Month: February 2021
-
Vulnerability Summary for the Week of January 25, 2021
Original release date: February 1, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info async-git_project — async-git The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. 2021-01-26 7.5 CVE-2021-3190 MISC MISC MISC CONFIRM caret — caret A… Read more
-
Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
The flaw in the free-source library could have been ported to multiple applications. Read more
-
Alleged Gaming Software Supply-Chain Attack Installs Spyware
Researchers allege that software used for downloading Android apps onto PCs and Macs has been compromised to install malware onto victim devices. Read more