262 matches found
CVE-2021-45678
NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code...
Design/Logic Flaw
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent t...
CVE-2021-41616
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
CVE-2021-41616
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
CVE-2021-41616
CVE-2021-41616 concerns Apache DB DdlUtils 1.0, where the BinaryObjectsHelper deserializes data via ObjectInputStream.readObject without validating input. This insecure deserialization could lead to arbitrary code execution. Multiple sources (NVD, OSV, CNVD) describe the root cause as the untrust...
in beestat/app
✍️ Description The random number generator implemented by mtrand on session keys is not suitable for cryptographic purposes generation of tokens, passwords, or cryptographic keys either. mtrand function that produces predictable values is utilized as a source of randomness in a security-sensitive...
CVE-2021-33669
The CVE-2021-33669 entry concerns SAP Mobile SDK Certificate Provider, where insecure temporary file storage can be abused by a local, unprivileged attacker. Exploitation requires user interaction from another user and is described to potentially impact confidentiality, integrity, and availabilit...
CVE-2021-3538
A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker...
Singularity has an unspecified vulnerability
Singularity is an open source container management platform from the Singularity team Singularity. The software supports building applications on their desktops and running hundreds or thousands of instances on any public cloud or at the compute edge. A security vulnerability exists in versions...
CVE-2021-26076
The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...
CVE-2021-20445
IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621...
Ubiquiti breach, and other IoT security problems
Networking equipment manufacturer Ubiquiti sent out an email to warn users about a possible data breach. The email stated there had been unauthorized access to its IT systems that are hosted with a third-party cloud provider. Ubiquiti Networks sells networking devices and IoT devices. It did not...
Unspecified vulnerability in Aviatrix Controller (CNVD-2021-17716)
Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. A sudo rule insecurity vulnerability exists in Aviatrix Controller versions prior to R5.4.1290. An attacker could execute all commands as any user on the system through th...
Aviatrix Systems Controller 安全漏洞
Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. A sudo rule insecurity vulnerability exists in Aviatrix Controller versions prior to R5.4.1290. An attacker could execute all commands as any user on the system through th...
A week in security (March 16 – 22)
Last week on Malwarebytes Labs, we concluded our series on child identity theft. We also looked into threat actors and campaigns that ride the COVID-19 train, namely the criminal group APT36 and threat actors purporting to be the World Health Organization WHO but instead spreading malware. Lastly...
Insecure Cross-Origin Resource Sharing Configuration
Cross Origin Resource Sharing CORS is an HTML5 technology which gives modern web browsers the ability to bypass restrictions implemented by the Same Origin Policy. The Same Origin Policy requires that both the JavaScript and the page are loaded from the same domain in order to allow JavaScript to...
CVE-2020-1740
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...
CVE-2019-17190
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe which is running as NT AUTHORITY\SYSTEM when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, th...
The vulnerability of the Kernel Mode Driver component in Intel Graphics Drivers relates to insecure privilege management, allowing attackers to escalate their privileges.
The vulnerability of the Kernel Mode Driver component in Intel Graphics Drivers is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...
Election Machine Insecurity Story
Interesting story of a flawed computer voting machine and a paper ballot available for recount. All ended well, but only because of that paper backup. Vote totals in a Northampton County judge's race showed one candidate, Abe Kassis, a Democrat, had just 164 votes out of 55,000 ballots across mor...