Security Falls Short in Rapid COVID Cloud Migration

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2021-21423
PUBLISHED: 2021-04-06

`projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-typed definition written in JavaScript. Users of projen’s `NodeProject` project type (including any proj…

CVE-2021-28688
PUBLISHED: 2021-04-06

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn’t use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leakin…

CVE-2020-36309
PUBLISHED: 2021-04-06

ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.

CVE-2021-20334
PUBLISHED: 2021-04-06

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versi…

CVE-2021-24026
PUBLISHED: 2021-04-06

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.

The post Security Falls Short in Rapid COVID Cloud Migration appeared first on Malware Devil.

https://malwaredevil.com/2021/04/06/security-falls-short-in-rapid-covid-cloud-migration/?utm_source=rss&utm_medium=rss&utm_campaign=security-falls-short-in-rapid-covid-cloud-migration