126 matches found
RLSA-2021:0744 Important: nodejs:14 security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.16.0. Security Fixes: nodejs: HTTP2 'unknownProtocol' cause DoS by resource...
Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko...
SQL Injection Vulnerability in Jeecg-Boot of Beijing Guo Torch Information Technology Co.
Jeecg-Boot is a rapid development platform based on a code generator. Jeecg-Boot has a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive information from a database...
ALSA-2020:1317 Important: nodejs:10 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 For more details about the security issues, including the impact, a CVSS score,...
Important: nodejs:12 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 For more details about the security issues, including the impact, a CVSS score,...
Stored Cross-Site Scripting Vulnerability in New Jincheng Career Development Education Platform
JC Career Development Education Platform CDEP for short is a network implementation platform for career development education work of universities, colleges and universities, authorities and education and training institutions in China. A stored cross-site scripting vulnerability exists in the ne...
Supply-Chain Attack against the Electron Development Platform
Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From a news article: At the BSides LV security conference o...
CVE-2019-8998
CVE-2019-8998 affects BlackBerry QNX Software Development Platform up to version 6.5.0 SP1. The procfs (/proc) service exposes process information, enabling a less-privileged local attacker to access a target process address space (information disclosure leading to local privilege escalation). Se...
BlackBerry QNX Software Development Platform Arbitrary Function Call Vulnerability Vulnerability
The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An arbitrary function call vulnerability exists in the default configuration of the QNX SDP system in BlackBer...
BlackBerry QNX Software Development Platform Information Disclosure Vulnerability
The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An information disclosure vulnerability exists in the default configuration of QNX SDP in BlackBerry QNX SDP...
BlackBerry QNX Software Development Platform Elevation of Privilege Vulnerability
The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An elevation of privilege vulnerability exists in the default configuration of QNX SDP in BlackBerry QNX SDP...
CVE-2017-9371
In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control...
Buffer overflow
In BlackBerry QNX Software Development Platform SDP 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks...
CVE-2017-3892
In BlackBerry QNX Software Development Platform SDP 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs...
Default configuration
In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control...
Information disclosure
In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment...
CVE-2017-9369
In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment...
CVE-2017-3893 Incomplete vulnerability mitigations
In BlackBerry QNX Software Development Platform SDP 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks...
CVE-2017-9371
In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control...
132 Google Play Apps Booted For Having Malicious IFrames
Google removed 132 apps infected with malicious iFrames from its Google Play store after security researchers discovered a development platform used to create the apps was infected with malware and in turn compromised the apps. Palo Alto Networks’ Unit 42 researchers said the apps were infected...