15 matches found
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security...
CVE-2024-6221
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...
CVE-2024-6221
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...
CVE-2024-6221
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...
CVE-2024-6221 Improper Access Control in corydolphin/flask-cors
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...
CVE-2024-6221 Improper Access Control in corydolphin/flask-cors
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...
CVE-2024-6221
CVE-2024-6221 affects corydolphin/flask-cors 4.0.1, where the Access-Control-Allow-Private-Network header can be enabled by default due to an improper access-control configuration. This can allow private network resources to be exposed to external actors. Public-facing advisories (IBM and EU/NVD ...
CVE-2024-6221
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...
Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed
It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers locations. The FCC...
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
Summary Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China PRC state-sponsored...
Avast, NordVPN Breaches Tied to Phantom User Accounts
Antivirus and security giant Avast and virtual private networking VPN software provider NordVPN each today disclosed months-long network intrusions that -- while otherwise unrelated -- shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with...
What Is Credential Dumping?
Modern network intrusions thrive on a counterintuitive trick: stealing passwords from computers that hackers have already compromised...
Verizon DBIR 2013: Months Pass Before Attacks Detected
It’s a familiar refrain: Attackers often have months of unfettered access to corporate networks; and security and network managers remain in the dark until they’re notified of serious breaches by third parties. Enterprises, regardless of industry, dread that fateful knock on the door by the FBI,...
Cautious Optimism over Google DNSSEC Deployment
Google’s announcement that its Google Public DNS resolution service now supports DNSSEC is being applauded, but experts caution that despite Google’s high profile, this only puts a slight dent in a larger issue. “I think it’s great that Google is getting involved and supporting validation for...
Cyber threats a major risk to business
When it comes to security, small and midsize businesses are largely unaware of the risks they face. Cybercrime is a serious problem which affects businesses of all sizes and can have devastating consequences. U.S. small businesses should understand they cannot completely remain safe from...