‼ CVE-2021-25837 ‼
📖 Read
via "National Vulnerability Database".
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an "arbitrary mint token".📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25834 ‼
📖 Read
via "National Vulnerability Database".
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26539 ‼
📖 Read
via "National Vulnerability Database".
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25835 ‼
📖 Read
via "National Vulnerability Database".
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25836 ‼
📖 Read
via "National Vulnerability Database".
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.📖 Read
via "National Vulnerability Database".
🔏 Virginia on Pace to Pass United States' Next Comprehensive Privacy Law 🔏
📖 Read
via "Digital Guardian".
Virginia is right on California's heels; the state may adopt its own consumer data privacy act - leading to more stringent data protection - later this month.📖 Read
via "Digital Guardian".
Digital Guardian
Virginia on Pace to Pass United States' Next Comprehensive Privacy Law
Virginia is right on California's heels; the state may adopt its own consumer data privacy act - leading to more stringent data protection - later this month.
🕴 Android App Infects Millions of Devices With a Single Update 🕴
📖 Read
via "Dark Reading".
The popular Barcode Scanner app, which as been available on Google Play for years, turned malicious with one software update.📖 Read
via "Dark Reading".
Dark Reading
Android App Infects Millions of Devices With a Single Update
The popular Barcode Scanner app, which as been available on Google Play for years, turned malicious with one software update.
🕴 What's the Difference Between 'Observability' and 'Visibility' in Security? 🕴
📖 Read
via "Dark Reading".
To drive holistic security success, we have to start with the interlinking of visibility and observability.📖 Read
via "Dark Reading".
Dark Reading
What's the Difference Between 'Observability' and 'Visibility' in Security?
To drive holistic security success, we have to start with the interlinking of visibility and observability.
❌ Billions of Passwords Offered for $2 in Cyber-Underground ❌
📖 Read
via "Threat Post".
About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a 'COMB' collection.📖 Read
via "Threat Post".
Threat Post
Billions of Passwords Offered for $2 in Cyber-Underground
About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a 'COMB' collection.
❌ Critical WordPress Plugin Flaw Allows Site Takeover ❌
📖 Read
via "Threat Post".
A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws.📖 Read
via "Threat Post".
Threat Post
Critical WordPress Plugin Flaw Allows Site Takeover
A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws.
🦿 How to block point-to-point file transfers in Skype for Business using PowerShell 🦿
📖 Read
via "Tech Republic".
There are situations where you want to block P2P file transfers to people outside the organization during a video conference meeting. You'll need to issue a global policy.📖 Read
via "Tech Republic".
TechRepublic
How to block point-to-point file transfers in Skype for Business using PowerShell
There are situations where you want to block P2P file transfers to people outside the organization during a video conference meeting. You'll need to issue a global policy.
‼ CVE-2021-26905 ‼
📖 Read
via "National Vulnerability Database".
1Password SCIM Bridge before 1.6.2 mishandles validation of requests for log files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25168 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26574 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25171 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25170 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26571 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7785 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21290 ‼
📖 Read
via "National Vulnerability Database".
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21240 ‼
📖 Read
via "National Vulnerability Database".
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26573 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function.📖 Read
via "National Vulnerability Database".