Prototype Pollution in automattic/mongoose

✍️ Description Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Mongoose supports both promises and callbacks. mongoose.Schema is subject to prototype pollution due to the recursively calling of Schema.prototype.add function to add new items into the...

Fedora: Security Advisory for openscad (FEDORA-2021-8349f28cb9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: openscad-2019.05-13.fc32

OpenSCAD is a software for creating solid 3D CAD objects. Unlike most free software for creating 3D models such as the famous application Blender it does not focus on the artistic aspects of 3D modeling but instead on the CAD aspects. Thus it might be the application you are looking for when you...

[SECURITY] Fedora 33 Update: openscad-2019.05-13.fc33

OpenSCAD is a software for creating solid 3D CAD objects. Unlike most free software for creating 3D models such as the famous application Blender it does not focus on the artistic aspects of 3D modeling but instead on the CAD aspects. Thus it might be the application you are looking for when you...

Threatspec - Continuous Threat Modeling, Through Code

Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat modeling annotations as comments inside source...

CVE-2021-21304

CVE-2021-21304 describes a prototype pollution vulnerability in Dynamoose, located in the internal utility method lib/utils/object/set.ts . Affected are Dynamoose versions from 2.0.0 up to 2.6.x (and v2.x beta/alpha). The vulnerability was fixed in 2.7.0 . There is no evidence of exploitation rep...

Fedora: Security Advisory for dia (FEDORA-2020-1fe0e08c8d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for dia (FEDORA-2020-cbc0754798)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: dia-0.97.3-16.fc32

The Dia drawing program can be used to draw different types of diagrams, and includes support for UML static structure diagrams class diagrams, entity relationship modeling, and network diagrams. Dia can load and save diagrams to a custom file format, can load and save in .xml format, and can...

Prepare for more sophisticated security threats in 2021

As computing becomes more distributed to achieve greater optimization and efficiency, the threats posed by cyberattackers are destined to become increasingly more sophisticated. Here are some steps organizations should take in 2021 to mitigate such sophisticated security threats. Start with...

What's the Value of a Key-Value Store?

A database back end for your application is vital, and odds are that your database is a relational database or a "not only SQL" NoSQL database. Relational databases have dominated the software industry for decades, even as other technologies have radically changed around it. A relational database...

Pixar OpenUSD Binary File Format Compressed Value Reps Code Execution Vulnerabilities

Summary A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to acce...

Threagile - Agile Threat Modeling Toolkit

Threagile see https://threagile.io for more details is an open-source toolkit for agile threat modeling: It allows to model an architecture with its assets in an agile fashion as a YAML file directly inside the IDE. Upon execution of the Threagile toolkit all standard risk rules as well as...

NVIDIA Patches Critical Bug in High-Performance Servers

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixin...

NVIDIA Patches Critical Bug in High-Performance Servers

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixin...

[SECURITY] Fedora 33 Update: brotli-1.0.9-3.fc33

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

[SECURITY] Fedora 31 Update: brotli-1.0.9-3.fc31

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

[SECURITY] Fedora 32 Update: brotli-1.0.9-3.fc32

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

Fedora: Security Advisory for rubygem-activemodel (FEDORA-2020-4dd34860a3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

A "DFUR-ent" Perspective on Threat Modeling and Application Log Forensic Analysis

Many organizations operating in e-commerce, hospitality, healthcare, managed services, and other service industries rely on web applications. And buried within the application logs may be the potential discovery of fraudulent use and/or compromise! But, let's face it, finding evil in application...