Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Node.js vulnerabilities (USN-6380-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6380-1 advisory. Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into...

Wallarm Webinar: NIST CSF 2.0, API Security, and CISO Imperatives

Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework CSF. It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to...

[SECURITY] Fedora 37 Update: matrix-synapse-1.80.0-5.fc37

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

Google Chrome Security Bypass Vulnerability (CNVD-2023-75320)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 117.0.5938.62, which stems from an improper implementation of the Picture module. An attacker could exploit the vulnerability to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2023-75502)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an improper implementation of the Prompts module. An attacker can exploit the vulnerability to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2023-75499)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 117.0.5938.62, which stems from an improper implementation of the Intents module. An attacker can exploit the vulnerability to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2023-75497)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 117.0.5938.62, which stems from an improper implementation of the Custom Mobile Tabs module. An attacker can exploit the vulnerability to bypass security...

Google Chrome Security Bypass Vulnerability (CNVD-2023-75503)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an improper implementation of the Prompts module. An attacker can exploit the vulnerability to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2023-75500)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an improper implementation of the Autofill module. An attacker can exploit the vulnerability to bypass security restrictions...

[SECURITY] Fedora 39 Update: cjose-0.6.2.2-2.fc39

Implementation of JOSE for C/C++...

On Technologies for Automatic Facial Recognition

Interesting article on technologies that will automatically identify people: With technology like that on Mr. Leyvands head, Facebook could prevent users from ever forgetting a colleagues name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at ...

Chromium: CVE-2023-4907 Inappropriate implementation in Intents

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2023-4908 Inappropriate implementation in Picture in Picture

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2023-4903 Inappropriate implementation in Custom Mobile Tabs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2023-4905 Inappropriate implementation in Prompts

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Biden National Cybersecurity Strategy Key Takeaways

Major changes are underway, with new rules for federal agencies and updated requirements for public-private partnerships. We discuss the implementation plans for the strategy's first two pillars: defend critical infrastructure and disrupt and dismantle threat actors...

Microsoft Edge (Chromium) < 117.0.2045.31 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 117.0.2045.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2023 advisory. - Microsoft Edge Chromium-based Elevation of Privilege Vulnerability CVE-2023-36562, CVE-2023-3673...

PCI v4 is coming. Are you ready?

If you’ve landed here the chances are you are considering PCI compliance. At present the scheme is running against v3.2.1. In March 2022, the PCI Council released the long-anticipated v4.0. The Council stated that the changes represent their determination to “continue to meet the security needs o...

LiquidityPool.sol doesn't respect fully EIP 4626

Lines of code Vulnerability details Impact The EIP-4626 states that the function previewMint and previewWithdraw should be rounded up always, but that is not the case in the InvestmentManager.sol which makes it not fully compliant. Proof of Concept As can be seen by EIP-4626 the function...

Moderate: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...