[SECURITY] Fedora 35 Update: dmtx-utils-0.7.6-9.fc35.1

libdmtx is open source software for reading and writing Data Matrix 2D bar-codes on Linux, Unix, OS X, Windows, and mobile devices. At its core libdmtx is a shared library, allowing C/C++ programs to use its capabilities without restrictions or overhead. The included utility programs, dmtxread an...

Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server

Impact Users or API keys with permission to expire verification codes could have expired codes that belonged to another realm if they guessed the UUID. Patches v1.1.2+ Workarounds There are no workarounds, and there are no indications this has been exploited in the wild. Verification codes can on...

GHSA-WX8Q-RGFR-CF6V Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server

Impact Users or API keys with permission to expire verification codes could have expired codes that belonged to another realm if they guessed the UUID. Patches v1.1.2+ Workarounds There are no workarounds, and there are no indications this has been exploited in the wild. Verification codes can on...

Robinhood Trading Platform Data Breach Hits 7M Customers

Investor trading app company Robinhood Markets has confirmed a data breach that affects the personal information of about 7 million customers – roughly a third of its user base. A cyberattacker made off with emails and more, which could lead to follow-on attacks for Robinhood customers. The tradi...

SUSE-SU-2021:3520-1 Security update for open-lldp

This update for open-lldp fixes the following issues: - CVE-2018-10932: Fixed an improper sanitization of shell-escape codes. bsc1104624...

CVE-2021-38477

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files...

CVE-2021-38451

The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data...

CVE-2021-38451

The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data...

Out-of-bounds

The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data...

CVE-2021-38477

CVE-2021-38477 affects AUVESY Versiondog (data management software for automated production). The vulnerability is described as External Control of File Name or Path (CWE-73) within Versiondog’s API functions that read/write files and directories, enabling manipulation or deletion of files. The c...

Why You Should Use Dynamic QR Code Generator

By Owais Sultan To make your brand more authentic, you need to have a dynamic QR code generator generating customized codes for your brand. This is a post from HackRead.com Read the original post: Why You Should Use Dynamic QR Code Generator...

Covert-Tube - Youtube As Covert-Channel - Control Systems Remotely And Execute Commands By Uploading Videos To Youtube

A program to control systems remotely by uploading videos to Youtube using Python to create the videos and the listener, emulating some malware I was reading about. It allows to create videos with frames formed of simple text, QR codes with cleartext or QR codes using AES encryption. Create a vid...

Telegram-powered bots circumvent 2FA

Two-factor authentication is a great way to protect your online accounts, and we always recommend you turn it on. But where users put up walls, you can be sure there are cybercriminals trying to break them down. Yesterday, security intelligence firm, Intel 147, revealed it had noticed an uptick o...

CVE-2021-3807

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

CVE-2021-41583

vpn-user-portal aka eduVPN or Let's Connect! before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional V...

Code injection

vpn-user-portal aka eduVPN or Let's Connect! before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional V...

CVE-2021-41583

vpn-user-portal (eduVPN/Let's Connect!) before 2.3.14, as packaged for Debian 10/11 and Fedora, allows remote authenticated users to obtain OS filesystem access due to the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access. Affected...

PT-2021-4477 · Unknown · Vpn-User-Portal

Name of the Vulnerable Software and Affected Versions: vpn-user-portal versions prior to 2.3.14 Description: The issue arises from insufficient input validation in the vpn-user-portal software, allowing remote authenticated users to obtain OS filesystem access due to the interaction of QR codes...

Inefficient Regular Expression Complexity in chalk/ansi-regex

ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service when parsing invalid ANSI escape codes. Proof of Concept js import ansiRegex from 'ansi-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = "\u001B"+";".repeati10000...

ansi-regex 安全漏洞

Ansi-Regex is a regular expression used to match ANSI escape codes. A security vulnerability exists in ansi-regex that stems from vulnerability to inefficient regular expression complexity...