Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
512c31ebafb9013dfaf82b0123e088f976d3c1b57658ea60a7c8825a1c4bf7c7
The fix for CVE-2021-21148 has added a check in |ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable array buffers cannot be transferred. The check can be bypassed with the help of asm.js and property getters.
ae2637e1d681177334781f4a6b614cf249946bb30e4223a9dc2793a92ea03f86
Ubuntu Security Notice 4954-1 - Jason Royes and Samuel Dytrych discovered that the memcpy implementation for 32 bit ARM processors in the GNU C Library contained an integer underflow vulnerability. An attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that the POSIX regex implementation in the GNU C Library did not properly parse alternatives. An attacker could use this to cause a denial of service. Various other issues were also addressed.
0d97bdfb094448b62a9b461045f71712af4a4388f17038f2bff95ef14f66f9a8
The Call For Papers has been announced for the 2nd Joint Workshop on CPS and IoT Security and Privacy (CPSIoTSec 2021). It will be held in Seoul, South Korea on November 15, 2021.
b06d8635ef575b104a9761e12224a79c99747d65270f61cbffee99241b943c7d
Student Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
c2ed968611aae4d67e270b9db8f422ff9b74bb04c9a82aac4b86423e0f559011
Ubuntu Security Notice 4953-1 - Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access sensitive information.
ac6176eda2562f663a4ae131506b3fc6577b2799f55437b5b195d6e4a3f3109c
Podcast Generator version 3.1 suffers from a persistent cross site scripting vulnerability.
840b593eef104807a7745abe50d24a7b92b240507d60f8d83ef4cac384676b7f
Red Hat Security Advisory 2021-1560-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.4 serves as a replacement for Red Hat AMQ Streams 1.6.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a resource exhaustion vulnerability.
2ff7911ad453047cb62a6be2eef0f5b3914da0931d3a67bc77cbf2ba4e925c8e
Chamilo LMS version 1.11.14 authenticated remote code execution exploit.
5acc13c23322a41001bab9b40d04275fecff5dd103b69fecf80f0e2b5f9ab152