MAL-2021-5 Malicious code in portal-shell (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6ffd7e5a9ce9fae497402105a8a055471199ee7ce66a5fce2e1a8655640a81e6 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

rust-toolset:rhel8 security update

An update is available for rust-toolset, rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc...

CVE-2021-31888

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

CVE-2021-31883

CVE-2021-31883 affects Siemens APOGEE MBC / TALON products (Nucleus RTOS) including APOGEE MBC (PPC/BACnet), APOGEE MEC, APOGEE PXC Compact/Modular, Desigo PXC variants, and Capital VSTAR with Ethernet options. Root cause: DHCP client processing fails to validate the length of Vendor option(s) in...

PT-2021-19564 · Unknown · Nucleus Readystart V3 +9

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions prior to V2303 Capital Embedded AR Classic R20-11 versions prior to V2303 APOGEE MBC PPC BACnet all versions APOGEE MBC PPC P2 Ethernet all versions APOGEE MEC PPC BACnet all versions APOGEE MEC PP...

PT-2021-6896 · Unknown +1 · Nucleus Source Code +10

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions all APOGEE MBC versions all APOGEE MEC versions all APOGEE PXC versions all TALON TC versions all Nucleus...

Compilers permit Unicode control and homoglyph characters

Overview Attacks that allow for unintended control of Unicode and homoglyphic characters, described by the researchers in this report leverage text encoding that may cause source code to be interpreted differently by a compiler than it appears visually to a human reviewer. Source code compilers,...

PT-2021-6242 · Mentor Graphics +1 · Nucleus Net +11

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions all SIMOTICS CONNECT 400 versions prior to V0.5.0.0 APOGEE MBC versions all APOGEE MEC versions all APOGE...

PT-2021-19251 · Siemens +1 · Simotics Connect 400 +12

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions all prior to V2303 PLUSCONTROL 1st Gen versions all SIMOTICS CONNECT 400 versions all prior to V0.5.0.0 SIMOTICS CONNECT 400 versions all prior to...

CVE-2021-40577

CVE-2021-40577 is a stored XSS vulnerability in the Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, affecting the Add-Users page via the Name parameter. The issue arises from storing unsanitized input that is later reflected, enabling a persistent script...

Simple Client Management System 1.0 Cross Site Scripting

Exploit Title: Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: Sentinal920 Date: 5-11-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...

Denial Of Service (DoS)

rust:edge is vulnerable to denial of service. The vulnerability exists as it permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters causing an...

Trojan Source CVE-2021-42572: No Panic Necessary

What is this thing? Researchers at the University of Cambridge and the University of Edinburgh recently published a paper on an attack technique they call “Trojan Source.” The attack targets a weakness in text-encoding standard Unicode—which allows computers to handle text across many different...

Trojan Source: Hiding malicious code in plain sight

Researchers at the University of Cambridge, UK, have released details of a cunning and insidious new class of software vulnerability that allows attackers to hide code in plain sight, within the source code of computer programs. The techniques demonstrated by the researchers could be used to pois...

CVE-2021-36560

Technical details for CVE-2021-36560 are not present in the provided documents. The connected items cover Java/OpenJDK advisories and related CVEs, not this CVE. Monitor for updates.

CVE-2021-36560

Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin...

Vulnerabilities related to Unicode fixed

Researchers from the universities of Cambridge and Edinburgh have developed developed attack methods for compromising open-source software. This involves the abuse of Unicode control characters. By placing control characters in the source code at tactical places in tactical places, source code is...

Unicode characters allow malicious code to be hidden from a human reviewer (JSM Server & Insight asset management App) - CVE-2021-42574

Researchers at the University of Cambridge reported a vulnerability affecting Jira Service Management Server / DC and Insight Asset Management app where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications. These specia...

Vimana - An Experimental Security Framework That Aims To Provide Resources For Auditing Python Web Applications

Vimana is a modular security framework designed to audit Python web applications. The base of the Vimana is composed of crawlers focused on frameworks in addition to the generic ones for web, trackers, discovery, fuzzer, parser among other types of modules. The main idea, from where the framework...

Trojan Source attack lets hackers exploit source code

By Waqas Trojan Source attack impacts all popular programming language compilers, such as C, C++, C, Java, JavaScript, Python, Rust, and Go. This is a post from HackRead.com Read the original post: Trojan Source attack lets hackers exploit source code...