PYSEC-2021-31

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...

OMERO.web exposes some unnecessary session information in the page

Background OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release. Impact OMERO.we...

GHSA-GFP2-W5JM-955Q OMERO.web exposes some unnecessary session information in the page

Background OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release. Impact OMERO.we...

Accellion Supply Chain Hack

A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide. Theres much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software. The governor of New Zealands central...

Authentication flaw

The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team...

PT-2021-17773 · Grafana +2 · Grafana Enterprise +3

Name of the Vulnerable Software and Affected Versions: Grafana Enterprise versions 6.x through 6.7.5 Grafana Enterprise versions 7.x through 7.3.9 Grafana Enterprise versions 7.4.x through 7.4.4 Description: The team sync HTTP API in Grafana Enterprise presents an Incorrect Access Control issue. ...

CVE-2017-7543

A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0446-1 Rating: important References: 1183515 Cross-References: CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes three vulnerabilities is now...

Grafana Labs Grafana Enterprise 安全漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana Enterprise that allows access restrictions ...

Heap Buffer Overflow

Google Chrome is vulnerable to heap buffer overflow in tab groups. It allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

FreeBSD : chromium -- multiple vulnerabilities (b81ad6d6-8633-11eb-99c5-e09467587c17)

Chrome Releases reports : This release includes 5 security fixes, including : - 1167357 High CVE-2021-21191: Use after free in WebRTC. Reported by raven @raidakame on 2021-01-15 - 1181387 High CVE-2021-21192: Heap buffer overflow in tab groups. Reported by Abdulrahman Alqabandi, Microsoft Browser...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0436-1 Rating: important References: 1183515 Cross-References: CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities is now available...

ProxyLogon PoCs trigger a game of whack-a-mole

As we reported recently, the use of the Microsoft Exchange Server ProxyLogon vulnerabilities has gone from “limited and targeted attacks” to a full-size panic in no time. Criminal activities, ranging in severity from planting crypto-miners to deploying ransomware, and conducted by numerous groups...

DEBIAN-CVE-2021-21192

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-21192

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-21192

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-21192

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

How Akamai Can Help You Fight the Latest Exploitation Attempts Against Microsoft Exchange

Co-authored by Ryan Barnett. AppSec Protections for Microsoft Exchange CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 On March 2, 2021, the Microsoft Security Response Center alerted its customers to several critical security updates to Microsoft Exchange Server, addressing...

CVE-2021-27948

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...

CVE-2021-27948

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...