Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejsnetserver" and downloaded over 1,283 times since February 2019, was last...

Broken access control leads to protocol functionality freeze

Handle 0xRajeev Vulnerability details Impact The contracts use an access control pattern where the contract deployer is included in the onlyDAO modifier which is used for authorized access to critical functions. Such contracts also include a purgeDeployer function which renounces sets to...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-53334)

A cross-site scripting vulnerability exists in IBM Jazz Foundation, a next-generation collaboration platform for software delivery technologies, which stems from a system that allows users to embed arbitrary JavaScript code in the Web UI to change the intended functionality, which could be used b...

SUSE-SU-2021:2393-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2021-29 bsc1188275 CVE-2021-29970 bmo1709976: Use-after-free in accessibility features of a document CVE-2021-30547 bmo1715766:...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2212)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:2393-1 Rating: important References: 1188275 Cross-References: CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 CVSS scores: CVE-2021-30547 NVD : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected...

Code injection

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service unbounded recursion that can trigger memory consumption and a loss of all blocking functionality...

UBUNTU-CVE-2021-36773

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service unbounded recursion that can trigger memory consumption and a loss of all blocking functionality...

CVE-2021-36773

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service unbounded recursion that can trigger memory consumption and a loss of all blocking functionality...

CVE-2021-36773

CVE-2021-36773 affects the browser extensions uBlock Origin (before 1.36.2) and nMatrix (before 4.4.9). The vulnerability arises from allowing an arbitrary depth of parameter nesting in strict blocking, which can be exploited by crafted websites to trigger unbounded recursion, resulting in memory...

CVE-2021-36773

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service unbounded recursion that can trigger memory consumption and a loss of all blocking functionality...

SUSE-SU-2021:2389-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2021-29 bsc1188275 CVE-2021-29970: Use-after-free in accessibility features of a document CVE-2021-30547: Out of bounds write in...

CVE-2021-21816

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability...

SUSE-SU-2021:14766-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2021-29 bsc1188275 CVE-2021-29970: Use-after-free in accessibility features of a document CVE-2021-30547: Out of bounds write in...

CVE-2021-32750

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...

CVE-2021-32750

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...

Design/Logic Flaw

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...

CVE-2021-32750 De-anonymization via message

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...

Booking Core has an unspecified vulnerability

Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core has a security vulnerability that stems from the subscription functionality in Ultimate Booking...

Amazon Linux AMI : rpm (ALAS-2021-1521)

The version of rpm installed on the remote host is prior to 4.11.3-40.79. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1521 advisory. A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can...