GHSA-7QM6-9V49-38M9 Prototype Pollution in record-like-deep-assign

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. PoC js const deepAssign = require'record-like-deep-assign'; let obj = ; console.log"Before being polluted: " + obj.polluted; EVILJSON = JSON.parse'"proto":"polluted":true'; deepAssign...

Prototype Pollution in record-like-deep-assign

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. PoC js const deepAssign = require'record-like-deep-assign'; let obj = ; console.log"Before being polluted: " + obj.polluted; EVILJSON = JSON.parse'"proto":"polluted":true'; deepAssign...

merge-deep 代码问题漏洞

merge-deep is an open source tool . It is used to recursively merge values in JavaScript objects. A code issue vulnerability exists in Nerge-deep2 that stems from the product's susceptibility to prototype contamination by the mergeDeep function. The following products and versions are affected:...

Samsung Internet 跨站脚本漏洞

Samsung Internet is a cell phone application from Samsung South Korea. It provides a browser function. A cross-site scripting vulnerability exists in Samsung Internet versions prior to 16.0.2, which stems from a lack of limited checking and validation in the software SearchKeyword deep-linking...

Samsung Internet 跨站脚本漏洞

Samsung Internet is a cell phone application from Samsung South Korea. It provides a browser function. A cross-site scripting vulnerability exists in Samsung Internet versions prior to 16.0.2, which stems from a lack of limited checking and validation in the software SearchKeyword deep-linking...

glibc security, bug fix, and enhancement update

2.28-164.0.1 - Merge of RH patches for ol8-u5 beta release Review-exception: Routine merge - Provide glibc.pthread.mutexspincount tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for...

IBM QRadar Network Security Cross-Site Scripting Vulnerability (CNVD-2021-88187)

IBM QRadar Network Security is a network security manager from IBM, USA. It is used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats. A cross-site...

Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass (cisco-sa-ftd-enip-bypass-eFsxd8KP)

According to its self-reported version, Cisco FTD Software is affected by multiple policy bypass vulnerabilities in its payload inspection component for Ethernet Industrial Protocol ENIP traffic due to incomplete deep packet inspection for ENIP traffic. An unauthenticated, remote attacker can...

Segfault while copying constant resource tensor

Impact During TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. Patches We have patched the issue in GitHub commit 7731e8dfbe4a56773be5dc94d631611211156659. The fix will be...

Security Tool Guts: How Much Should Customers See?

Many cybersecurity tools use engines that calculate risk for events in customer environments. The accuracy of these risk engines is a major concern for customers, since it determines whether an attack is detected or not. Therefore, organizations often request visibility into how a risk engine...

CVE-2021-41204

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in...

PYSEC-2021-614

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in...

CVE-2021-41204

CVE-2021-41204 concerns TensorFlow. In affected builds, during Grappler optimizer constant folding, a deep copy of a resource tensor may be attempted, causing a segfault because such tensors should not change. The issue is addressed with a fix in TensorFlow 2.7.0, and a cherry-pick was applied to...

Logic Flaw Vulnerability in Log Audit System of Deepcore Technology Co.

DeepService Technology Co., Ltd. is a product and service provider specializing in enterprise-level security, cloud computing, IT infrastructure and IoT. A logic flaw vulnerability exists in the log auditing system of DeepSign Technology Corporation, which can be exploited by an attacker to...

Product Overview - Cynet Centralized Log Management

For most organizations today, the logs produced by their security tools and environments provide a mixed bag. On the one hand, they can be a trove of valuable data on security breaches, vulnerabilities, attack patterns, and general security insights. On the other, organizations don't have the rig...

CVE-2021-34754

Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol ENIP traffic for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing duri...

Improper access control

Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol ENIP traffic for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing duri...

CVE-2021-34754 Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities

Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol ENIP traffic for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing duri...

Cisco Firepower Threat Defense 访问控制错误漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. An access control error vulnerability exists in Cisco Firepower Threat Defense that results from incomplete processing during deep packet inspection of ENIP packets. An...

PT-2021-5000 · Cisco · Cisco Ftd

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to the implementation of the Ethernet Industrial Protocol ENIP in the Cisco Firepower Threat Defense FTD Software, which is associat...