pre-build with Comms Providers Read More »

libpng png_create_info_struct Memory Leak Vulnerability

A vulnerability in libpng could allow a local attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists in the png_create_info_struct function, as defined in the png.c source code file of the affected software. An attacker could exploit this vulnerability by supplying a crafted PNG file to the targeted …

libpng png_create_info_struct Memory Leak Vulnerability Read More »

LibTIFF TIFFFdOpen Function Memory Leak Vulnerability

A vulnerability in the TIFFFdOpen function of LibTIFF could allow a local attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists in the TIFFFdOpen function, as defined in the tif_unix.c source code file of the affected software. An attacker could exploit this vulnerability by supplying a crafted file …

LibTIFF TIFFFdOpen Function Memory Leak Vulnerability Read More »