CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

Design/Logic Flaw

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

UBUNTU-CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

Addressing the OT-IT Risk and Asset Inventory Gap

Cyber-espionage and exploitation from nation-state-sanctioned actors have only become more prevalent in recent years, with recent examples including the SolarWinds attack, which was attributed to nation-state actors with alleged Russian ties. There are suspicions that sensitive information has be...

Weblate: Race Condition allows to get more free trials and get more than 100 languages and strings for free

Hi there, As there is rate limit in the website, but it doesn't prevent users to take more than 1 trial which later leads to loss of the company, because by getting more trials I can get more strings and languages limit. Steps to reproduce: 1 Create an account on https://hosted.weblate.org and...

CVE-2020-24051

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issu...

CVE-2020-24051

The CVE-2020-24051 entry affects Moog EXO Series EXVF5C-2 and EXVP7C2-3 units. The ONVIF authentication for certain operations can be bypassed, allowing an attacker to perform privileged actions without authentication, such as creating a new Administrator user. NVD notes a high/critical impact (C...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting...

CVE-2017-18899

Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5 is affected by an issue where IP-based rate limiting is mishandled. This could lead to improper request throttling and potential availability impact as indicated by the CVE description. Affected component: Mattermost Server (versions before 4.2.0...

CVE-2020-7921

A vulnerability was discovered in MongoDB, where an update operation on a user-define role clears the authenticationRestrictions field that was previously set. This unexpected behavior may remove previous IP based restrictions configured on a role, thus allowing a user to bypass them once the...

Privilege Escalation

nfs-utils is vulnerable to privilege escalation. A flaw was found in the way nfs-utils performed IP based authentication of mount requests. In configurations where a directory was exported to a group of systems using a DNS wildcard or NIS Network Information Service netgroup, an attacker could...

Nord Security: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information

Summary: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. Description: An HTML5 cross-origin resource sharing CORS policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy ...

CVE-2017-18462

cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled SEC-224...

CVE-2017-18462

cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled SEC-224...

CVE-2017-18462

cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled SEC-224...

CVE-2017-18462

cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP-based protection is enabled (SEC-224). The issue is documented across multiple sources as a vulnerability in cPanel up to version 62.0.16, with the fix in 62.0.17 identified. Root cause details are not elaborated in the provided doc...

Billions of Malicious Bots Attacks Take to Cipher-Stunting to Hide

When it comes to cyberattacks, adversaries are focusing not just on advanced malware development, but also on increasing the sophistication of their evasion techniques. This is playing out lately in the form of ballooning instances of “cipher stunting” – a TLS tampering technique that helps...

Weather Channel Knocked Off-Air in Dangerous Precedent

On Thursday, The Weather Channel – a trusted cable network source of meteorological data across the U.S. – was knocked off the air by what it said was a “malicious software attack” on its network. The Weather Channel hack – not to be confused with the Weather Channel’s own hacks – affected its li...