Aggregator

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

The Hackers News
7 months 3 weeks ago
The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys. The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3.
The Hacker News

CVE-2021-31810 | Ruby up to 2.6.7/2.7.3/3.0.1 PASV Response Net::FTP information disclosure (Nessus ID 234723)

Vuldb Updates
7 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in Ruby up to 2.6.7/2.7.3/3.0.1. This issue affects the function Net::FTP of the component PASV Response Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2021-31810. The attack can only be done within the local network. There is no exploit available.
vuldb.com

CVE-2021-32066 | Ruby up to 2.6.7/2.7.3/3.0.1 StartTLS Net::IMAP certificate validation (Nessus ID 234723)

Vuldb Updates
7 months 3 weeks ago
A vulnerability has been found in Ruby up to 2.6.7/2.7.3/3.0.1 and classified as critical. This vulnerability affects the function Net::IMAP of the component StartTLS Handler. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2021-32066. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2021-32066 | Oracle JD Edwards EnterpriseOne Tools up to 9.2.6.0 E1 Dev Platform Tech-Cloud inadequate encryption (Nessus ID 234723)

Vuldb Updates
7 months 3 weeks ago
A vulnerability classified as critical was found in Oracle JD Edwards EnterpriseOne Tools up to 9.2.6.0. This vulnerability affects unknown code of the component E1 Dev Platform Tech-Cloud. The manipulation leads to inadequate encryption strength. This vulnerability was named CVE-2021-32066. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-28756 | Oracle JD Edwards EnterpriseOne Tools Prior to 9.2.8.1 One-Click Provisioning denial of service (Nessus ID 234723)

Vuldb Updates
7 months 3 weeks ago
A vulnerability classified as critical has been found in Oracle JD Edwards EnterpriseOne Tools Prior to 9.2.8.1. Affected is an unknown function of the component One-Click Provisioning. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-28756. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2021-31799 | RDoc up to 6.3.0 Filename os command injection (Nessus ID 234723)

Vuldb Updates
7 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in RDoc up to 6.3.0. This issue affects some unknown processing of the component Filename Handler. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2021-31799. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad