Ubuntu 21.04 : Please vulnerabilities (USN-4955-1)

The remote Ubuntu 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4955-1 advisory. Matthias Gerstner discovered that Please contained multiple security issues. A local attacker could use these issues to cause Please to crash, resulting in a...

@jpinkney/plugin (>=0.0.1-1583345065 <=0.0.1-1583345396), @theia/debug (>=0.4.0-next.0a1bd791 <=0.4.0-next.fee81ec4) +8 more potentially affected by CVE-2021-28162 via @theia/messages (>=0.10.0-next.a2cdb337 <=0.9.0)

@theia/messages NPM version =0.10.0-next.a2cdb337, =0.0.1-1583345065, =0.4.0-next.0a1bd791, =0.4.0-next.0a1bd791, =0.3.4, =0.8.0, =0.3.19, =0.3.12, =0.13.0, =0.7.0-next.2011dfb2, =0.17.0-next.0d7566df, =0.17.0-next.f5433ece Source cves: CVE-2021-28162 Source advisory: OSV:GHSA-C94V-8FFF-73PH...

@aikosia/automaton (>=0.6.0 <=0.8.1), @aikosia/automaton-cli (>=0.2.1 <=0.3.5) +27 more potentially affected by CVE-2020-7718 via gammautils (>=0.0.2 <=0.0.81)

gammautils NPM version =0.0.2, =0.6.0, =0.2.1, =0.9.0, =0.1.5, =1.0.49, =9.0.0, =0.1.44, =0.1.22, =0.1.20, =1.0.1, =0.0.9, =0.0.7, =0.0.8 and more Source cves: CVE-2020-7718 Source advisory: OSV:GHSA-PGMG-GF5P-54J8...

KLA12184 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. A data validation vulnerability in V8 can be exploited to bypass security...

CVE-2021-21232

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-21232

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-21232

CVE-2021-21232 affects Google Chrome DevTools. Use-after-free in Dev Tools prior to version 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian and other advisories note the fix in Chrome 90.0.4430.93 (and Chrome/Chromium update channels),...

Performance-testing the Google I/O site

I've been looking at the performance of F1 websites recently, but before I dig into the last couple of teams, I figured I'd look a little closer to home, and dig into the Google I/O website. 1. Part 1: Methodology & Alpha Tauri 2. Part 2: Alfa Romeo 3. Part 3: Red Bull 4. Part 4: Williams 5. Part...

CVE-2021-21232

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Chromium: CVE-2021-21232 Use after free in Dev Tools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

DevSecOps: How to Systematize Security into the Dev Pipeline

Security within an organization cannot be siloed or left up for DevOps teams to figure out and manage. Learn how applying DevSecOps best practices will have a noticeable positive impact on the security of your overall applications...

Google Chrome Dev Tools Code Execution Vulnerability

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Dev Tools in versions of Google Chrome prior to 90.0.4430.93. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

label-studio (>=1.1.0 <=1.2.0), thenewboston-ml-dev (=0.2.3) potentially affected by CVE-2021-30459 via django-debug-toolbar (=3.2.0)

django-debug-toolbar PYPI version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on django-debug-toolbar and may be impacted: - label-studio =1.1.0, =1.2.0 - thenewboston-ml-dev =0.2.3 Source cves: CVE-2021-30459 Source advisory:...

label-studio (>=1.1.0 <=1.2.0), thenewboston-ml-dev (=0.2.3) potentially affected by CVE-2021-30459 via django-debug-toolbar (=3.2.0)

django-debug-toolbar PYPI version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on django-debug-toolbar and may be impacted: - label-studio =1.1.0, =1.2.0 - thenewboston-ml-dev =0.2.3 Source cves: CVE-2021-30459 Source advisory: OSV:PYSEC-2021-10...

GHSA-4HJQ-422Q-4VPX Mautic vulnerable to secret data exfiltration via symfony parameters

Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...

Simple Traffic Offense System 1.0 Cross Site Scripting

Exploit Title: Traffic Offense System | Stored Cross Site Scripting Cookie-theft Exploit Author: Richard Jones Date: 03-04-2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/12330/simple-traffic-offense-system-php.html Version: 1.0 Tested On:...

The vulnerability in the implementation of the dev_map_init_map and sock_map_alloc functions in the Linux kernel allows a hacker to trigger a system crash or enhance their privileges.

The vulnerability of the devmapinitmap and sockmapalloc functions in the Linux kernel exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause the system to crash or increase their privileges...

PT-2024-11146 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the crypto: qat module in the Linux kernel, where the ADF STATUS PF RUNNING flag is set after adf dev init. However, the vf2pf lock is initialized in adf dev...

CVE-2021-21386

APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be...

Design/Logic Flaw

APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be...