MAL-2021-3 Malicious code in digital-marketing-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 902d44e21b6271e6b66059054f16d136d16fdc5172a47797fcfc9eda5a32fa05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in digital-marketing-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 902d44e21b6271e6b66059054f16d136d16fdc5172a47797fcfc9eda5a32fa05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in dbp-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4f59dcb33c6b979c2571b136278d2a4dbb77c122506b74f77ed0bc422fed824a Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2021-2 Malicious code in dbp-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4f59dcb33c6b979c2571b136278d2a4dbb77c122506b74f77ed0bc422fed824a Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

DBeaver XML External Entity Injection Vulnerability

DBeaver is a free multi-platform database tool for developers, Sql programmers, database administrators and analysts from the DBeaver team in the U.S. An XML external entity injection vulnerability exists in DBeaver, which stems from a web-based system or product that does not set the correct...

CVE-2021-43608

Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other A...

HTTP Request Smuggling in github.com/hyperledger/fabric

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...

ICO challenges adtech to step up privacy protection

The UK Information Commissioners Office ICO wants the advertising industry to come up with new initiatives that address the risks of adtech, and take account of data protection requirements from the outset. The ICO is an independent body set up to uphold information rights. The technology that is...

Updated rust packages fix security vulnerability

Updated rust packages fix security vulnerability This update mitigates a security concern in the Unicode standard, affecting source code containing "bidirectional override" Unicode codepoints: in some cases the use of those codepoints could lead to the reviewed code being different than the...

CVE-2021-43669

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...

Mozilla Firefox Security Advisory (MFSA2015-10) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

WordPress Download Manager Plugin < 3.2.16 XSS Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

MAL-2021-5 Malicious code in portal-shell (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6ffd7e5a9ce9fae497402105a8a055471199ee7ce66a5fce2e1a8655640a81e6 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Millions of Routers, IoT Devices at Risk from BotenaGo Malware

Newly surfaced malware that is difficult to detect and written in Google’s open-source programming language has the potential to exploit millions of routers and IoT devices, researchers have found. Discovered by researchers at AT&T AlienLabs, BotenaGo can exploit more than 30 different...

Limiting your exposure to location data resellers

Location data is valuable, just ask Huq Industries, who make a living out of selling your location information, then found that the apps they bought it from hadn’t asked the end users permission to have it! Naughty! The organisations they sell it to use it for better marketing, to get a better...

Malicious Firefox Add-ons Block Browser From Downloading Security Updates

Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. The two extensions in question, named Bypass and Bypass XM, "interfered with Firefox in a way that prevented users w...

Shisho - Lightweight Static Analyzer For Several Programming Languages

Shisho is a lightweight static analyzer for developers. Please seethe usage documentation for further information. Try at Playground You can try Shisho at our playground. Try with Docker You can try shisho in your machine as follows: echo "func testv string int return lenv + 1; " | docker run -i...

Credential Disclosure in System.DirectoryServices.Protocols

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Information Disclosure vulnerability exists in .NET where...

GHSA-9CXH-GQPX-QC5M Credential Disclosure in System.DirectoryServices.Protocols

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Information Disclosure vulnerability exists in .NET where...

Mozilla Firefox ESR < 78.15

The version of Firefox ESR installed on the remote Windows host is prior to 78.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-44 advisory. - Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present ...