7 matches found
CVE-2019-20536
An issue was discovered on Samsung mobile devices with N7.1, O8.x, and P9.0 released in China software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 November 2019...
GHSA-C9GP-64C4-2RRH Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Summary Grav CMS is vulnerable to a Server-Side Template Injection SSTI, which allows any authenticated user editor permissions are sufficient to execute arbitrary code on the remote server bypassing the existing security sandbox. Details The Grav CMS implements a custom sandbox to protect the...
Russia bans VyprVPN, Opera VPN services for not complying with blacklist request
Russia's telecommunications and media regulator Roskomnadzor RKN on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal,...
Catalyst Mahara Server-Side Request Forgery Vulnerability
Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara, which stems from the program's failure to detect black and white lists for all processes redirecte...
CVE-2017-0903
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
CVE-2017-0903
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
Microsoft Releases Anti-XSS Web Protection Library
Microsoft has released an open-source Web Protection Library WPL to help developers protect web sites from cross-site scripting attacks. The WPL, which is a set of .NET assemblies, is being offered as part of a defense in depth strategy to add an extra layer to any validation or secure coding...