βΌ CVE-2021-3634 βΌ
π Read
via "National Vulnerability Database".
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37712 βΌ
π Read
via "National Vulnerability Database".
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35213 βΌ
π Read
via "National Vulnerability Database".
An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21811 βΌ
π Read
via "National Vulnerability Database".
A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T LabsΓ’β¬β’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37713 βΌ
π Read
via "National Vulnerability Database".
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\path`. If the drive letter does not match the extraction target, for example `D:\extraction\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory. Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path. This only affects users of `node-tar` on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35212 βΌ
π Read
via "National Vulnerability Database".
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39164 βΌ
π Read
via "National Vulnerability Database".
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22929 βΌ
π Read
via "National Vulnerability Database".
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35240 βΌ
π Read
via "National Vulnerability Database".
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.π Read
via "National Vulnerability Database".
π¦Ώ Top 5 autonomous car roadblocks π¦Ώ
π Read
via "Tech Republic".
Tom Merritt tells us the things that are getting in the way of autonomous car adoption.π Read
via "Tech Republic".
TechRepublic
Top 5 autonomous car roadblocks
Tom Merritt tells us the things that are getting in the way of autonomous car adoption.
π¦Ώ Roadblocks to autonomous cars: Top 5 π¦Ώ
π Read
via "Tech Republic".
Tom Merritt tells us about the things that are getting in the way of autonomous car adoption.π Read
via "Tech Republic".
TechRepublic
Roadblocks to autonomous cars: Top 5
Tom Merritt tells us about the things that are getting in the way of autonomous car adoption.
π¦Ώ A passwordless future isn't close: It's here π¦Ώ
π Read
via "Tech Republic".
Authentication sans password is already possible and solutions are on the market from companies like Ping Identity. With passwords passΓ©, it's time to make the leap to better security.π Read
via "Tech Republic".
TechRepublic
A passwordless future isn't closeβit's here
Authentication sans password is already possible and solutions are on the market from companies like Ping Identity. With passwords passΓ©, it's time to make the leap to better security.
π¦Ώ Identity is replacing the password: What software developers and IT pros need to know π¦Ώ
π Read
via "Tech Republic".
Identity and access management is pushing application security past single-factor authentication (a password) and even multi-factor authentication to a risk management model says Ping Identity CEO.π Read
via "Tech Republic".
TechRepublic
Identity is replacing the password: What software developers and IT pros need to know
Identity and access management is pushing application security past single-factor authentication (a password) and even multi-factor authentication to a risk management model says Ping Identity CEO.
π¦Ώ Ping Identity CEO explains how identity and access management is replacing the password π¦Ώ
π Read
via "Tech Republic".
Andre Durand, Founder and CEO of Ping Identity, talks about out how identity and access management is changing software development and application security in this Dynamic Developer episode.π Read
via "Tech Republic".
TechRepublic
Ping Identity CEO explains how identity and access management is replacing the password
Andre Durand, Founder and CEO of Ping Identity, talks about out how identity and access management is changing software development and application security in this Dynamic Developer episode.
β Proxyware Services Open Orgs to Abuse β Report β
π Read
via "Threat Post".
Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn.π Read
via "Threat Post".
Threat Post
Proxyware Services Open Orgs to Abuse β Report
Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn.
βΌ CVE-2021-36234 βΌ
π Read
via "National Vulnerability Database".
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27668 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40085 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39176 βΌ
π Read
via "National Vulnerability Database".
detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37794 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36231 βΌ
π Read
via "National Vulnerability Database".
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.π Read
via "National Vulnerability Database".