Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."...

GHSA-HMVJ-GC9Q-MG9P Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."...

Google Releases First Developer Preview of Privacy Sandbox on Android 13

Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "early look" at the SDK Runtime and Topics API to boost users' privacy online. "The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta...

Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in multiple products. The Apache XML Security Java is affected by the vulnerability published in US-Cert VU 466161. See: http://www.kb.cert.org/vuls/id/466161 for more information. This bug can allow ...

What’s New for Developers: April 2022

We have big news this month. You may have already heard that we acquired Linode, creating the world’s most distributed compute platform. In addition, we have release announcements and new developer content to share with you!...

git-interface 操作系统命令注入漏洞

git-interface is an interface for using git repositories in node.js by the Russian individual developer Yarkeev Denis. A security vulnerability exists in yarkeev git-interface versions prior to 2.1.1, which stems from a lack of filtering of the git clone and git --upload-pack command line...

Insufficient Policy Enforcement

chromium suffers from insufficient policy enforcement. The issue exists in the lack of policy enforcement in developer tools...

Chromium: CVE-2022-1309 Insufficient policy enforcement in developer tools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2022-24849 Contact to DisCatSharp-owned server using authenticated client

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

[Security Nation] Kate Stewart on Open-Source Projects at the Linux Foundation

!\Security Nation\ Kate Stewart on Open-Source Projects at the Linux Foundationhttps://blog.rapid7.com/content/images/2022/04/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Kate Stewart, VP of Dependable Embedded Systems at the Linux Foundation, about the...

The vulnerability in Google Chrome’s developer tools for web developers allows a hacker to bypass existing security restrictions.

The vulnerability of Google Chrome’s developer tools relates to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions through a specially created web page...

KLA12505 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Visual Studio can be...

Google Chrome权限许可和访问控制问题漏洞

Google Chrome is a web browser from Google, Inc. and V8 is an open source JavaScript engine. Google Chrome suffers from a privilege permission and access control issue vulnerability that stems from insufficient policy enforcement in the software's developer tools...

Gateway page stuck after authentication on Chrome browser v100

- Citrix Gateway integration with Storefront -Custom Themes based on RFWEBUI, but may appear with others too - Observed at CVPN and Regular Storefront Integrations. -Chrome Version updated to 100.0.4896.60 Official Build 64-bit or later triggers the issue. - Page is stuck spinning circle...

CVE-2021-39780

In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2021-39780

In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

Input validation

In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2021-39780

CVE-2021-39780 affects Android 12L Traceur: a missing permission check allows bypassing developer settings to capture system traces, enabling local privilege escalation with user interaction required. The Android 12L security release notes indicate this issue is addressed in Android 12L; devices ...

Welcome to Edge Diagnostics

After more than a year of dedication and hard work, we are delighted to officially announce the launch of our new Edge Diagnostics application on March 30, 2022. Diagnosing network and content issues quickly and effectively is critical to your success! Therefore the aim is to make the existing...

Spring Cloud Azure 4.0 is Now Generally Available

NOTE: Hi, Spring fans! This is a guest post from Sean Li, our friend at Microsoft I am pleased to announce that Spring Cloud Azure 4.0 is now generally available. With this major release we aim to bring better security, leaner dependencies, support for production readiness and more. Version 4...