openSUSE Security Update : opera (openSUSE-2021-712)

This update for opera fixes the following issues : Update to version 76.0.4017.94 - released on the stable branch Update to version 76.0.4017.88 - CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85 - DNA-92219 Add bookmark API supports to the front-end - DNA-92409 MAC Present now...

Path Traversal

github.com/ipfs/go-ipfs is vulnerable to path traversal. The use of whyrusleeping/tar-utils which fails to validate tarPath when a get is done on an malicious DAG file allows overwritting of files or writing to incorrect destination folders during retrieval...

Unspecified Vulnerability in IPFS

IPFS is a distributed file system developed in the Go language by the Ipfs IPFS team. A security vulnerability exists in IPFS that stems from control characters not being escaped from the console output, which can be exploited by an attacker to perform unknown malicious operations...

CVE-2020-26283

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown,...

CVE-2020-26283

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown,...

CVE-2020-26279

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written t...

CVE-2020-26279

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written t...

Path traversal

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written t...

Design/Logic Flaw

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown,...

CVE-2020-26283 Control character injection in console output

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown,...

CVE-2020-26283

CVE-2020-26283 affects go-ipfs prior to v0.8.0, where control characters are not escaped in console output, potentially enabling a user to be tricked into performing unintended actions. The issue is clearly described across multiple sources (GitHub advisory GHSA-r4gv-vj59-cccm and OSV/CVE records...

CVE-2020-26283

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown,...

CVE-2020-26279

The CVE-2020-26279 issue affects go-ipfs (Go implementation of IPFS): path traversal can occur when retrieving DAGs that contain relative paths, potentially overwriting files or writing to unintended output directories. The vulnerability manifests only during ipfs get operations on affected DAGs ...

CVE-2020-26279 Path traversal

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written t...

CVE-2020-26279

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written t...

Steven Allen go-ipfs 路径遍历漏洞

Steven Allen go-ipfs is a Steven Allen open source application . A global, versioned peer-to-peer file system. A security vulnerability exists in go-ipfs before version 0.8.0-rc1, where the retrieval process may use a dag containing a relative path for path traversal. This could result in files...

Teatime - An RPC Attack Framework For Blockchain Nodes

Teatime is an RPC attack framework aimed at making it easy to spot misconfigurations in blockchain nodes. It detects a large variety of issues, ranging from information leaks to open accounts, and configuration manipulation. The goal is to enable tools scanning for vulnerable nodes and minimizing...

A week in security (January 18 – January 24)

Last week on Malwarebytes Labs, we looked at changes to WhatsApp’s privacy policy, we provided information about Malwarebytes being targeted by the same threat actor that was implicated in the SolarWinds breach, we told the story of ZeroLogon, looked at the pros and cons of Zoom watermarking,...

cid (>=0.3.2 <=0.4.0), dag-cbor (=0.1.0) +41 more potentially affected by CVE-2020-35909 via multihash (=0.10.1)

multihash CARGO version =0.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on multihash and may be impacted: - cid =0.3.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.5.1, =0.0.1, =0.0.2 - libipld =0.1.0 - libipld-base =0.1.0 - libipld-core...

CVE-2020-10937

An issue was discovered in IPFS aka go-ipfs 0.4.23. An attacker can generate ephemeral identities Sybils and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later...