How to detect Apache Log4j vulnerabilities

Explore how to detect Apache Log4j Log4Shell vulnerabilities using cloud-native security tools...

Scary Fraud Ensues When ID Theft & Usury Collide

Whats worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One readers nightmare experience spotlights what can...

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects IBM Spectrum Fusion HCI which includes IBM Spectrum Scale Container Native Storage Access and IBM Spectrum Protect Plus

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Scale Container Native Storage Access and IBM Spectrum Protect Plus, which are part of the IBM Spectrum Fusion appliance. Vulnerability Details Refer...

Facebook Hermes 安全漏洞

Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native apps to improve the performance of mobile client apps, but not server-side infrastructures such as browsers & Node.js. A security vulnerability exists in Facebook Hermes, which...

Metasploit Wrap-Up

Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente added an important update to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Director...

Apache Apisix Licensing Issue Vulnerability

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation in the United States. The software is based on OpenResty and etcd for dynamic routing and plug-in hot-loading, and is suitable for API management in microservice systems. an authorization issue...

Using single total native reserve variable for synth and non-synth reserves of VaderPoolV2 can lead to losses for synth holders

Handle hyh Vulnerability details Impact Users that mint synths do provide native assets, increasing native reserve pool, but do not get any liquidity shares issued. In the same time, an exit of non-synth liquidity provider yields releasing a proportion of all current reserves to him. Whenever an...

CVE-2021-24045

A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected...

Type confusion

A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected...

Facebook Hermes 安全漏洞

Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client apps, but not server-side infrastructures such as browsers & Node.js. A security vulnerability exists in Facebook Hermes...

Oracle Database Protection Mechanism Bypass

Advisory ID: SYSS-2021-061 Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 18c Vulnerability Type: Protection Mechanism Failure CWE-693 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-08-07 Public...

Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

CVE-2021-43546

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

CVE-2021-43546

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Exploit for Race Condition in Canonical Ubuntu_Linux

《云原生安全：攻防实践与体系构建》资料仓库 本仓库提供了《云原生安全：攻防实践与体系构建》一书的补充材料和随书源码，供感兴趣的读者深入阅读、实践。 本仓库所有内容仅供教学、研究使用，严禁用于非法用途，违者后果自负！ 相关链接：豆瓣 | 京东 | 当当 补充阅读资料 - 100云计算简介.pdf - 101代码安全.pdf - 200容器技术.pdf - 201容器编排.pdf - 202微服务.pdf - 203服务网格.pdf - 204DevOps.pdf - CVE-2017-1002101：突破隔离访问宿主机文件系统.pdf -...

RHEL 7 / 8 : Red Hat JBoss Web Server 5.6.0 Security (Important) (RHSA-2021:4861)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4861 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

Apache Ozone Licensing Issue Vulnerability (CNVD-2021-91629)

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an authorization issue vulnerability exists in Apache Ozone, which stems from the product's failure to protect OM requests with valid privileges. An attacker could create a...

Apache Ozone has an unspecified vulnerability (CNVD-2021-91624)

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. Apache Ozone version 1.2.0 has a security vulnerability that allows an attacker to retrieve token data from the database and use it...

Apache Ozone has unspecified vulnerabilities

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. a security vulnerability in Apache Ozone version 1.2.0, which stems from the fact that certain administrator-related SCM commands can be executed by any authenticated user...

Apache Ozone input validation error vulnerability

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product's Ozone Datanode not checking the block token's access mode parameter. An...