Latest News

apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.

This week on the Lock and Code podcast, we speak with Tjitske de Vries to answer some of the most common cybersecurity questions we receive.

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js)

A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm.

A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code.

Ubuntu Security Notice 6838-1 - It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdoc_options file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that the Ruby regex compiler incorrectly handled certain memory operations. A remote attacker could possibly use this issue to obtain sensitive memory contents.

Debian Linux Security Advisory 5713-1 - A buffer overflow was discovered in libndp, a library implementing the IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of service or potentially the execution of arbitrary code if malformed IPv6 router advertisements are processed.

Ubuntu Security Notice 6836-1 - It was discovered that SSSD did not always correctly apply the GPO policy for authenticated users, contrary to expectations. This could result in improper authorization or improper access to resources.

Debian Linux Security Advisory 5712-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

SPA-CART CMS version 1.9.0.6 suffers from business logic and user enumeration flaws.