‼ CVE-2021-21186 ‼
📖 Read
via "National Vulnerability Database".
Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21163 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21176 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20253 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20243 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28150 ‼
📖 Read
via "National Vulnerability Database".
I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21166 ‼
📖 Read
via "National Vulnerability Database".
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21189 ‼
📖 Read
via "National Vulnerability Database".
Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21159 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21188 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8356 ‼
📖 Read
via "National Vulnerability Database".
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20263 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21165 ‼
📖 Read
via "National Vulnerability Database".
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21162 ‼
📖 Read
via "National Vulnerability Database".
Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21174 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21187 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21177 ‼
📖 Read
via "National Vulnerability Database".
Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21175 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21190 ‼
📖 Read
via "National Vulnerability Database".
Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.📖 Read
via "National Vulnerability Database".
🕴 Dark Reading 'Name That Toon' Winner: Gather 'Round the Campfire 🕴
📖 Read
via "Dark Reading".
And the winner of Dark Reading's February cartoon caption contest is ...📖 Read
via "Dark Reading".
Dark Reading
Dark Reading 'Name That Toon' Winner: Gather 'Round the Campfire
And the winner of Dark Reading's February cartoon caption contest is ...
🕴 Linux Foundation Debuts Sigstore Project for Software Signing 🕴
📖 Read
via "Dark Reading".
Sigstore aims to improve the open source software supply chain by simplifying the process of cryptographic software signing.📖 Read
via "Dark Reading".
Dark Reading
Linux Foundation Debuts Sigstore Project for Software Signing
Sigstore aims to improve the open source software supply chain by simplifying the process of cryptographic software signing.