Google Chrome to Help Users Identify Untrusted Extensions Before Installation

Google on Thursday said it's rolling out new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago. To this end, the search giant said it will now offer additional protections when users...

Unspecified Vulnerability in Backstage

Backstage is the open platform for building developer portals. An unspecified vulnerability exists in Backstage. An attacker could exploit the vulnerability to access sensitive data...

Unspecified vulnerability in Backstage (CNVD-2021-44721)

Backstage is an open platform for building developer portals, and techdocs common contains the common features of Backstage's techdocs. An unspecified vulnerability exists in Backstage. An attacker can exploit the vulnerability to access sensitive data...

CVE-2021-32660

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...

backstage 代码问题漏洞

Backstage is the open platform for building developer portals. An unspecified vulnerability exists in Backstage. An attacker could exploit the vulnerability to access sensitive data...

GHSA-55XH-53M6-936R Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth...

CVE-2021-3412

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks...

CVE-2021-3412

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks...

Design/Logic Flaw

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks...

CVE-2021-3412

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks...

CVE-2021-3412

CVE-2021-3412 affects the 3Scale developer portal, with the root cause being missing brute-force protections in all portal versions. The vulnerability could allow an attacker to bypass login controls and access privileged information, potentially enabling further attacks. Exploitation details are...

Creating coefficiency: DevOps, Security, and Compliance

Secure IaC Infrastructure-as-code IaC is a powerful partnership accelerator. As businesses and organizations scale into the cloud to realize its full production-enablement potential, security often struggles to keep up. The ultimate goal on the security horizon is, of course, to prevent risks and...

3Scale 安全漏洞

Red Hat 3Scale is a suite of API Application Programming Interface lifecycle management software from Red Hat. A security vulnerability exists in 3Scale, which originated in 3Scale.We found that all versions of the 3Scale Developer Portal lack brute force protection...

Accusoft ImageGear PNG png_palette_process memory corruption vulnerability

Summary A memory corruption vulnerability exists in the PNG pngpaletteprocess functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide malicious inputs to trigger this vulnerability. Tested Versions Accusoft ImageGear...

Accusoft ImageGear TIF IP_planar_raster_unpack improper array index validation vulnerability

Summary An improper array index validation vulnerability exists in the TIF IPplanarrasterunpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...

PT-2021-20086 · Commscope · Commscope Ruckus Iot Controller

Name of the Vulnerable Software and Affected Versions: CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier Description: An issue exists in the CommScope Ruckus IoT Controller, where an undocumented backdoor allows shell access via a developer account. This backdoor enables unauthorized...

The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending

The plugin did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect...

RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

Impact A security-sensitive bug was discovered by Open Source Developer Erik Sundell of Sundell Open Source Consulting AB. The functions RandomAlphaNumericint and CryptoRandomAlphaNumericint are not as random as they should be. Small values of int in the functions above will return a smaller subs...

GHSA-XG2H-WX96-XGXR RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

Impact A security-sensitive bug was discovered by Open Source Developer Erik Sundell of Sundell Open Source Consulting AB. The functions RandomAlphaNumericint and CryptoRandomAlphaNumericint are not as random as they should be. Small values of int in the functions above will return a smaller subs...

RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

A security-sensitive bug was discovered by Open Source Developer Erik Sundell of Sundell Open Source Consulting AB. The functions RandomAlphaNumericint and CryptoRandomAlphaNumericint are not as random as they should be...