UBUNTU-CVE-2021-37986

Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page...

Scientific Linux Security Update : binutils on SL7.x i686/x86_64 (2021:4033)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:4033-1 advisory. - Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 Note that Nessus has not tested f...

RHEL 7 : binutils (RHSA-2021:4034)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4034 advisory. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar...

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

Moderate: Red Hat Security Advisory: binutils security update

An update for binutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RHEL 7 : binutils (RHSA-2021:4038)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4038 advisory. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar...

Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure. Last...

What Is API Management ❓ All That Novices To Experts Should Learn

The world of mobile and web app development revolves around API or Application Programming Interface. It’s a magic wand using which an application developer lets the applications correspond with each other. While you’re dealing with API, gaining acquaintances with API management operations, tools...

NPM Library (ua-parser-js) Hijacked: What You Need to Know

Last Update: October 27, 2021 For approximately 4 hours on Friday, October 22, 2021, a widely utilized NPM package, ua-parser-js, was embedded with a malicious script intended to install a coinminer and harvest user/credential information. This package is used “to detect Browser, Engine, OS, CPU,...

Amazon AWS SDK for Android安全漏洞

Amazon AWS SDK for Android is an Andorid-based software development kit for Amazon Web Services AWS from Amazon.com. An information disclosure vulnerability exists in Amazon AWS SDK 1.7.22 and earlier. A remote attacker could use the vulnerability to access AWS S3 developer files by reading...

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that...

GitLab: "External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request

Summary Any user who is either author or assignee of a merge request can approve that merge request's external status checks. This includes users with Guest access that creates MR's either through email or through a fork of the project. It also includes users with Guest or Reporter access getting...

Design/Logic Flaw

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...

CVE-2021-41151

CVE-2021-41151 (Backstage) : A path traversal vulnerability in the Backstage scaffolder backend allows reading sensitive files from the environment where Scaffolder Tasks run. An attacker can craft a custom Scaffolder template using a pull-request publishing action (e.g., publish:github:pull-requ...

Important: Red Hat Security Advisory: Red Hat 3scale API Management 2.11.0 Release - Container Images

Red Hat 3scale API Management 2.11.0 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

What is Graphql ❓ Definition with Example

Anyone who is involved in app development will be familiar with GraphQL, a highly useful query language making tons of things right for app developers and security managers. When handled perfectly and diligently, GraphQL holds the power to empower the traditional process of data retrievals,...

Guide: How to Hack API in 60 minutes or API Threats Simulation with Open-Source Tools

What is API? API is the abbreviation for Application Programming Interface, which is a product middle person that permits two applications to converse with one another. Useful link: Api security tutorial for beginners and professionals What Is API Testing: Benefits, Types, How To Start ‍OpenAPI...

KLA12311 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in .NET Cor...

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in bytebase/bytebase

Description Session cookie is not marked with 'Secure' Proof of Concept Login to demo page https://demo.bytebase.com/ Open Firefox developer option - storage - check secure option Below link shows POC https://i.ibb.co/DLG1pyt/Screenshot-48.png...

Tad Book3 Authorization Issues Vulnerabilities

Tad Book3 is an XOOPS module by the individual developer of Tad in Taiwan, China, which can be used to write books, handouts, and as a notepad. Tad Book3 suffers from an authorization issue vulnerability that stems from the Tad Book3 Edit Book page not performing authentication. An attacker can u...