🛠 AIDE 0.17.2 🛠
📖 Read
via "Packet Storm Security".
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.📖 Read
via "Packet Storm Security".
Packetstormsecurity
AIDE 0.17.2 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2021-26825 ‼
📖 Read
via "National Vulnerability Database".
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22122 ‼
📖 Read
via "National Vulnerability Database".
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6649 ‼
📖 Read
via "National Vulnerability Database".
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3293 ‼
📖 Read
via "National Vulnerability Database".
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20359 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16629 ‼
📖 Read
via "National Vulnerability Database".
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20358 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26826 ‼
📖 Read
via "National Vulnerability Database".
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.📖 Read
via "National Vulnerability Database".
⚠ Naked Security Live – Jargonbuster: Bugs, vulns, 0-days and exploits ⚠
📖 Read
via "Naked Security".
Latest Naked Security Live talk - watch now!📖 Read
via "Naked Security".
Naked Security
Naked Security Live – Jargonbuster: Bugs, vulns, 0-days and exploits
Latest Naked Security Live talk – watch now!
🦿 Cognitive agility can help solve some "wicked" cybersecurity challenges 🦿
📖 Read
via "Tech Republic".
Using psychology can help improve the odds of success against a cybercriminal's digital incursion.📖 Read
via "Tech Republic".
TechRepublic
Cognitive agility can help solve some "wicked" cybersecurity challenges
Using psychology can help improve the odds of success against a cybercriminal's digital incursion.
‼ CVE-2021-26540 ‼
📖 Read
via "National Vulnerability Database".
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26541 ‼
📖 Read
via "National Vulnerability Database".
The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21304 ‼
📖 Read
via "National Vulnerability Database".
Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25142 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25837 ‼
📖 Read
via "National Vulnerability Database".
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an "arbitrary mint token".📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25834 ‼
📖 Read
via "National Vulnerability Database".
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26539 ‼
📖 Read
via "National Vulnerability Database".
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25835 ‼
📖 Read
via "National Vulnerability Database".
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25836 ‼
📖 Read
via "National Vulnerability Database".
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.📖 Read
via "National Vulnerability Database".
🔏 Virginia on Pace to Pass United States' Next Comprehensive Privacy Law 🔏
📖 Read
via "Digital Guardian".
Virginia is right on California's heels; the state may adopt its own consumer data privacy act - leading to more stringent data protection - later this month.📖 Read
via "Digital Guardian".
Digital Guardian
Virginia on Pace to Pass United States' Next Comprehensive Privacy Law
Virginia is right on California's heels; the state may adopt its own consumer data privacy act - leading to more stringent data protection - later this month.