vulnerability Archives - Developer Tech News https://www.developer-tech.com/news/tag/vulnerability/ Gaming, Apps, HTML5, Java, PHP, C#, .net, IOT Thu, 19 May 2022 10:52:58 +0000 en-GB hourly 1 https://www.developer-tech.com/wp-content/uploads/sites/3/2020/09/dev-icon-60x60.png vulnerability Archives - Developer Tech News https://www.developer-tech.com/news/tag/vulnerability/ 32 32 Huawei AppGallery vulnerability gives away paid apps for free https://www.developer-tech.com/news/2022/may/19/huawei-appgallery-vulnerability-gives-away-paid-apps-free/ https://www.developer-tech.com/news/2022/may/19/huawei-appgallery-vulnerability-gives-away-paid-apps-free/#respond Thu, 19 May 2022 10:52:58 +0000 https://www.developer-tech.com/?p=43213 A vulnerability has been discovered in Huawei’s AppGallery that enables paid apps to be downloaded for free. Huawei claims that AppGallery is now the third-largest app store in the world—serving over 600 million Huawei device users in over 170 countries/regions. Dylan Roussel, an Android developer, wanted to know how Huawei’s APIs worked. He figured out... Read more »

The post Huawei AppGallery vulnerability gives away paid apps for free appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2022/may/19/huawei-appgallery-vulnerability-gives-away-paid-apps-free/feed/ 0
80% of Spring framework downloads are exploitable versions https://www.developer-tech.com/news/2022/apr/05/80-of-spring-downloads-are-exploitable-versions/ https://www.developer-tech.com/news/2022/apr/05/80-of-spring-downloads-are-exploitable-versions/#respond Tue, 05 Apr 2022 11:55:01 +0000 https://developer-tech.com/?p=42830 Data from Sonatype suggests that 80 percent of weekly Spring framework downloads are still exploitable versions. Spring is a mighty popular framework—often ranking in the top three most-used Java frameworks. That’s why the Java developer community was shaken when a vulnerability named Spring4Shell (CVE-2022-22965) was leaked by a security researcher ahead of an official CVE... Read more »

The post 80% of Spring framework downloads are exploitable versions appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2022/apr/05/80-of-spring-downloads-are-exploitable-versions/feed/ 0
Spring4Shell vulnerability could have ‘a larger impact’ than Log4j https://www.developer-tech.com/news/2022/mar/31/spring4shell-vulnerability-could-larger-impact-log4j/ https://www.developer-tech.com/news/2022/mar/31/spring4shell-vulnerability-could-larger-impact-log4j/#respond Thu, 31 Mar 2022 07:53:20 +0000 https://developer-tech.com/?p=42803 A newly-discovered zero-day vulnerability known as Spring4Shell could have “a larger impact” than Log4j. Log4j made waves in recent months as the vulnerability in the popular open-source logging library enabled attackers to break into systems, steal passwords and logins, extract data, and infect networks with malicious software. However, attention is now shifting to the Spring4Shell... Read more »

The post Spring4Shell vulnerability could have ‘a larger impact’ than Log4j appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2022/mar/31/spring4shell-vulnerability-could-larger-impact-log4j/feed/ 0
Rust vulnerability enables attackers to delete files and directories https://www.developer-tech.com/news/2022/jan/24/rust-vulnerability-enables-attackers-delete-files-and-directories/ https://www.developer-tech.com/news/2022/jan/24/rust-vulnerability-enables-attackers-delete-files-and-directories/#respond Mon, 24 Jan 2022 12:00:56 +0000 https://developer-tech.com/?p=42109 Maintainers of the Rust programming language have warned of a critical vulnerability that enables attackers to delete files and directories. In a security advisory, the Rust Security Response Working Group wrote: “The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable to a race condition enabling symlink following (CWE-363). An... Read more »

The post Rust vulnerability enables attackers to delete files and directories appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2022/jan/24/rust-vulnerability-enables-attackers-delete-files-and-directories/feed/ 0
GitHub releases analysis of relations between developers and security researchers https://www.developer-tech.com/news/2021/sep/10/github-analysis-relations-developers-security-researchers/ https://www.developer-tech.com/news/2021/sep/10/github-analysis-relations-developers-security-researchers/#respond Fri, 10 Sep 2021 11:34:51 +0000 https://developer-tech.com/?p=40925 Relations between developers and security researchers is critical, but it’s no secret they’re often fraught. GitHub first announced that it was expanding its research to more fully understand the relationship between developer and security research communities in December 2020. The initial analysis, conducted by GitHub Security Lab, has now been released. For its debut analysis,... Read more »

The post GitHub releases analysis of relations between developers and security researchers appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2021/sep/10/github-analysis-relations-developers-security-researchers/feed/ 0