βΌ CVE-2021-21811 βΌ
π Read
via "National Vulnerability Database".
A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T LabsΓ’β¬β’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37713 βΌ
π Read
via "National Vulnerability Database".
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\path`. If the drive letter does not match the extraction target, for example `D:\extraction\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory. Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path. This only affects users of `node-tar` on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35212 βΌ
π Read
via "National Vulnerability Database".
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39164 βΌ
π Read
via "National Vulnerability Database".
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22929 βΌ
π Read
via "National Vulnerability Database".
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35240 βΌ
π Read
via "National Vulnerability Database".
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.π Read
via "National Vulnerability Database".
π¦Ώ Top 5 autonomous car roadblocks π¦Ώ
π Read
via "Tech Republic".
Tom Merritt tells us the things that are getting in the way of autonomous car adoption.π Read
via "Tech Republic".
TechRepublic
Top 5 autonomous car roadblocks
Tom Merritt tells us the things that are getting in the way of autonomous car adoption.
π¦Ώ Roadblocks to autonomous cars: Top 5 π¦Ώ
π Read
via "Tech Republic".
Tom Merritt tells us about the things that are getting in the way of autonomous car adoption.π Read
via "Tech Republic".
TechRepublic
Roadblocks to autonomous cars: Top 5
Tom Merritt tells us about the things that are getting in the way of autonomous car adoption.
π¦Ώ A passwordless future isn't close: It's here π¦Ώ
π Read
via "Tech Republic".
Authentication sans password is already possible and solutions are on the market from companies like Ping Identity. With passwords passΓ©, it's time to make the leap to better security.π Read
via "Tech Republic".
TechRepublic
A passwordless future isn't closeβit's here
Authentication sans password is already possible and solutions are on the market from companies like Ping Identity. With passwords passΓ©, it's time to make the leap to better security.
π¦Ώ Identity is replacing the password: What software developers and IT pros need to know π¦Ώ
π Read
via "Tech Republic".
Identity and access management is pushing application security past single-factor authentication (a password) and even multi-factor authentication to a risk management model says Ping Identity CEO.π Read
via "Tech Republic".
TechRepublic
Identity is replacing the password: What software developers and IT pros need to know
Identity and access management is pushing application security past single-factor authentication (a password) and even multi-factor authentication to a risk management model says Ping Identity CEO.
π¦Ώ Ping Identity CEO explains how identity and access management is replacing the password π¦Ώ
π Read
via "Tech Republic".
Andre Durand, Founder and CEO of Ping Identity, talks about out how identity and access management is changing software development and application security in this Dynamic Developer episode.π Read
via "Tech Republic".
TechRepublic
Ping Identity CEO explains how identity and access management is replacing the password
Andre Durand, Founder and CEO of Ping Identity, talks about out how identity and access management is changing software development and application security in this Dynamic Developer episode.
β Proxyware Services Open Orgs to Abuse β Report β
π Read
via "Threat Post".
Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn.π Read
via "Threat Post".
Threat Post
Proxyware Services Open Orgs to Abuse β Report
Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn.
βΌ CVE-2021-36234 βΌ
π Read
via "National Vulnerability Database".
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27668 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40085 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39176 βΌ
π Read
via "National Vulnerability Database".
detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37794 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36231 βΌ
π Read
via "National Vulnerability Database".
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36232 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36233 βΌ
π Read
via "National Vulnerability Database".
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39180 βΌ
π Read
via "National Vulnerability Database".
OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the tomcat user). Depending on the configuration this can be limited to files of the OpenOlat user data directory, however, if not properly set up, the attack could also be used to overwrite application server config files, java code or even operating system files. The attack could be used to corrupt or modify any OpenOlat file such as course structures, config files or temporary test data. Those attack would require in-depth knowledge of the installation and thus more theoretical. If the app server configuration allows the execution of jsp files and the path to the context is known, it is also possible to execute java code. If the app server runs with the same user that is used to deploy the OpenOlat code or has write permissions on the OpenOlat code files and the path to the context is know, code injection is possible. The attack requires an OpenOlat user account to upload a ZIP file and trigger the unzip method. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3 and 16.0.0. There are no known workarounds aside from upgrading.π Read
via "National Vulnerability Database".