PT-2021-22466 · Mitmproxy +1 · Mitmproxy +1

Name of the Vulnerable Software and Affected Versions: mitmproxy versions 7.0.2 and below Description: A malicious client or server can perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

In August, Microsoft Threat Intelligence Center MSTIC identified a small number of attacks less than 10 that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444, as...

PeerTube 跨站脚本漏洞

PeerTube is a decentralized video sharing service platform. Peertube has a cross-site scripting vulnerability in versions prior to v3.4.0, which stems from the application's lack of user input data validation and filtering of the data at the input location, and could be used by an attacker to...

Information disclosure

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information...

PT-2021-24270 · Sha2 · Sha2

Name of the Vulnerable Software and Affected Versions: sha2 crate version 0.9.7 Description: An issue was discovered in the sha2 crate for Rust, where hashes of long messages may be incorrect when the AVX2-accelerated backend is used. This backend was introduced in version 0.9.7 and was...

CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

OTRS 跨站脚本漏洞

OTRS is a service management software application from OTRS Germany. OTRS AG OTRS has a security vulnerability that originates from a request that can be generated for the appointment editing screen. An attacker could exploit the vulnerability to cause an XSS attack...

Directory Traversal

Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Directory Traversal. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show t...

Directory Traversal

Overview convert-svg-to-jpeg is a package for converting SVG to JPEG using headless Chromium. Affected versions of this package are vulnerable to Directory Traversal. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as ...

Directory Traversal

Overview convert-svg-to-png is a package for converting SVG to PNG using headless Chromium. Affected versions of this package are vulnerable to Directory Traversal. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a...

GitHub Security Lab: Java: Static initialization vector

This bug was reported directly to GitHub Security Lab...

in leantime/leantime

✍️ Description In the source code of the application, the Secret Hash value and the initialization vector is being hardcoded. 🕵️‍♂️ Proof of Concept In the following code snippet, we can see the hard-coded secret hash and IV. private $encryptionMethod = 'AES-256-CBC'; private $secrethash =...

RHEL 7 : microcode_ctl (RHSA-2021:3323)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3323 advisory. The microcodectl packages provide microcode updates for Intel. Security Fixes: hw: Vector Register Data Sampling CVE-2020-0548 hw: L1D Cache...

MIK.starlight has unspecified vulnerabilities

MIK.starlight is the departmental access and creation dashboard, reporting and planning environment. A security vulnerability exists in MIK.starlight version 7.9.5.24363, which stems from the use of hard-coded keys in the software, which allows an attacker to decrypt credentials via an unspecifie...

GHSA-9GR3-7897-PP7M XSS in Image Optimization API for Next.js

Impact - Affected: All of the following must be true to be affected - Next.js between version 10.0.0 and 11.1.0 - The next.config.js file has images.domains array assigned - The image host assigned in images.domains allows user-provided SVG - Not affected: The next.config.js file has images.loade...

CVE-2021-36077

Adobe Bridge version 11.1 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability...

CVE-2021-36235

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges...

CVE-2021-36235

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges...

CyberArk Credential File Insufficient Effective Key Space

Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31796 2. Vulnerability Description CyberArk...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...