Aggregator

Linux 项目根据 OFAC 制裁名单移除俄罗斯维护者

Solidot
6 months 2 weeks ago
Linux 项目以合规为由移除了多名俄罗斯维护者,但没有对合规的理由进行澄清。其中一位受影响维护者 Serge Semin 在内核邮件列表上发表了一份长长的告别邮件,资深内核开发者 James Bottomley 随后澄清 Linux 项目是根据美国财政部海外资产控制办公室(OFAC)的特别指定国民清单(SDN)制裁名单移除俄罗斯维护者。如果俄罗斯维护者所在的公司列入 OFAC 的 SDN 清单,受 OFAC 制裁计划的约束,或者由清单上的公司拥有/控制,那么 Linux 项目与维护者合作的能力将受到限制。Bottomley 说,律师们还在讨论细节,会在未来制作一份更长的政策文件。资深 EXT4 维护者 Ted Ts'o(曹子德)还因此讨论了是否应该将华为开发者移除出维护者名单,华为也被美国列入了制裁名单。

CVE-2016-1000031 | Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload access control (Nessus ID 118732 / ID 316356)

Vuldb Updates
6 months 2 weeks ago
A vulnerability classified as very critical was found in Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2. This vulnerability affects unknown code of the component Apache Commons FileUpload. The manipulation leads to improper access controls. This vulnerability was named CVE-2016-1000031. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2002-0836 | HP Secure OS 1.0 dvips Converter system privileges management (VU#169841 / Nessus ID 13971)

Vuldb Updates
6 months 2 weeks ago
A vulnerability has been found in HP Secure OS 1.0 and classified as critical. This vulnerability affects the function system of the component dvips Converter. The manipulation leads to improper privilege management. This vulnerability was named CVE-2002-0836. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2016-1000031 | Oracle WebCenter Sites 12.2.1.3.0 OpenSSL access control (Nessus ID 118732 / ID 316356)

Vuldb Updates
6 months 2 weeks ago
A vulnerability classified as very critical was found in Oracle WebCenter Sites 12.2.1.3.0. This vulnerability affects unknown code of the component OpenSSL. The manipulation leads to improper access controls. This vulnerability was named CVE-2016-1000031. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures

The Hackers News
6 months 2 weeks ago
The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020. The SEC said the companies – Avaya, Check Point, Mimecast, and Unisys – are being penalized for how they handled the disclosure process in the aftermath of
The Hacker News

Managed ad