🔵Leak of .env if project root is configured as web root in shopware/production:

(DC:467-2021)

Bug

https://dailycve.com/leak-env-if-project-root-configured-web-root-shopwareproduction

🔵Leak of information via Store-API aggregations in shopware/platform and shopware/core:

(DC:468-2021)

Api flaw

https://dailycve.com/leak-information-store-api-aggregations-shopwareplatform-and-shopwarecore

🔵IP blacklist bypass via transitional IPv6 addresses on dual-stack networks:

(DC:469-2021)

Flaw

https://dailycve.com/ip-blacklist-bypass-transitional-ipv6-addresses-dual-stack-networks

⚫️Shell variables: definition, assignment and deletion of Shell variables :
#Shell


https://dev.undercode.help/shell-variables-definition-assignment-and-deletion-of-shell-variables/

Parallels introduces M1 Mac native virtualization for ARM Windows, which improves performance by 30%
#Updates

Xiaomi has expanded its chip investment and now has more than 30 firms in its portfolio.
#Technologies

The fraud has progressed further, as shown by the 2021 cyber assault described by the "legendary hacker."
#CyberAttacks

The CEO of Intel is gloomy, predicting that the global chip supply crisis will last for several years.
#Technologies

🔵Matrix Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints:

(DC:468-2021)
flaw

https://dailycve.com/matrix-denial-service-resource-exhaustion-due-improper-input-validation-third-party-identifier

🔵Weilian Technology WiSCADA has a denial of service vulnerability:

(DC:469-2021)

https://dailycve.com/weilian-technology-wiscada-has-denial-service-vulnerability

🔵OS Command Injection in giting:

(DC:470-2021)

Exploit

https://dailycve.com/os-command-injection-giting

⚫️Python sleep() function usage: thread sleep:
#Python


https://dev.undercode.help/python-sleep-function-usage-thread-sleep/

Eff just started a website for testing your Chrome browser if running under the tracking Federated Learning of Cohorts or not.
#Updates

Following a defeat, Oracle Israel filed a lawsuit against the Nimbus tender.
#International

Huge anti-5G demonstrations erupted across Russia.
#Technologies

ATP introduces the SecurStor microSD card, which can be customized and includes security features.
#Technologies

🔵Command injection in corenlp-js-prefab:

(DC:471-2021)

Flaw

https://dailycve.com/command-injection-corenlp-js-prefab

🔵Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting:

(DC:472-2021)
Exploit

https://dailycve.com/microsoft-azure-devops-server-202001-cross-site-scripting

🔵Patch for Flashsec CSRF Vuln can expose user's QRcode:

(DC:473-2021)

https://dailycve.com/patch-flashsec-csrf-vuln-can-expose-users-qrcode