644 matches found
[SECURITY] Fedora 34 Update: js-jquery-ui-1.13.0-1.fc34
A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library...
Exploit for Code Injection in Gitlab
CVE-2021-22205 GitLab CE/EE Preauth RCE using ExifTool This...
Mozilla Firefox Security Advisory (MFSA2014-68) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
The vulnerability in the implementation of the STARTTLS protocol for the software interface with servers allows a perpetrator to carry out “man-in-the-middle” attacks.
The vulnerability of the STARTTLS protocol implementation in the software for interacting with servers via cURL is related to insufficient authentication checks. Exploiting this vulnerability allows a remote attacker to carry out “man-in-the-middle” attacks...
MAM SDK Migration Unexpected behavior on MDX/MAM SDK app container
Some interaction between managed applications in the same container are not working properly for example, copy and paste, open-in, etc. Scenario 1: Productivity Apps only using Hybrid mode One app on Legacy MDX and one app on MAM SDK. This scenario is not supported and not recommended. Scenario 2...
Reentrancy in settleAuction(): malicious publisher can bypass index timelock mechanism, inject malicious index, and rug the basket
Handle kenzo Vulnerability details The settleAuction function calls withdrawBounty before setting auctionOngoing = false, thereby allowing reentrancy. Impact A malicious publisher can bypass the index timelock mechanism and publish new index which the basket's users won't have time to respond to...
Cross-Site Request Forgery (CSRF) in ampache/ampache
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
CVE-2021-20414
IBM Guardium Data Encryption GDE 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216...
CVE-2021-20414
IBM Guardium Data Encryption GDE 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216...
CVE-2021-20414
IBM Guardium Data Encryption GDE 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216...
WhatsApp reverses course, will not limit app functionality
WhatsApp, the end-to-end encrypted messaging service that has lost users, its founders, and a large amount of public goodwill, issued a reversal on its recent privacy policy enforcement measures, clarifying that it will no longer punish users who refuse to share some of their data with the...
WhatsApp calls and messages will break unless you share data with Facebook
WhatsApp told users last week that there was no need for alarm regarding an upcoming privacy policy deadline, as users who refuse to accept the privacy policy will not have their accounts deleted—they will just have their apps rendered useless, eventually incapable of receiving calls and messages...
DNSObserver - A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities
A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends notifications with the received request's details via Slack. DNSObserver can help you find bugs such as blind OS command...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...
CVE-2021-22183
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...
UBUNTU-CVE-2021-22183
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...
CVE-2021-22183
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...
CVE-2021-22183
Removed by vendor...
6 strategies to reduce cybersecurity alert fatigue in your SOC
Today, organizations are faced with the increasingly difficult task of trying to protect their expanding digital estate from sophisticated cybersecurity threats. Migration to the cloud and a mobile workforce has dissolved the network boundary and projected the digital estate beyond its traditiona...
CVE-2020-35584
In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any...