Latest News
Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Any technological innovation comes with security risks, and open banking is no exception. Open banking relies on APIs…
Parasitic advanced persistent threat Secret Blizzard accesses another APT's infrastructure and steals what it has stolen from South Asian government and military targets.
The vulnerability affects certain versions of the Veeam Service Provider Console that can only be fixed by updating with the latest patch.
The notorious spyware from Israel's NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones.
Explore the transition from passwords to a passwordless future: enhanced security, convenience, and cutting-edge innovations in biometrics and…
Affected versions use deno_core releases that expose `Deno.core.ops.op_panic` to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime. It can be fixed by stubbing out the exposed op: ```javascript Deno.core.ops.op_panic = (msg) => { throw new Error(msg) }; ```
Affected versions use deno_core releases that expose `Deno.core.ops.op_panic` to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime, breaking sandboxing It can be fixed by stubbing out the exposed op: ```javascript Deno.core.ops.op_panic = (msg) => { throw new Error(msg) }; ```
When given a valid UTF8 string "ö\x1b😀", the function in crates/anstream/src/adapter/strip.rs will be confused. The UTF8 bytes are \xc3\xb6 then \x1b then \xf0\x9f\x98\x80. When looping over "non-printable bytes" \x1b\xf0 will be considered as some non-printable sequence. This will produce a broken str from the incorrectly segmented bytes via str::from_utf8_unchecked, and that should never happen. Full credit goes to @Ralith who reviewed this code and asked @burakemir to follow up.
The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered distinct. This was patched in 0.15.1.