CISA warns of trojanized versions of JavaScript library’s NPM package

By Deeba Ahmed The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository. This is a post from HackRead.com Read the original post: CISA warns of trojanized versions of JavaScript librarys NPM package...

Cross site request forgery (csrf)

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the...

CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...

CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...

CVE-2021-32738

CVE-2021-32738 affects the js-stellar-sdk library used to interact with Stellar Horizon. The vulnerability lies in Utils.readChallengeTx, which, before version 8.2.3, did not verify that the server signature was present on the challenge transaction; however, signature verification via Utils.verif...

The vulnerability of the deleteFunctions function in the serialize-javascript application library of Aurora Center is related to errors in code generation. This allows a perpetrator to execute arbitrary code.

The vulnerability of the deleteFunctions function in the serialize-javascript application library of Aurora Center is related to code generation control errors. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

jQuery Detection (Linux/Unix SSH Login)

SSH login-based detection of jQuery. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

Debian DSA-4917-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2021-30506 @retsew0x01 discovered an error in the Web App installation interface. - CVE-2021-30507 Alison Huffman discovered an error in the Offline mode. - CVE-2021-30508 Leecraso and Guang Gong discovered a buffer...

CVE-2021-29489

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The...

Debian DSA-4886-1 : chromium - security update

Several vulnerabilites have been discovered in the chromium web browser. - CVE-2021-21159 Khalil Zhani discovered a buffer overflow issue in the tab implementation. - CVE-2021-21160 Marcin Noga discovered a buffer overflow issue in WebAudio. - CVE-2021-21161 Khalil Zhani discovered a buffer...

[SECURITY] [DSA 4883-1] underscore security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4883-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 01, 2021 https://www.debian.org/security/faq -...

Design/Logic Flaw

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated...

CVE-2018-1107

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated...

UBUNTU-CVE-2021-27292

ua-parser-js = 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time...

The vulnerability of the `dojox.xmpp.util.xmlEncode` component in the dojox JavaScript library allows a attacker to compromise data integrity.

The vulnerability of the dojox.xmpp.util.xmlEncode component in the dojox JavaScript library is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...

Debian DSA-4858-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2021-21148 Mattias Buelens discovered a buffer overflow issue in the v8 JavaScript library. - CVE-2021-21149 Ryoya Tsukasaki discovered a stack overflow issue in the Data Transfer implementation. - CVE-2021-21150 Wooj...

Debian: Security Advisory (DSA-4858-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-27405

A ReDoS regular expression denial of service flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js...

Debian DSA-4846-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2020-16044 Ned Williamson discovered a use-after-free issue in the WebRTC implementation. - CVE-2021-21117 Rory McNamara discovered a policy enforcement issue in Cryptohome. - CVE-2021-21118 Tyler Nighswander discover...

2pg-oauth (>=1.0.0 <=1.0.1), 30s (>=1.5.0 <=1.5.23) +1873 more potentially affected by CVE-2021-21306 via marked (>=1.1.1 <=1.2.9)

marked NPM version =1.1.1, =1.0.0, =1.5.0, =4.11.16, =1.0.1, =0.0.1, =2.4.0, =0.12.4, =4.0.0, =0.1.1, =0.1.10, =0.0.1, =1.0.0, =2.0.0, =3.1.1 - @adonisjs/cli =4.0.13 and more Source cves: CVE-2021-21306 Source advisory: OSV:GHSA-4R62-V4VQ-HR96...