CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

Cross-site Scripting (XSS) - Stored in eventum/eventum

Description Multiple Stored XSS in Administration at eventum 3.10.8 Proof of Concept // PoC.payload " Step to Reproduct Goto Administration Areas and choose to feature below Manage News Input payload into fieldTitle Manage Status Input payload into fieldTitle Manage Projects Input payload into...

Moderate: Red Hat Security Advisory: dnf security and bug fix update

An update for dnf, dnf-plugins-core, and libdnf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

12 New Flaws Used in Ransomware Attacks in Q3

A dozen new vulnerabilities were used in ransomware attacks this quarter, bringing the total number of bugs associated with ransomware to 278. That’s a 4.5 percent increase over Q2, according to researchers. Five of the newbies can be used to achieve remote code execution RCE, while two can be us...

ALSA-2021:4464 Moderate: dnf security and bug fix update

dnf is a package manager that allows users to manage packages on their systems. It supports RPMs, modules and comps groups & environments. Security Fixes: libdnf: Signature verification bypass via signature placed in the main RPM header CVE-2021-3445 For more details about the security issues,...

Moderate: dnf security and bug fix update

dnf is a package manager that allows users to manage packages on their systems. It supports RPMs, modules and comps groups & environments. Security Fixes: libdnf: Signature verification bypass via signature placed in the main RPM header CVE-2021-3445 For more details about the security issues,...

UBUNTU-CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs

Three separate threat groups are all using a common initial access broker IAB to enable their cyberattacks, according to researchers – a finding that has revealed a tangled web of related attack infrastructure underpinning disparate and in some cases rival malware campaigns. The BlackBerry Resear...

CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

UBUNTU-CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

CVE-2021-39905

Removed by vendor...

CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

PT-2021-22752 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.9.6 and later Description: An information disclosure issue in the GitLab CE/EE API allows a user to view basic information about private groups that a public project has been shared with. Recommendations: For GitLab...

The vulnerability of Google Chrome web browser’s Tab Groups component, related to reading data beyond the allowed buffer size, allows attackers to access confidential data and cause service interruptions.

The vulnerability of Google Chrome’s web browser’s Tab Groups component is related to reading data beyond the acceptable buffer size. Exploiting this vulnerability can allow a remote attacker to access confidential data, as well as cause service interruptions through the use of a specially create...

CVE-2021-22564 Out of bounds Copy in Libjxl in large image groups

For certain valid JPEG XL images with a size slightly larger than an integer number of groups 256x256 pixels when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to another. This copy can occur when processing the...

GitLab Information Disclosure Vulnerability (CNVD-2021-84582)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Community...

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

ARCHIVED STORY Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022 By Raj Samani · October 31, 2021 McAfee Enterprise and FireEye recently released its 2022 Threat Predictions. In this blog, we take a deeper dive into the continuingly aggressive role Nation States will...

GitLab EE Information Disclosure Vulnerability (CNVD-2021-84595)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...