🛡 Cybersecurity & Privacy news 🛡
31 August 2021
?
13:36
🛡 Cybersecurity & Privacy news 🛡
🛠 GNU Privacy Guard 2.2.30 🛠

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.

📖 Read

via "Packet Storm Security".
?
14:11
🛡 Cybersecurity & Privacy news 🛡
🦿 Data privacy, governance and insights are all important obligations for businesses 🦿

Expert: Information management can also lead to a massive value proposition in being able to tap into governed data for business insights.

📖 Read

via "Tech Republic".
14:11
🦿 Data compliance: "The world is still waking up to the challenges ahead," expert says 🦿

Bringing together siloed data from all parts of the business is a huge challenge to IT departments when meeting compliance requirements.

📖 Read

via "Tech Republic".
14:14
⚠ Big bad decryption bug in OpenSSL – but no cause for alarm ⚠

The buggy code's in there, alright. Fortunately, it's hard to get OpenSSL to use it even if you want to, which mitigates the risk.

📖 Read

via "Naked Security".
14:14
⚠ Skimming the CREAM – recursive withdrawals loot $13M in cryptocash ⚠

Recursion [noun]: see recursion.

📖 Read

via "Naked Security".
?
15:33
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-22943 ‼

A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-39163 ‼

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable homeserver is in the room and untrusted users are permitted to create groups (communities). By default, only homeserver administrators can create groups. However, homeserver administrators can already access this information in the database or using the admin API. As a result, only homeservers where the configuration setting `enable_group_creation` has been set to `true` are impacted. Server administrators should upgrade to 1.41.1 or higher to patch the vulnerability. There are two potential workarounds. Server administrators can set `enable_group_creation` to `false` in their homeserver configuration (this is the default value) to prevent creation of groups by non-administrators. Administrators that are using a reverse proxy could, with partial loss of group functionality, block the endpoints `/_matrix/client/r0/groups/{group_id}/rooms` and `/_matrix/client/unstable/groups/{group_id}/rooms`.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-35223 ‼

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of ‘user string variables,� allowing remote code execution.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-22944 ‼

A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-39134 ‼

`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist's internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `"foo": "file:/some/path"`. Another package, `pwn-b` could define a dependency such as `FOO: "file:foo.tgz"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-37701 ‼

The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both `\` and `/` characters as path separators, however `\` is a valid filename character on posix systems. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. Additionally, a similar confusion could arise on case-insensitive filesystems. If a tar archive contained a directory at `FOO`, followed by a symbolic link named `foo`, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but _not_ from the internal directory cache, as it would not be treated as a cache hit. A subsequent file entry within the `FOO` directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. These issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-9r2w-394v-53qc.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-35239 ‼

A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-22684 ‼

Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-29907 ‼

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-39135 ‼

`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project's `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a `node_modules` symbolic link would have to be employed. 1. A `preinstall` script could replace `node_modules` with a symlink. (This is prevented by using `--ignore-scripts`.) 2. An attacker could supply the target with a git repository, instructing them to run `npm install --ignore-scripts` in the root. This may be successful, because `npm install --ignore-scripts` is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-3634 ‼

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-37712 ‼

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-35213 ‼

An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-21811 ‼

A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-37713 ‼

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\path`. If the drive letter does not match the extraction target, for example `D:\extraction\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory. Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path. This only affects users of `node-tar` on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-35212 ‼

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.

📖 Read

via "National Vulnerability Database".
15:33
‼ CVE-2021-39164 ‼

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter.

📖 Read

via "National Vulnerability Database".
15:34
‼ CVE-2021-22929 ‼

An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.

📖 Read

via "National Vulnerability Database".
15:34
‼ CVE-2021-35240 ‼

A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.

📖 Read

via "National Vulnerability Database".
?
16:11
🛡 Cybersecurity & Privacy news 🛡
🦿 Top 5 autonomous car roadblocks 🦿

Tom Merritt tells us the things that are getting in the way of autonomous car adoption.

📖 Read

via "Tech Republic".
16:11
🦿 Roadblocks to autonomous cars: Top 5 🦿

Tom Merritt tells us about the things that are getting in the way of autonomous car adoption.

📖 Read

via "Tech Republic".
16:11
🦿 A passwordless future isn't close: It's here 🦿

Authentication sans password is already possible and solutions are on the market from companies like Ping Identity. With passwords passé, it's time to make the leap to better security.

📖 Read

via "Tech Republic".
?
17:11
🛡 Cybersecurity & Privacy news 🛡
🦿 Identity is replacing the password: What software developers and IT pros need to know 🦿

Identity and access management is pushing application security past single-factor authentication (a password) and even multi-factor authentication to a risk management model says Ping Identity CEO.

📖 Read

via "Tech Republic".
17:11
🦿 Ping Identity CEO explains how identity and access management is replacing the password 🦿

Andre Durand, Founder and CEO of Ping Identity, talks about out how identity and access management is changing software development and application security in this Dynamic Developer episode.

📖 Read

via "Tech Republic".
17:19
❌ Proxyware Services Open Orgs to Abuse – Report ❌

Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn.

📖 Read

via "Threat Post".
17:33
‼ CVE-2021-36234 ‼

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.

📖 Read

via "National Vulnerability Database".
17:33
‼ CVE-2021-27668 ‼

HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.

📖 Read

via "National Vulnerability Database".
17:33
‼ CVE-2021-40085 ‼

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.

📖 Read

via "National Vulnerability Database".
17:33
‼ CVE-2021-39176 ‼

detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1.

📖 Read

via "National Vulnerability Database".
17:33
‼ CVE-2021-37794 ‼

A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.

📖 Read

via "National Vulnerability Database".
17:33
‼ CVE-2021-36231 ‼

Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.

📖 Read

via "National Vulnerability Database".
17:33
‼ CVE-2021-36232 ‼

Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.

📖 Read

via "National Vulnerability Database".
17:33
‼ CVE-2021-36233 ‼

The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.

📖 Read

via "National Vulnerability Database".
17:33
‼ CVE-2021-39180 ‼

OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the tomcat user). Depending on the configuration this can be limited to files of the OpenOlat user data directory, however, if not properly set up, the attack could also be used to overwrite application server config files, java code or even operating system files. The attack could be used to corrupt or modify any OpenOlat file such as course structures, config files or temporary test data. Those attack would require in-depth knowledge of the installation and thus more theoretical. If the app server configuration allows the execution of jsp files and the path to the context is known, it is also possible to execute java code. If the app server runs with the same user that is used to deploy the OpenOlat code or has write permissions on the OpenOlat code files and the path to the context is know, code injection is possible. The attack requires an OpenOlat user account to upload a ZIP file and trigger the unzip method. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3 and 16.0.0. There are no known workarounds aside from upgrading.

📖 Read

via "National Vulnerability Database".
?
17:49
🛡 Cybersecurity & Privacy news 🛡
❌ Cream Finance DeFi Platform Rooked For $29M ❌

Cream is latest DeFi platform to get fleeced in rash of attacks.

📖 Read

via "Threat Post".
17:49
❌ Fortress Home Security Open to Remote Disarmament ❌

A pair of unpatched security vulnerabilities can allow unauthenticated cyberattackers to turn off window, door and motion-sensor monitoring.

📖 Read

via "Threat Post".
?
18:41
🛡 Cybersecurity & Privacy news 🛡
🦿 Don't forget to evaluate soft skills when hiring for cybersecurity positions 🦿

Soft skills are just as important, if not more so, than technical skills in cybersecurity professionals. People with soft skills can be trained in tech skills, expert says.

📖 Read

via "Tech Republic".
?
19:33
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-22029 ‼

VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting.

📖 Read

via "National Vulnerability Database".
?
21:33
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-22002 ‼

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.

📖 Read

via "National Vulnerability Database".
21:34
‼ CVE-2021-22003 ‼

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.

📖 Read

via "National Vulnerability Database".
21:34
‼ CVE-2020-20490 ‼

A heap buffer-overflow in the client_example1.c component of libiec_iccp_mod v1.5 leads to a denial of service (DOS).

📖 Read

via "National Vulnerability Database".
21:34
‼ CVE-2020-20486 ‼

IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10x_Sta_Addr.

📖 Read

via "National Vulnerability Database".
1 September 2021
?
07:34
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-37415 ‼

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

📖 Read

via "National Vulnerability Database".
07:34
‼ CVE-2021-39109 ‼

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.

📖 Read

via "National Vulnerability Database".
07:34
‼ CVE-2021-33582 ‼

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

📖 Read

via "National Vulnerability Database".
?
09:20
🛡 Cybersecurity & Privacy news 🛡
❌ Feds Warn of Ransomware Attacks Ahead of Labor Day ❌

Threat actors recently have used long holiday weekends -- when many staff are taking time off -- as a prime opportunity to ambush organizations.

📖 Read

via "Threat Post".
?
09:35
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2020-9000 ‼

An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send a sequence of requests to rapidly cause .NET Input Validation errors. This increases the size of the log file on the remote server until memory is exhausted, therefore consuming the maximum amount of resources (triggering a denial of service condition).

📖 Read

via "National Vulnerability Database".
09:36
‼ CVE-2020-9002 ‼

An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to UserRoleKey=DOMAIN_ADMIN (to achieve Domain Administrator access).

📖 Read

via "National Vulnerability Database".
?
11:50
🛡 Cybersecurity & Privacy news 🛡
❌ BEC Scammers Seek Native English Speakers on Underground ❌

Cybercrooks are posting help-wanted ads on dark web forums, promising to do the technical work of compromising email accounts but looking for native English speakers to carry out the social-engineering part of these lucrative scams.

📖 Read

via "Threat Post".
?
13:20
🛡 Cybersecurity & Privacy news 🛡
❌ LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files ❌

The ransomware gang claims to have pulled off successful attacks against two airlines and one airport with help from its Accenture attack.

📖 Read

via "Threat Post".
13:34
‼ CVE-2021-36042 ‼

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-36032 ‼

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-36053 ‼

XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-36054 ‼

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-36066 ‼

Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-36058 ‼

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-36068 ‼

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-36069 ‼

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-39170 ‼

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-36072 ‼

Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-36077 ‼

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-36075 ‼

Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overflow vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-39166 ‼

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-39816 ‼

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-36079 ‼

Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-36076 ‼

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-39847 ‼

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-36057 ‼

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-36073 ‼

Adobe Bridge version 11.1 (and earlier) is affected by a heap-based buffer overflow vulnerability when parsing a crafted .SGI file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
13:35
‼ CVE-2021-39320 ‼

The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.

📖 Read

via "National Vulnerability Database".
13:40
‼ CVE-2021-36002 ‼

Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer.

📖 Read

via "National Vulnerability Database".
13:40
‼ CVE-2021-36029 ‼

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.

📖 Read

via "National Vulnerability Database".
13:40
‼ CVE-2021-36049 ‼

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

📖 Read

via "National Vulnerability Database".
13:40
‼ CVE-2021-23426 ‼

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.

📖 Read

via "National Vulnerability Database".
13:40
‼ CVE-2021-36056 ‼

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

📖 Read

via "National Vulnerability Database".
13:40
‼ CVE-2021-40350 ‼

webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate.

📖 Read

via "National Vulnerability Database".
13:41
‼ CVE-2021-36048 ‼

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

📖 Read

via "National Vulnerability Database".
13:41
‼ CVE-2021-35215 ‼

Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.

📖 Read

via "National Vulnerability Database".
13:41
‼ CVE-2021-36044 ‼

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field.

📖 Read

via "National Vulnerability Database".
13:41
‼ CVE-2021-36064 ‼

XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
13:41
‼ CVE-2021-36074 ‼

Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
13:41
‼ CVE-2021-36070 ‼

Adobe Media Encoder version 15.1 (and earlier) is affected by an improper memory access vulnerability when parsing a crafted .SVG file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
13:41
‼ CVE-2021-36037 ‼

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.

📖 Read

via "National Vulnerability Database".
13:41
‼ CVE-2021-36052 ‼

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

📖 Read

via "National Vulnerability Database".
?
15:20
🛡 Cybersecurity & Privacy news 🛡
❌ Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites ❌

Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned.

📖 Read

via "Threat Post".
15:26
🔏 Why our Agent Integration with Microsoft Information Protection is Valuable for Enterprise Data Protection 🔏

Learn how Digital Guardian's integration with Microsoft Information Protection can help educate and enforce proper labeling and handling of data.

📖 Read

via "".
15:34
‼ CVE-2021-29851 ‼

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527.

📖 Read

via "National Vulnerability Database".
15:34
‼ CVE-2021-29853 ‼

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.

📖 Read

via "National Vulnerability Database".
15:34
‼ CVE-2021-29852 ‼

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528.

📖 Read

via "National Vulnerability Database".
?
19:35
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-40385 ‼

An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin.

📖 Read

via "National Vulnerability Database".
19:35
‼ CVE-2020-20340 ‼

A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.

📖 Read

via "National Vulnerability Database".
19:35
‼ CVE-2021-39181 ‼

OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the attacker. The attack requires an OpenOlat user account with the authoring role. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3, and 16.0.0. There are no known workarounds aside from upgrading.

📖 Read

via "National Vulnerability Database".
19:35
‼ CVE-2021-39186 ‼

GlobalNewFiles is a package in Miraheze, a wiki hosting service. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a workaround, one may disallow <,> (or other characters required to insert html/js) from being used in account names so an XSS is not possible.

📖 Read

via "National Vulnerability Database".
19:35
‼ CVE-2021-39185 ‼

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null Origin Attack. The problem is fixed in 0.21.27, 0.22.3, 0.23.2, and 1.0.0-M25. The original `CORS` implementation and `CORSConfig` are deprecated. See the GitHub GHSA for more information, including code examples and workarounds.

📖 Read

via "National Vulnerability Database".
19:35
‼ CVE-2020-20341 ‼

YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.

📖 Read

via "National Vulnerability Database".
19:35
‼ CVE-2021-40387 ‼

An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution.

📖 Read

via "National Vulnerability Database".
2 September 2021
?
02:35
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-34733 ‼

A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.

📖 Read

via "National Vulnerability Database".
02:35
‼ CVE-2021-34759 ‼

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need valid administrative credentials.

📖 Read

via "National Vulnerability Database".
02:35
‼ CVE-2021-31797 ‼

The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure.

📖 Read

via "National Vulnerability Database".
02:35
‼ CVE-2021-34746 ‼

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.

📖 Read

via "National Vulnerability Database".
02:35
‼ CVE-2021-31798 ‼

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files.

📖 Read

via "National Vulnerability Database".
02:35
‼ CVE-2021-31796 ‼

An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36.

📖 Read

via "National Vulnerability Database".
02:35
‼ CVE-2021-34765 ‼

A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information.

📖 Read

via "National Vulnerability Database".
02:35
‼ CVE-2021-34732 ‼

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

📖 Read

via "National Vulnerability Database".
?
08:50
🛡 Cybersecurity & Privacy news 🛡
❌ Digital State IDs Start Rollouts Despite Privacy Concerns ❌

Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.

📖 Read

via "Threat Post".
?
09:50
🛡 Cybersecurity & Privacy news 🛡
❌ WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted ❌

Users should be careful whose pics they view and should, of course, update their apps.

📖 Read

via "Threat Post".
?
10:20
🛡 Cybersecurity & Privacy news 🛡
❌ 7 Ways to Defend Mobile Apps, APIs from Cyberattacks ❌

David Stewart, CEO, Approov, discusses the top mobile attack routes the bad guys use and the best defenses organizations can deploy against them.

📖 Read

via "Threat Post".
?
11:36
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-3757 ‼

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

📖 Read

via "National Vulnerability Database".
11:36
‼ CVE-2021-3758 ‼

bookstack is vulnerable to Server-Side Request Forgery (SSRF)

📖 Read

via "National Vulnerability Database".
11:42
🦿 FBI and CISA warn of potential cyberattacks this holiday weekend, citing past trends 🦿

The Labor Day holiday could be prime time for more than just barbecues and closing the pool for the year as the open season on ransomware continues.

📖 Read

via "Tech Republic".
?
12:50
🛡 Cybersecurity & Privacy news 🛡
❌ Cisco Patches Critical Authentication Bug With Public Exploit ❌

There's proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn't seen any malicious exploit yet.

📖 Read

via "Threat Post".
?
13:12
🛡 Cybersecurity & Privacy news 🛡
🦿 Execs don't sound very confident about long-term network security in the WFH era 🦿

After a somewhat clunky initial switch to remote work, it looks like hybrid offices are here to stay; at least for now. But a new report highlights concerns about the long-term resiliency of remote networks.

📖 Read

via "Tech Republic".
13:20
❌ Google Play Sign-Ins Allow Covert Location-Tracking ❌

A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.

📖 Read

via "Threat Post".
?
13:36
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-33928 ‼

Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

📖 Read

via "National Vulnerability Database".
13:36
‼ CVE-2021-33938 ‼

Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

📖 Read

via "National Vulnerability Database".
13:36
‼ CVE-2021-33929 ‼

Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

📖 Read

via "National Vulnerability Database".
13:36
‼ CVE-2021-33930 ‼

Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

📖 Read

via "National Vulnerability Database".
?
14:13
🛡 Cybersecurity & Privacy news 🛡
⚠ Pwned! The home security system that can be hacked with your email address ⚠

The alarm system that can be turned off with your email address.

📖 Read

via "Naked Security".
14:13
⚠ Skimming the CREAM – recursive withdrawals loot $13M in cryptocash ⚠

Recursion [noun]: see recursion.

📖 Read

via "Naked Security".
?
14:57
🛡 Cybersecurity & Privacy news 🛡
🔏 WhatsApp Fined $267 Million for Breaching GDPR 🔏

The sum, the second highest GDPR fine to date, stems from a 2018 investigation into the company's data privacy practices.

📖 Read

via "".
?
15:36
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-22791 ‼

A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

📖 Read

via "National Vulnerability Database".
15:36
‼ CVE-2021-35996 ‼

Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:36
‼ CVE-2021-22775 ‼

A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software.

📖 Read

via "National Vulnerability Database".
15:36
‼ CVE-2021-39322 ‼

The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.

📖 Read

via "National Vulnerability Database".
15:36
‼ CVE-2021-21086 ‼

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:36
‼ CVE-2021-28565 ‼

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:36
‼ CVE-2021-35995 ‼

Adobe After Effects version 18.2.1 (and earlier) is affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:36
‼ CVE-2021-22525 ‼

This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1

📖 Read

via "National Vulnerability Database".
15:36
‼ CVE-2021-36019 ‼

Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:36
‼ CVE-2021-22792 ‼

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

📖 Read

via "National Vulnerability Database".
15:37
‼ CVE-2021-28557 ‼

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to leak sensitive system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:37
‼ CVE-2021-36018 ‼

Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:37
‼ CVE-2021-28560 ‼

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:37
‼ CVE-2021-28561 ‼

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:37
‼ CVE-2021-28564 ‼

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:37
‼ CVE-2021-28553 ‼

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:37
‼ CVE-2021-28550 ‼

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:37
‼ CVE-2021-22789 ‼

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

📖 Read

via "National Vulnerability Database".
15:37
‼ CVE-2020-13929 ‼

Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

📖 Read

via "National Vulnerability Database".
15:37
‼ CVE-2021-28558 ‼

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:51
❌ Bluetooth Bugs Open Billions of Devices to DoS, Code Execution ❌

The BrakTooth set of security vulnerabilities impacts at least 11 vendors' chipsets.

📖 Read

via "Threat Post".
?
17:21
🛡 Cybersecurity & Privacy news 🛡
❌ SpyFone & CEO Banned From Stalkerware Biz ❌

The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data.

📖 Read

via "Threat Post".
?
17:37
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2020-18048 ‼

An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field.

📖 Read

via "National Vulnerability Database".
?
18:51
🛡 Cybersecurity & Privacy news 🛡
❌ NFT Collector Tricked into Buying Fake Banksy  ❌

An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money.

📖 Read

via "Threat Post".
?
19:36
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-34436 ‼

In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default.

📖 Read

via "National Vulnerability Database".
?
21:36
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-38641 ‼

Microsoft Edge for Android Spoofing Vulnerability

📖 Read

via "National Vulnerability Database".
21:36
‼ CVE-2021-38642 ‼

Microsoft Edge for iOS Spoofing Vulnerability

📖 Read

via "National Vulnerability Database".
21:36
‼ CVE-2021-26439 ‼

Microsoft Edge for Android Information Disclosure Vulnerability

📖 Read

via "National Vulnerability Database".
21:36
‼ CVE-2021-26436 ‼

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930.

📖 Read

via "National Vulnerability Database".
21:36
‼ CVE-2021-36930 ‼

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436.

📖 Read

via "National Vulnerability Database".
3 September 2021
?
08:51
🛡 Cybersecurity & Privacy news 🛡
❌ Brute-Force Attacks Target Inboxes for Gift Card Data ❌

Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data.

📖 Read

via "Threat Post".
?
09:14
🛡 Cybersecurity & Privacy news 🛡
⚠ S3 Ep48: Cryptographic bugs, cryptocurrency nightmares, and lots of phishing [Podcast] ⚠

Latest episode - listen now!

📖 Read

via "Naked Security".
09:14
⚠ Pwned! The home security system that can be hacked with your email address ⚠

The alarm system that can be turned off with your email address.

📖 Read

via "Naked Security".
?
12:27
🛡 Cybersecurity & Privacy news 🛡
🔏 Friday Five 9/3 🔏

How not to get hacked, a $9 million ransomware attack, and the FTC cracks down on a spyware app - catch up on the infosec news of the week with the Friday Five!

📖 Read

via "".
12:38
🛠 Clam AntiVirus Toolkit 0.104.0 🛠

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

📖 Read

via "Packet Storm Security".
12:38
🛠 SQLMAP - Automatic SQL Injection Tool 1.5.9 🛠

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

📖 Read

via "Packet Storm Security".
12:38
🛠 nfstream 6.3.4 🛠

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

📖 Read

via "Packet Storm Security".
?
13:26
🛡 Cybersecurity & Privacy news 🛡
❌ The State of Incident Response: Measuring Risk and Evaluating Your Preparedness ❌

Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster.

📖 Read

via "Threat Post".
13:26
❌ FIN7 Capitalizes on Windows 11 Release in Latest Gambit ❌

The financially motivated group looked to steal payment-card data from a California-based point-of-sale service provider.

📖 Read

via "Threat Post".
13:37
‼ CVE-2021-39192 ‼

Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround.

📖 Read

via "National Vulnerability Database".
13:37
‼ CVE-2021-39191 ‼

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version.

📖 Read

via "National Vulnerability Database".
?
14:43
🛡 Cybersecurity & Privacy news 🛡
🦿 How to install fail2ban on Rocky Linux and AlmaLinux 🦿

Fail2ban should be on every one of your Linux servers. If you've yet to install it on either Rocky Linux or AlmaLinux, Jack Wallen is here to help you out with that.

📖 Read

via "Tech Republic".
?
15:37
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-23437 ‼

The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

📖 Read

via "National Vulnerability Database".
15:37
‼ CVE-2021-40492 ‼

A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).

📖 Read

via "National Vulnerability Database".
5 September 2021
?
13:39
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-23439 ‼

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file).

📖 Read

via "National Vulnerability Database".
?
17:39
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-40524 ‼

In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value.

📖 Read

via "National Vulnerability Database".
17:39
‼ CVE-2021-40516 ‼

WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.

📖 Read

via "National Vulnerability Database".
17:39
‼ CVE-2021-40523 ‼

In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of service. Specifically, a server sometimes sends no response, because a fixed buffer space is available for all responses and that space may have been exhausted.

📖 Read

via "National Vulnerability Database".
6 September 2021
?
09:40
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-24588 ‼

The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin's setting page.

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24590 ‼

The Cookie Notice & Consent Banner for GDPR & CCPA Compliance WordPress plugin before 1.7.2 does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options.

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24303 ‼

The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24394 ‼

An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24603 ‼

The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24591 ‼

The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24599 ‼

The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data.

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24395 ‼

The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24513 ‼

The Form Builder | Create Responsive Contact Forms WordPress plugin before 1.9.8.4 does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24390 ‼

A proid GET parameter of the WordPress�付�Alipay|财付通Tenpay|��PayPal集��件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24392 ‼

An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24393 ‼

A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24391 ‼

An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24601 ‼

The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24611 ‼

The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF attack.

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24517 ‼

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfiltered_html capability is disallowed

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24568 ‼

The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

📖 Read

via "National Vulnerability Database".
09:40
‼ CVE-2021-24435 ‼

The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues

📖 Read

via "National Vulnerability Database".
?
10:14
🛡 Cybersecurity & Privacy news 🛡
🦿 Cybersecurity: Watch out for these unique fraudster tricks Loki would be proud of 🦿

Online fraud is getting sneakier and stealthier as mischievous operatives evolve their techniques. Learn some of the unique tricks afoot today and how to spot them.

📖 Read

via "Tech Republic".
?
11:40
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-25735 ‼

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.

📖 Read

via "National Vulnerability Database".
11:40
‼ CVE-2021-3768 ‼

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

📖 Read

via "National Vulnerability Database".
11:40
‼ CVE-2021-32568 ‼

mrdoc is vulnerable to Deserialization of Untrusted Data

📖 Read

via "National Vulnerability Database".
11:40
‼ CVE-2021-3770 ‼

vim is vulnerable to Heap-based Buffer Overflow

📖 Read

via "National Vulnerability Database".
11:40
‼ CVE-2021-3766 ‼

objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

📖 Read

via "National Vulnerability Database".
11:40
‼ CVE-2021-25737 ‼

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.

📖 Read

via "National Vulnerability Database".
11:40
‼ CVE-2021-36744 ‼

Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.

📖 Read

via "National Vulnerability Database".
11:40
‼ CVE-2021-3767 ‼

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

📖 Read

via "National Vulnerability Database".
11:53
❌ IoT Attacks Skyrocket, Doubling in 6 Months ❌

The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets.

📖 Read

via "Threat Post".
?
12:45
🛡 Cybersecurity & Privacy news 🛡
⚠ Poisoned proxy PACs! The NPM package with a network-wide security hole… ⚠

3,000,000 downloads a week... if only they'd read the fastitidous manual!

📖 Read

via "Naked Security".
12:53
❌ Human Fraud: Detecting Them Before They Detect You ❌

Tony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack.

📖 Read

via "Threat Post".
?
13:40
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-36094 ‼

It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.

📖 Read

via "National Vulnerability Database".
13:40
‼ CVE-2021-36096 ‼

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.

📖 Read

via "National Vulnerability Database".
13:40
‼ CVE-2021-36093 ‼

It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.

📖 Read

via "National Vulnerability Database".
13:40
‼ CVE-2021-36095 ‼

Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.

📖 Read

via "National Vulnerability Database".
?
19:41
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-40531 ‼

Sketch before 75 mishandles external library feeds.

📖 Read

via "National Vulnerability Database".
19:41
‼ CVE-2021-40532 ‼

Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension.

📖 Read

via "National Vulnerability Database".
7 September 2021
?
02:16
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-40540 ‼

ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests.

📖 Read

via "National Vulnerability Database".
?
07:17
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-31611 ‼

The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-34144 ‼

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-33483 ‼

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-31609 ‼

The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-31613 ‼

The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-34148 ‼

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-34146 ‼

The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-34149 ‼

The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after the paging procedure.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-39278 ‼

Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-28136 ‼

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-33484 ‼

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user's ID and username. These values can be used as part of the comment posting request in order to spoof the user.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-33831 ‼

api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-34145 ‼

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-28155 ‼

The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-28139 ‼

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-31612 ‼

The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-31786 ‼

The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-38840 ‼

SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-34147 ‼

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress.

📖 Read

via "National Vulnerability Database".
07:17
‼ CVE-2021-34150 ‼

The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity.

📖 Read

via "National Vulnerability Database".
?
09:54
🛡 Cybersecurity & Privacy news 🛡
❌ Authorities Arrest Another TrickBot Gang Member in South Korea ❌

A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions.

📖 Read

via "Threat Post".
?
11:17
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-37717 ‼

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2019-5318 ‼

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-37723 ‼

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-37731 ‼

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-37724 ‼

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-38698 ‼

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-33599 ‼

A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-37722 ‼

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-37218 ‼

HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-37721 ‼

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-38615 ‼

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-36717 ‼

In order to perform a directory traversal attack, all an attacker needs is a web browser and some knowledge on where to blindly find any default files and directories on the system. on the "Name" parameter the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2020-7877 ‼

A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-37718 ‼

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-37720 ‼

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-37733 ‼

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-37725 ‼

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-38617 ‼

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-38616 ‼

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.

📖 Read

via "National Vulnerability Database".
11:17
‼ CVE-2021-37219 ‼

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.

📖 Read

via "National Vulnerability Database".
?
12:16
🛡 Cybersecurity & Privacy news 🛡
⚠ Poisoned proxy PACs! The NPM package with a network-wide security hole… ⚠

3,000,000 downloads a week... if only they'd read the fastidious manual!

📖 Read

via "Naked Security".
?
13:11
🛡 Cybersecurity & Privacy news 🛡
🛠 Packet Fence 11.0.0 🛠

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

📖 Read

via "Packet Storm Security".
13:11
🛠 Samhain File Integrity Checker 4.4.6 🛠

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

📖 Read

via "Packet Storm Security".
13:17
‼ CVE-2021-39254 ‼

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2020-7865 ‼

A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-33285 ‼

In Tuxera ntfs-3g versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-27022 ‼

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-39263 ‼

A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-39260 ‼

A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-39258 ‼

A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-33289 ‼

In Tuxera NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-39257 ‼

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-39262 ‼

A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-39259 ‼

A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-39252 ‼

A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-33287 ‼

Tuxera NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-33286 ‼

In Tuxera NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-35266 ‼

In Tuxera NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2020-19131 ‼

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-39261 ‼

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2020-7832 ‼

A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-35268 ‼

Tuxera NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

📖 Read

via "National Vulnerability Database".
13:17
‼ CVE-2021-39255 ‼

A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.

📖 Read

via "National Vulnerability Database".
13:25
❌ ProtonMail Forced to Log IP Address of French Activist ❌

The privacy-touting, end-to-end encrypted email provider erased its site's “we don’t log your IP” boast after France sicced Swiss cops on it.

📖 Read

via "Threat Post".
13:25
❌ Jenkins Hit as Atlassian Confluence Cyberattacks Widen ❌

Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed.

📖 Read

via "Threat Post".
?
13:45
🛡 Cybersecurity & Privacy news 🛡
🦿 How to control activity tracking by apps on your iPhone or iPad 🦿

You can tell iOS and iPadOS apps not to track your activity. Here's how.

📖 Read

via "Tech Republic".
?
15:17
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-40539 ‼

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

📖 Read

via "National Vulnerability Database".
15:17
‼ CVE-2021-38123 ‼

Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication.

📖 Read

via "National Vulnerability Database".
?
17:22
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-39197 ‼

better_errors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. better_errors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with better_errors enabled open to cross-origin attacks. As a developer tool, better_errors documentation strongly recommends addition only to the `development` bundle group, so this vulnerability should only affect development environments. Please ensure that your project limits better_errors to the `development` group (or the non-Rails equivalent). Starting with release 2.8.x, CSRF protection is enforced. It is recommended that you upgrade to the latest release, or minimally to "~> 2.8.3". There are no known workarounds to mitigate the risk of using older releases of better_errors.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-38142 ‼

Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-39195 ‼

Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been fixed in 12.90.0. However, if you are using a proxy, you will need to take additional measures. As a workaround this exploit may be avoided by appropriately restricting access to private networks from the host where the application is running.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-35947 ‼

The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-39196 ‼

pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filters can effectively limit the scope of information that a user can see in the data captures. If no filter is present, then all data on the local network segment where the program is running can be captured and downloaded. v3.12 fixes this problem. There is no workaround, you must upgrade to v3.12 or greater.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-39199 ‼

remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitrary HTML can be passed through leading to potential XSS attacks. The problem has been patched in 13.0.2 and 14.0.1: `remark-html` is now safe by default, and the implementation matches the documentation. On older affected versions, pass `sanitize: true` if you cannot update.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-35949 ‼

The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.

📖 Read

via "National Vulnerability Database".
?
17:55
🛡 Cybersecurity & Privacy news 🛡
❌ Netgear Smart Switches Open to Complete Takeover ❌

The Demon's Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks.

📖 Read

via "Threat Post".
?
19:22
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-37629 ‼

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled.

📖 Read

via "National Vulnerability Database".
19:22
‼ CVE-2021-39499 ‼

A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.

📖 Read

via "National Vulnerability Database".
19:22
‼ CVE-2021-39496 ‼

Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.

📖 Read

via "National Vulnerability Database".
19:22
‼ CVE-2021-35946 ‼

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.

📖 Read

via "National Vulnerability Database".
19:22
‼ CVE-2021-32766 ‼

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with "Upload Only" privileges. (aka "File Drop"). A link share recipient is not expected to see which folders or files exist in a "File Drop" share. Using this vulnerability an attacker is able to enumerate folders in such a share. Exploitation requires that the attacker has access to a valid affected "File Drop" link share. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.0.1. Users who are unable to upgrade are advised to disable the Nextcloud Text application in the app settings.

📖 Read

via "National Vulnerability Database".
19:22
‼ CVE-2020-19752 ‼

The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.

📖 Read

via "National Vulnerability Database".
19:22
‼ CVE-2021-38706 ‼

messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter.

📖 Read

via "National Vulnerability Database".
19:22
‼ CVE-2021-38707 ‼

Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft.

📖 Read

via "National Vulnerability Database".
19:22
‼ CVE-2021-39503 ‼

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.

📖 Read

via "National Vulnerability Database".
19:22
‼ CVE-2021-35948 ‼

Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.

📖 Read

via "National Vulnerability Database".
19:22
‼ CVE-2020-19751 ‼

An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.

📖 Read

via "National Vulnerability Database".
19:22
‼ CVE-2021-37631 ‼

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access to boards that have been shared with a Circle, even if the user was not a member of the circle. It is recommended that Nextcloud Deck is upgraded to 1.5.1, 1.4.4 or 1.2.9. If you are unable to update it is advised to disable the Deck plugin.

📖 Read

via "National Vulnerability Database".
19:22
‼ CVE-2021-37630 ‼

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is upgraded to 0.19.15, 0.20.11 or 0.21.4. There are no workarounds for this issue.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-32782 ‼

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Circles application is upgraded to 0.21.3, 0.20.10 or 0.19.14 to resolve this issue. As a workaround users may use a browser that has support for Content-Security-Policy. A notable exemption is Internet Explorer which does not support CSP properly.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-37628 ‼

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-39194 ‼

kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service. This only affects applications that use polymorphic serialization with the default tagged polymorphism style. Applications using the property polymorphism style are not affected. YAML input for a polymorphic type that provided a tag but no value for the object would trigger the issue. Version 0.35.3 or later contain the fix for this issue.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-38704 ‼

Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-39500 ‼

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2020-19750 ‼

An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-38705 ‼

ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker.

📖 Read

via "National Vulnerability Database".
?
20:25
🛡 Cybersecurity & Privacy news 🛡
❌ Ragnar Locker Gang Warns Victims Not to Call the FBI ❌

Investigators/the FBI/ransomware negotiators just screw everything up, the ransomware gang said, threatening to publish files if victims look for help.

📖 Read

via "Threat Post".
?
21:22
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-32801 ‼

Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2020-19767 ‼

A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2020-19768 ‼

A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2021-32800 ‼

Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2020-19769 ‼

A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2020-19766 ‼

The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2021-32802 ‼

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several security concerns with passing user-generated content to this library, such as Server-Side-Request-Forgery, file disclosure or potentially executing code on the system. The risk depends on your system configuration and the installed library version. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. These versions do not use this library anymore. As a workaround users may disable previews by setting `enable_previews` to `false` in `config.php`.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2021-37145 ‼

** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-19765 ‼

An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack.

📖 Read

via "National Vulnerability Database".
8 September 2021
?
10:45
🛡 Cybersecurity & Privacy news 🛡
🦿 Why your IoT devices may be vulnerable to malware 🦿

Only 33% of users surveyed by NordPass changed the default passwords on their IoT devices, leaving the rest susceptible to attack.

📖 Read

via "Tech Republic".
?
11:28
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2020-11264 ‼

Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

📖 Read

via "National Vulnerability Database".
11:28
‼ CVE-2021-1928 ‼

Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
11:28
‼ CVE-2021-1919 ‼

Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
11:28
‼ CVE-2021-1930 ‼

Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

📖 Read

via "National Vulnerability Database".
11:28
‼ CVE-2021-1923 ‼

Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT

📖 Read

via "National Vulnerability Database".
11:28
‼ CVE-2020-11301 ‼

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
11:28
‼ CVE-2021-1914 ‼

Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
11:28
‼ CVE-2021-1904 ‼

Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
11:28
‼ CVE-2021-1972 ‼

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
11:28
‼ CVE-2021-1929 ‼

Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
11:28
‼ CVE-2021-1916 ‼

Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
11:28
‼ CVE-2021-1920 ‼

Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
11:28
‼ CVE-2021-36695 ‼

Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in the download file feature on a manager profile due to lack of input validation.

📖 Read

via "National Vulnerability Database".
?
11:45
🛡 Cybersecurity & Privacy news 🛡
🦿 REvil ransomware gang may be back in town 🦿

Sites used by the infamous cybercrime group have mysteriously come back to life. Does that mean it's back in business after a brief respite?

📖 Read

via "Tech Republic".
?
13:28
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-1808 ‼

A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-1784 ‼

A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-1812 ‼

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-30698 ‼

A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-30719 ‼

A local user may be able to cause unexpected system termination or read kernel memory. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. An out-of-bounds read issue was addressed by removing the vulnerable code.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-30673 ‼

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to access a user's call history.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-30707 ‼

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-1816 ‼

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to execute arbitrary code with kernel privileges.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-1809 ‼

A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-1883 ‼

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-30796 ‼

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously crafted image may lead to a denial of service.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-30669 ‼

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may bypass Gatekeeper checks.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-1833 ‼

This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to gain elevated privileges.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-30706 ‼

Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. This issue was addressed with improved checks.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-1862 ‼

Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-1813 ‼

A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-1831 ‼

The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-1828 ‼

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An application may be able to cause unexpected system termination or write kernel memory.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-30664 ‼

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution.

📖 Read

via "National Vulnerability Database".
13:28
‼ CVE-2021-1881 ‼

An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code execution.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30665 ‼

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30739 ‼

A local attacker may be able to elevate their privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A memory corruption issue was addressed with improved validation.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30685 ‼

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-1865 ‼

An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30659 ‼

A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user information.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30709 ‼

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30687 ‼

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30805 ‼

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-1872 ‼

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. Muting a CallKit call while ringing may not result in mute being enabled.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30735 ‼

A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30722 ‼

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-21996 ‼

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30803 ‼

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access a user’s recent Contacts.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30749 ‼

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30778 ‼

This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to bypass Privacy preferences.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30772 ‼

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30655 ‼

An application may be able to execute arbitrary code with system privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. The issue was addressed with improved permissions logic.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-1853 ‼

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30763 ‼

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.7, watchOS 7.6. A shortcut may be able to bypass Internet permission requirements.

📖 Read

via "National Vulnerability Database".
13:34
‼ CVE-2021-30691 ‼

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

📖 Read

via "National Vulnerability Database".
13:38
‼ CVE-2021-1810 ‼

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks.

📖 Read

via "National Vulnerability Database".
13:38
‼ CVE-2021-30728 ‼

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges.

📖 Read

via "National Vulnerability Database".
13:38
‼ CVE-2021-30689 ‼

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.

📖 Read

via "National Vulnerability Database".
13:38
‼ CVE-2021-30783 ‼

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions.

📖 Read

via "National Vulnerability Database".
13:38
‼ CVE-2021-30752 ‼

Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An out-of-bounds read was addressed with improved input validation.

📖 Read

via "National Vulnerability Database".
13:38
‼ CVE-2021-30723 ‼

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

📖 Read

via "National Vulnerability Database".
13:38
‼ CVE-2021-1861 ‼

An issue existed in determining cache occupancy. The issue was addressed through improved logic. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to track users by setting state in a cache.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-30679 ‼

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An application may be able to gain elevated privileges.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-1820 ‼

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-30800 ‼

This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-30717 ‼

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-30798 ‼

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass certain Privacy preferences.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-30748 ‼

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-30690 ‼

Multiple issues in apache were addressed by updating apache to version 2.4.46. This issue is fixed in Security Update 2021-004 Mojave. Multiple issues in apache.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-30696 ‼

An attacker in a privileged network position may be able to misrepresent application state. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A logic issue was addressed with improved state management.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-30692 ‼

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-30683 ‼

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application could execute arbitrary code leading to compromise of user information.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-30666 ‼

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-30693 ‼

A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-30734 ‼

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.

📖 Read

via "National Vulnerability Database".
13:42
‼ CVE-2021-1843 ‼

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.

📖 Read

via "National Vulnerability Database".
13:43
‼ CVE-2021-30741 ‼

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.

📖 Read

via "National Vulnerability Database".
13:43
‼ CVE-2021-28580 ‼

Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffer overflow vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
13:43
‼ CVE-2021-30759 ‼

A stack overflow was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.

📖 Read

via "National Vulnerability Database".
13:43
‼ CVE-2021-30756 ‼

A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions.

📖 Read

via "National Vulnerability Database".
13:43
‼ CVE-2021-1874 ‼

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to execute arbitrary code with kernel privileges.

📖 Read

via "National Vulnerability Database".
13:43
‼ CVE-2021-30729 ‼

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results.

📖 Read

via "National Vulnerability Database".
13:45
‼ CVE-2021-1836 ‼

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files.

📖 Read

via "National Vulnerability Database".
13:45
‼ CVE-2021-1852 ‼

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory.

📖 Read

via "National Vulnerability Database".
13:48
⚠ Windows zero-day MSHTML attack – how not to get booby trapped! ⚠

Zero-day bug in MSHTML, the "mini-Internet Explorer" component of Windows, triggered by booby trapped Office files.

📖 Read

via "Naked Security".
?
14:15
🛡 Cybersecurity & Privacy news 🛡
🦿 Microsoft warns of attacks targeting Office documents 🦿

Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents.

📖 Read

via "Tech Republic".
14:25
❌ TeamTNT’s New Tools Target Multiple OS ❌

The attackers are indiscriminately striking thousands of victims worldwide with their new “Chimaera” campaign.

📖 Read

via "Threat Post".
?
14:55
🛡 Cybersecurity & Privacy news 🛡
❌ Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports ❌

Australian immunization app bug lets attackers fake vaccine status.

📖 Read

via "Threat Post".
?
15:45
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-28566 ‼

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-3053 ‼

An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-40346 ‼

An integer overflow exists in HAProxy 2.0 through 2.5 in the htx_add_header() can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-33981 ‼

An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-28567 ‼

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-3049 ‼

An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-33982 ‼

An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-21897 ‼

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-21104 ‼

Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-3051 ‼

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-3055 ‼

An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.6. This issue does not affect Prisma Access.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-28569 ‼

Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-21103 ‼

Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-3052 ‼

A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2020-24672 ‼

A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-21105 ‼

Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
15:45
‼ CVE-2021-35526 ‼

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).

📖 Read

via "National Vulnerability Database".
15:46
‼ CVE-2021-3054 ‼

A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7; PAN-OS 10.1 versions earlier than PAN-OS 10.1.2. This issue does not affect Prisma Access.

📖 Read

via "National Vulnerability Database".
15:46
‼ CVE-2021-28732 ‼

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-28372. Reason: This candidate is a duplicate of CVE-2021-28372. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2021-28372 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

📖 Read

via "National Vulnerability Database".
15:46
🔏 Mitigations Available for Latest Office Zero Day 🔏

There's no patch yet but Microsoft has released a workaround to mitigate the latest zero day, a vulnerability announced this week in WIndows 10 and Windows Server.

📖 Read

via "".
?
16:25
🛡 Cybersecurity & Privacy news 🛡
❌ Tooling Network Detection & Response for Ransomware ❌

Justin Jett, director of audit and compliance at Plixer, discusses how to effectively use network flow data in the fight against ransomware.

📖 Read

via "Threat Post".
?
16:45
🛡 Cybersecurity & Privacy news 🛡
🦿 Cybersecurity: Try machine learning to detect threats 🦿

Making predictions about data is the next frontier in terms of identifying risk in your infrastructure, expert says. But is it right for your organization?

📖 Read

via "Tech Republic".
16:46
🦿 Machine learning is a great tool for cybersecurity, but be cautious, expert says 🦿

Supervised and unsupervised machine learning are good ways to detect threats. But what's the difference?

📖 Read

via "Tech Republic".
16:46
🦿 Dark web prices drop for credit cards but soar for PayPal accounts 🦿

Selling prices for stolen PayPal accounts have shot up by 194%, according to research by Comparitech.

📖 Read

via "Tech Republic".
?
17:28
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-32805 ‼

Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround.

📖 Read

via "National Vulnerability Database".
17:28
‼ CVE-2021-40537 ‼

Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation.

📖 Read

via "National Vulnerability Database".
17:28
‼ CVE-2021-38388 ‼

Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project.

📖 Read

via "National Vulnerability Database".
17:28
‼ CVE-2021-31274 ‼

In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.

📖 Read

via "National Vulnerability Database".
17:28
‼ CVE-2021-36215 ‼

LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling.

📖 Read

via "National Vulnerability Database".
17:28
‼ CVE-2021-36216 ‼

LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection.

📖 Read

via "National Vulnerability Database".
?
18:25
🛡 Cybersecurity & Privacy news 🛡
❌ What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast ❌

There are a lot of "tells" that the ransomware group doesn't understand how negotiators work, despite threatening to dox data if victims call for help.

📖 Read

via "Threat Post".
?
19:28
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-40797 ‼

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

📖 Read

via "National Vulnerability Database".
19:28
‼ CVE-2020-19137 ‼

Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".

📖 Read

via "National Vulnerability Database".
19:28
‼ CVE-2021-36440 ‼

Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.

📖 Read

via "National Vulnerability Database".
19:28
‼ CVE-2020-19138 ‼

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".

📖 Read

via "National Vulnerability Database".
19:28
‼ CVE-2020-26772 ‼

Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function.

📖 Read

via "National Vulnerability Database".
19:28
‼ CVE-2021-40812 ‼

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

📖 Read

via "National Vulnerability Database".
19:28
‼ CVE-2021-30605 ‼

Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.

📖 Read

via "National Vulnerability Database".
?
20:16
🛡 Cybersecurity & Privacy news 🛡
🦿 Enhancing cybersecurity skills for the entire workforce must be a priority for cyber-resilience 🦿

Technology is not the only answer: An expert suggests improving the human cyber capacity of a company's workforce plus cybersecurity technology offers a better chance of being safe.

📖 Read

via "Tech Republic".
?
21:28
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-40814 ‼

The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection.

📖 Read

via "National Vulnerability Database".
21:28
‼ CVE-2021-40818 ‼

scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.

📖 Read

via "National Vulnerability Database".
9 September 2021
?
07:29
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-34786 ‼

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-30294 ‼

Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-1952 ‼

Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-34785 ‼

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-30295 ‼

Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-1971 ‼

Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-1961 ‼

Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-34719 ‼

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-1909 ‼

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-1935 ‼

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-34709 ‼

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-1946 ‼

Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-1933 ‼

UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-1948 ‼

Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-34713 ‼

A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot.

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-1963 ‼

Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-1974 ‼

Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-34737 ‼

A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the dhcpd process. While the dhcpd process is restarting, which may take up to approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period. Note: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload.

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-1934 ‼

Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT

📖 Read

via "National Vulnerability Database".
07:29
‼ CVE-2021-34721 ‼

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

📖 Read

via "National Vulnerability Database".
?
09:23
🛡 Cybersecurity & Privacy news 🛡
❌ BladeHawk Attackers Target Kurds with Android Apps ❌

Pro-Kurd Facebook profiles deliver '888 RAT' and 'SpyNote' trojans, masked as legitimate apps, to perform mobile espionage.

📖 Read

via "Threat Post".
?
09:46
🛡 Cybersecurity & Privacy news 🛡
🦿 How to set up two-step verification for your Google account 🦿

Two-step verification can better secure and safeguard your account. Here's how to set it up.

📖 Read

via "Tech Republic".
09:46
🦿 WFH is a cybersecurity "ticking time bomb," according to a new report 🦿

IT teams are experiencing employee pushback due to remote work policies and many feel like cybersecurity is a "thankless task" and that they're the "bad guys" for implementing these rules.

📖 Read

via "Tech Republic".
?
10:26
🛡 Cybersecurity & Privacy news 🛡
❌ Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix ❌

An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom.

📖 Read

via "Threat Post".
?
11:29
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-40223 ‼

Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog). This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts). The XSS payload will be triggered when the user accesses some specific sections of the application.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-36870 ‼

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-20117 ‼

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-28495 ‼

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-39458 ‼

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-40222 ‼

Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitize user input on Network TCP/IP configuration page. This allows the attacker to inject commands as root on the device which will be executed once the data is received.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-39459 ‼

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-26603 ‼

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2020-7873 ‼

Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-26608 ‼

An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-28497 ‼

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-28493 ‼

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2020-7874 ‼

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-20118 ‼

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-28498 ‼

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-28494 ‼

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-36871 ‼

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-38408 ‼

A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

📖 Read

via "National Vulnerability Database".
11:29
‼ CVE-2021-28499 ‼

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train

📖 Read

via "National Vulnerability Database".
?
11:56
🛡 Cybersecurity & Privacy news 🛡
❌ SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’ ❌

Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers. 

📖 Read

via "Threat Post".
?
12:46
🛡 Cybersecurity & Privacy news 🛡
🦿 Malicious office documents: The latest trend in cybercriminal exploitation 🦿

Cyberattacks have surged during the coronavirus pandemic as criminals rake in bountiful ransomware payouts. Malicious office docs have been on the rise for months, per a new report.

📖 Read

via "Tech Republic".
?
13:02
🛡 Cybersecurity & Privacy news 🛡
🔏 Phishing Attack Prevention: How to Identify & Avoid Phishing Scams in 2021 🔏

A panel of infosec experts discuss the most common phishing attacks and how to prevent them.

📖 Read

via "".
?
13:29
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2020-19143 ‼

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.

📖 Read

via "National Vulnerability Database".
13:29
‼ CVE-2021-38540 ‼

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.

📖 Read

via "National Vulnerability Database".
13:29
‼ CVE-2021-22239 ‼

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.

📖 Read

via "National Vulnerability Database".
13:29
‼ CVE-2021-37101 ‼

There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device.

📖 Read

via "National Vulnerability Database".
13:29
‼ CVE-2021-38723 ‼

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items

📖 Read

via "National Vulnerability Database".
13:29
‼ CVE-2020-19515 ‼

qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.

📖 Read

via "National Vulnerability Database".
13:29
‼ CVE-2021-3761 ‼

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as "RPKI invalid". Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues.

📖 Read

via "National Vulnerability Database".
13:29
‼ CVE-2021-38725 ‼

Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php

📖 Read

via "National Vulnerability Database".
13:29
‼ CVE-2020-19144 ‼

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.

📖 Read

via "National Vulnerability Database".
13:29
‼ CVE-2021-38721 ‼

FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability

📖 Read

via "National Vulnerability Database".
?
13:46
🛡 Cybersecurity & Privacy news 🛡
🦿 Stop using your web browser security wrong 🦿

Chances are good you're not using your browser with a strong enough eye on security. Jack Wallen offers up some advice to the average user on how to browse safer.

📖 Read

via "Tech Republic".
13:56
❌ ‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise ❌

A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.

📖 Read

via "Threat Post".
?
14:17
🛡 Cybersecurity & Privacy news 🛡
⚠ S3 Ep49: Poison PACs, pointless alarms and phunky bugs [Podcast] ⚠

Latest episode - listen now!

📖 Read

via "Naked Security".
14:17
⚠ Windows zero-day MSHTML attack – how not to get booby trapped! ⚠

Zero-day bug in MSHTML, the "mini-Internet Explorer" component of Windows, triggered by booby trapped Office files.

📖 Read

via "Naked Security".
?
15:11
🛡 Cybersecurity & Privacy news 🛡
❌ Financial Cybercrime: Why Cryptocurrency is the Perfect ‘Getaway Car’ ❌

John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency.

📖 Read

via "Threat Post".
15:16
🦿 SPDX becomes internationally recognized standard 🦿

In use for a decade as the de facto standard for communicating software bills of materials, SPDX formally becomes the internationally recognized ISO/IEC JTC 1 standard.

📖 Read

via "Tech Republic".
15:29
‼ CVE-2021-32485 ‼

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964926.

📖 Read

via "National Vulnerability Database".
15:29
‼ CVE-2021-32486 ‼

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964928.

📖 Read

via "National Vulnerability Database".
15:29
‼ CVE-2021-38727 ‼

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items

📖 Read

via "National Vulnerability Database".
15:29
‼ CVE-2021-32487 ‼

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500736; Issue ID: ALPS04938456.

📖 Read

via "National Vulnerability Database".
15:29
‼ CVE-2021-40284 ‼

D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request.

📖 Read

via "National Vulnerability Database".
15:29
‼ CVE-2021-32484 ‼

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964917.

📖 Read

via "National Vulnerability Database".
?
15:46
🛡 Cybersecurity & Privacy news 🛡
🦿 The top keywords used in phishing email subject lines 🦿

Some of these phrasings are standard day-to-day subject lines, but as one expert explained, "the attacker wants you to be moving too fast to stop and question if it's legitimate."

📖 Read

via "Tech Republic".
?
17:29
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-25466 ‼

Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.

📖 Read

via "National Vulnerability Database".
17:29
‼ CVE-2021-28910 ‼

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server.

📖 Read

via "National Vulnerability Database".
17:29
‼ CVE-2021-25454 ‼

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.

📖 Read

via "National Vulnerability Database".
17:29
‼ CVE-2020-19268 ‼

A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.

📖 Read

via "National Vulnerability Database".
17:29
‼ CVE-2020-19264 ‼

A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.

📖 Read

via "National Vulnerability Database".
17:29
‼ CVE-2021-25465 ‼

An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack.

📖 Read

via "National Vulnerability Database".
17:29
‼ CVE-2021-25452 ‼

An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.

📖 Read

via "National Vulnerability Database".
17:29
‼ CVE-2021-25456 ‼

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.

📖 Read

via "National Vulnerability Database".
17:29
‼ CVE-2021-28913 ‼

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase. This is usable and part of an attack chain to gain SSH root access.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2021-25464 ‼

An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2021-25453 ‼

Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2021-25451 ‼

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2021-38318 ‼

The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2021-38317 ‼

The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2021-25455 ‼

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2021-28909 ‼

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SSH root access.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2020-19266 ‼

A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2020-19265 ‼

A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2021-25463 ‼

Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2021-25457 ‼

An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.

📖 Read

via "National Vulnerability Database".
?
17:56
🛡 Cybersecurity & Privacy news 🛡
❌ McDonald’s Email Blast Includes Password to Monopoly Game Database ❌

Usernames, passwords for database sent in prize redemption emails.

📖 Read

via "Threat Post".
?
19:29
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-32724 ‼

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can send a crafted Pull Request that causes a `GITHUB_TOKEN` to be exposed. With the `GITHUB_TOKEN`, it's possible to push commits to the repository bypassing standard approval processes. Commits to the repository could then steal any/all secrets available to the repository. As a workaround users may can either: [Disable the workflow](https://docs.github.com/en/actions/managing-workflow-runs/disabling-and-enabling-a-workflow) until you've fixed all branches or Set repository to [Allow specific actions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#allowing-specific-actions-to-run). check-spelling isn't a verified creator and it certainly won't be anytime soon. You could then explicitly add other actions that your repository uses. Set repository [Workflow permissions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository) to `Read repository contents permission`. Workflows using `check-spelling/check-spelling@main` will get the fix automatically. Workflows using a pinned sha or tagged version will need to change the affected workflows for all repository branches to the latest version. Users can verify who and which Pull Requests have been running the action by looking up the spelling.yml action in the Actions tab of their repositories, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml - you can filter PRs by adding ?query=event%3Apull_request_target, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml?query=event%3Apull_request_target.

📖 Read

via "National Vulnerability Database".
?
19:56
🛡 Cybersecurity & Privacy news 🛡
❌ Thousands of Fortinet VPN Account Credentials Leaked ❌

They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit.

📖 Read

via "Threat Post".
?
21:29
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2020-19283 ‼

A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.

📖 Read

via "National Vulnerability Database".
21:29
‼ CVE-2020-19295 ‼

A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.

📖 Read

via "National Vulnerability Database".
21:29
‼ CVE-2020-19286 ‼

A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.

📖 Read

via "National Vulnerability Database".
21:29
‼ CVE-2021-39206 ‼

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium. Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched. This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2020-19294 ‼

A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2020-19290 ‼

A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2020-19288 ‼

A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2020-19291 ‼

A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2021-39204 ‼

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2021-39162 ‼

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2020-19281 ‼

A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2020-19282 ‼

A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2020-19289 ‼

A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2021-39203 ‼

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2021-39202 ‼

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2020-19280 ‼

Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2021-39200 ‼

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2021-39201 ‼

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches This has been patched in WordPress 5.8, and will be pushed to older versions via minor releases (automatic updates). It's strongly recommended that you keep auto-updates enabled to receive the fix. ### References https://wordpress.org/news/category/releases/ https://hackerone.com/reports/1142140 ### For more information If you have any questions or comments about this advisory: * Open an issue in [HackerOne](https://hackerone.com/wordpress)

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2020-19284 ‼

A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2020-19292 ‼

A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.

📖 Read

via "National Vulnerability Database".
10 September 2021
?
07:57
🛡 Cybersecurity & Privacy news 🛡
❌ Stolen Credentials Led to Data Theft at United Nations ❌

Threat actors accessed the organization’s proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks.

📖 Read

via "Threat Post".
?
08:18
🛡 Cybersecurity & Privacy news 🛡
🗓️ Spook.js – New side-channel attack can bypass Google Chrome’s protections against Spectre-style exploits 🗓️

Users are still vulnerable to data leak technique three years on

📖 Read

via "The Daily Swig".
?
09:30
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-3645 ‼

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

📖 Read

via "National Vulnerability Database".
?
10:48
🛡 Cybersecurity & Privacy news 🛡
🗓️ WordPress 5.8.1 security release addresses trio of vulnerabilities 🗓️

Block editor XSS and REST API data exposure issues among now-patched bugs

📖 Read

via "The Daily Swig".
?
11:30
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-35976 ‼

The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim’s browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability.

📖 Read

via "National Vulnerability Database".
11:30
‼ CVE-2021-33011 ‼

All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected devices.

📖 Read

via "National Vulnerability Database".
?
11:57
🛡 Cybersecurity & Privacy news 🛡
❌ 5 Steps For Securing Your Remote Work Space ❌

With so many people still working from home, cybercriminals are trying to cash in. Cyberattacks have increased 300% and the risk of losing important data or being compromised is much greater at home. Here are five recommendations for securing your home office.

📖 Read

via "Threat Post".
?
13:27
🛡 Cybersecurity & Privacy news 🛡
❌ SOVA, Worryingly Sophisticated Android Trojan, Takes Flight ❌

The malware appeared in August with an ambitious roadmap (think ransomware, DDoS) that could make it 'the most feature-rich Android malware on the market.'

📖 Read

via "Threat Post".
13:30
‼ CVE-2021-38341 ‼

The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10.

📖 Read

via "National Vulnerability Database".
13:30
‼ CVE-2021-38338 ‼

The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.

📖 Read

via "National Vulnerability Database".
13:30
‼ CVE-2021-38353 ‼

The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.

📖 Read

via "National Vulnerability Database".
13:30
‼ CVE-2021-38339 ‼

The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01.

📖 Read

via "National Vulnerability Database".
13:30
‼ CVE-2021-38330 ‼

The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.

📖 Read

via "National Vulnerability Database".
13:30
‼ CVE-2021-38354 ‼

The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-38332 ‼

The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-38329 ‼

The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-40373 ‼

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-38349 ‼

The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-38351 ‼

The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-38337 ‼

The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-38340 ‼

The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-37414 ‼

Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user's APIKEY without authentication.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-38352 ‼

The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-38359 ‼

The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-38355 ‼

The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-38331 ‼

The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-38333 ‼

The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1.

📖 Read

via "National Vulnerability Database".
13:31
‼ CVE-2021-38336 ‼

The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.

📖 Read

via "National Vulnerability Database".
13:33
🔏 Friday Five 9/10 🔏

The latest Windows zero day, ProtonMail under fire, and creating a more diverse cybersecurity workforce - catch up on the infosec news of the week with the Friday Five!

📖 Read

via "".
13:46
🦿 Remote cybersecurity concerns and labor shortages are front and center in a new small business report 🦿

Despite economic optimism, many companies are concerned about the impacts of the coronavirus pandemic and have temporarily closed as they adapt to new tech tools and work models.

📖 Read

via "Tech Republic".
13:49
🗓️ VMware denies allegations it leaked Confluence RCE exploit 🗓️

‘Identical’ payload removed from GitHub after researcher’s complaints

📖 Read

via "The Daily Swig".
13:57
❌ Yandex Pummeled by Potent Meris DDoS Botnet ❌

Record-breaking distributed denial of service attack targets Russia’s version of Google - Yandex.

📖 Read

via "Threat Post".
?
15:36
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-37422 ‼

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.

📖 Read

via "National Vulnerability Database".
?
16:11
🛡 Cybersecurity & Privacy news 🛡
♟️ KrebsOnSecurity Hit By Huge New IoT Botnet “Meris” ♟️

On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from "Meris," the same new "Internet of Things" (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.

📖 Read

via "Krebs on Security".
?
16:47
🛡 Cybersecurity & Privacy news 🛡
🦿 Your voiceprint could be your new password as companies look to increase security for remote workers 🦿

Biometrics are moving beyond banks and joining fingerprints and faceprints as a way to confirm employee and customer identities.

📖 Read

via "Tech Republic".
16:57
❌ Top Steps for Ransomware Recovery and Preparation ❌

Alex Restrepo, Virtual Data Center Solutions at Veritas Technologies, discusses post-attack restoration options, and how to prepare for another one in the future.

📖 Read

via "Threat Post".
?
17:27
🛡 Cybersecurity & Privacy news 🛡
❌ MyRepublic Data Breach Raises Data-Protection Questions ❌

The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say.

📖 Read

via "Threat Post".
17:30
‼ CVE-2021-3145 ‼

In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2021-40864 ‼

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2021-3646 ‼

btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

📖 Read

via "National Vulnerability Database".
17:30
‼ CVE-2021-40347 ‼

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.

📖 Read

via "National Vulnerability Database".
?
21:30
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-39207 ‼

parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details.

📖 Read

via "National Vulnerability Database".
21:30
‼ CVE-2021-24040 ‼

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.

📖 Read

via "National Vulnerability Database".
11 September 2021
?
09:36
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-38555 ‼

An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.

📖 Read

via "National Vulnerability Database".
09:36
‼ CVE-2021-40146 ‼

A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities.

📖 Read

via "National Vulnerability Database".
12 September 2021
?
08:06
🛡 Cybersecurity & Privacy news 🛡
📢 The best remote access solutions 📢

We round up the top remote access software for mobile workers, including those with collaboration, screen-sharing and support tools

📖 Read

via "ITPro".
08:06
📢 Ransomware hackers break off from Babuk to join a new group 📢

New research shines a light on the fallout between criminals in the wake of the Colonial Pipeline attack

📖 Read

via "ITPro".
08:06
📢 DOJ extradites Ukrainian man who used a botnet to decrypt login credentials 📢

The 28-year-old allegedly sold passwords to other criminals on the dark web

📖 Read

via "ITPro".
08:06
📢 Dell launches new security services to tackle surging data demands 📢

These new products aim to mitigate against data protection anxieties and the rising threat of ransomware

📖 Read

via "ITPro".
?
11:13
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-23440 ‼

This affects the package set-value before 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.

📖 Read

via "National Vulnerability Database".
?
19:13
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-23435 ‼

This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).

📖 Read

via "National Vulnerability Database".
13 September 2021
?
09:50
🛡 Cybersecurity & Privacy news 🛡
🗓️ Texas Republican Party website defaced in ‘Anonymous’ protest against abortion law 🗓️

Hacktivists take aim at ‘Heartbeat Act’ with references to The Handmaid’s Tale and Rick-rolling meme

📖 Read

via "The Daily Swig".
?
10:18
🛡 Cybersecurity & Privacy news 🛡
🦿 Phony vaccine card prices double following Biden mandate announcement 🦿

Dark Web prices for fake vaccination cards shot up from $100 to $200 almost immediately after the president announced new mandates, says Check Point Research.

📖 Read

via "Tech Republic".
?
11:14
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-22526 ‼

Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

📖 Read

via "National Vulnerability Database".
11:14
‼ CVE-2021-32136 ‼

Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

📖 Read

via "National Vulnerability Database".
11:14
‼ CVE-2020-27969 ‼

Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing

📖 Read

via "National Vulnerability Database".
11:14
‼ CVE-2021-22527 ‼

Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

📖 Read

via "National Vulnerability Database".
11:14
‼ CVE-2021-22524 ‼

Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

📖 Read

via "National Vulnerability Database".
11:14
‼ CVE-2021-22528 ‼

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

📖 Read

via "National Vulnerability Database".
11:14
‼ CVE-2021-40214 ‼

Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.

📖 Read

via "National Vulnerability Database".
11:14
‼ CVE-2020-27970 ‼

Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar

📖 Read

via "National Vulnerability Database".
11:18
🦿 Protect your endpoints with top EDR software 🦿

Endpoint detection and response (EDR) software detects and identifies threats on network-connected devices. Compare features of top EDR tools.

📖 Read

via "Tech Republic".
11:18
🦿 5 ways to better prepare your organization for a ransomware attack 🦿

Most executives cite ransomware as their biggest security concern but few have run simulated attacks to prepare, says Deloitte.

📖 Read

via "Tech Republic".
11:21
🗓️ Fraudster handed 11-year prison term for role in North Korean cybercrime operation 🗓️

Defendant ordered to pay $30m in restitution to victims

📖 Read

via "The Daily Swig".
?
12:48
🛡 Cybersecurity & Privacy news 🛡
🦿 How to use mkcert to create locally signed SSL certificates 🦿

Jack Wallen shows you how to use mkcert. If you need to generate quick SSL certificates for test servers and services, this might be the fastest option available.

📖 Read

via "Tech Republic".
?
13:44
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-29643 ‼

PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsanitized string imported from a User Object in a connected Active Directory instance.

📖 Read

via "National Vulnerability Database".
13:44
‼ CVE-2021-32137 ‼

Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

📖 Read

via "National Vulnerability Database".
13:44
‼ CVE-2021-32132 ‼

The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

📖 Read

via "National Vulnerability Database".
13:45
‼ CVE-2021-32134 ‼

The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

📖 Read

via "National Vulnerability Database".
13:45
‼ CVE-2021-32135 ‼

The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

📖 Read

via "National Vulnerability Database".
?
14:18
🛡 Cybersecurity & Privacy news 🛡
⚠ Serious Security: How to make sure you don’t miss bug reports! ⚠

Hey, let's create a text file that lists our security contacts! We'll call it... security DOT txt.

📖 Read

via "Naked Security".
14:18
⚠ S3 Ep49: Poison PACs, pointless alarms and phunky bugs [Podcast] ⚠

Latest episode - listen now!

📖 Read

via "Naked Security".
?
14:48
🛡 Cybersecurity & Privacy news 🛡
🦿 IoT device attacks double in the first half of 2021, and remote work may shoulder some of the blame 🦿

The smart home could be ripe for IoT device attacks as cybercriminals rake in record ransomware payments. Remote work may be responsible for the increase in attacks, Kaspersky says.

📖 Read

via "Tech Republic".
?
15:29
🛡 Cybersecurity & Privacy news 🛡
❌ Honing Cybersecurity Strategy When Everyone’s a Target for Ransomware ❌

Aamir Lakhani, researcher at FortiGuard Labs, explains why organizations must extend cyber-awareness training across the entire enterprise, from Luddites to the C-suite.

📖 Read

via "Threat Post".
15:29
❌ WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing ❌

The security vulnerability can be exploited with a malicious CSV file.

📖 Read

via "Threat Post".
?
15:59
🛡 Cybersecurity & Privacy news 🛡
❌ WhatsApp’s End-to-End Encryption Isn’t Actually Broken ❌

WhatsApp’s moderators sent messages flagged by intended recipients. Researchers say this isn't concerning -- yet.

📖 Read

via "Threat Post".
?
16:18
🛡 Cybersecurity & Privacy news 🛡
🦿 How to utilize openssl in Linux to check SSL certificate details 🦿

SSL certificates are an integral component in securing data and connectivity to other systems. Learn tips on how you can use the Linux openssl command to find critical certificate details.

📖 Read

via "Tech Republic".
16:29
❌ REvil’s Back; Coder Fat-Fingered Away Its Decryptor Key ❌

How did Kaseya get a universal decryptor after a mind-bogglingly big ransomware attack? A REvil coder misclicked, generated & issued it, and “That’s how we sh*t ourselves.”

📖 Read

via "Threat Post".
16:34
🔏 Jury Convicts Ex-Employee in Tech Trade Secret Theft Case 🔏

The conviction came just days before National Insider Threat Awareness Month, a government campaign designed to boost awareness around insider threats and identifying risky behavior.

📖 Read

via "".
?
17:14
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-24621 ‼

The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered_html capability is disallowed, which could lead to Stored Cross-Site Scripting issues

📖 Read

via "National Vulnerability Database".
17:14
‼ CVE-2021-38833 ‼

SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.

📖 Read

via "National Vulnerability Database".
17:14
‼ CVE-2021-33546 ‼

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.

📖 Read

via "National Vulnerability Database".
17:14
‼ CVE-2021-33550 ‼

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-24490 ‼

The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denying access to everything in the folder the file is uploaded to, the malicious uploaded file will only be accessible on Web Servers such as Nginx/IIS

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-33544 ‼

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-24510 ‼

The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-33551 ‼

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-33366 ‼

Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-24614 ‼

The Book appointment online WordPress plugin before 1.39 does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-33554 ‼

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-24727 ‼

The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-24523 ‼

The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues.

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-33545 ‼

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-24623 ‼

The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-33547 ‼

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-33362 ‼

Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-24724 ‼

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-24431 ‼

The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in the frontend for all users

📖 Read

via "National Vulnerability Database".
17:15
‼ CVE-2021-40824 ‼

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 leads to a situation where identity verification is inadequate and thus a key-requesting device can be impersonated.

📖 Read

via "National Vulnerability Database".
?
19:14
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-32138 ‼

The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

📖 Read

via "National Vulnerability Database".
19:14
‼ CVE-2021-33365 ‼

Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

📖 Read

via "National Vulnerability Database".
19:14
‼ CVE-2021-33363 ‼

Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

📖 Read

via "National Vulnerability Database".
19:14
‼ CVE-2021-33361 ‼

Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

📖 Read

via "National Vulnerability Database".
19:15
‼ CVE-2021-32139 ‼

The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

📖 Read

via "National Vulnerability Database".
19:15
‼ CVE-2021-41054 ‼

tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.

📖 Read

via "National Vulnerability Database".
19:15
‼ CVE-2021-41033 ‼

In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.

📖 Read

via "National Vulnerability Database".
19:29
❌ Apple Issues Emergency Fix for NSO Zero-Click Zero Day ❌

Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches.

📖 Read

via "Threat Post".
?
21:15
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2020-20671 ‼

A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.

📖 Read

via "National Vulnerability Database".
21:15
‼ CVE-2020-20672 ‼

An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.

📖 Read

via "National Vulnerability Database".
21:15
‼ CVE-2020-20670 ‼

An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file.

📖 Read

via "National Vulnerability Database".
?
21:48
🛡 Cybersecurity & Privacy news 🛡
⚠ Apple products vulnerable to FORCEDENTRY zero-day attack – patch now! ⚠

Double trouble: two zero-days, patched in the same emergency update. So please don't delay - patch today!

📖 Read

via "Naked Security".
14 September 2021
?
02:15
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-41072 ‼

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

📖 Read

via "National Vulnerability Database".
?
08:29
🛡 Cybersecurity & Privacy news 🛡
❌ BlackMatter Ransomware Hits Japanese Tech Giant Olympus ❌

The incident that occurred Sept. 8 and affected its EMEA IT systems seems to signal a return to business as usual for ransomware groups.

📖 Read

via "Threat Post".
?
09:20
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-37183 ‼

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices.

📖 Read

via "National Vulnerability Database".
09:20
‼ CVE-2021-33719 ‼

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.

📖 Read

via "National Vulnerability Database".
09:20
‼ CVE-2021-37201 ‼

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link.

📖 Read

via "National Vulnerability Database".
09:20
‼ CVE-2021-37193 ‼

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa).

📖 Read

via "National Vulnerability Database".
09:20
‼ CVE-2021-37203 ‼

A vulnerability has been identified in NX 1980 Series (All versions < V1984). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations.

📖 Read

via "National Vulnerability Database".
09:20
‼ CVE-2021-37191 ‼

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.

📖 Read

via "National Vulnerability Database".
09:20
‼ CVE-2021-37174 ‼

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.

📖 Read

via "National Vulnerability Database".
09:20
‼ CVE-2021-37173 ‼

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have an exposure of sensitive information vulnerability, if exploited, it could allow an authenticated attacker to extract data via Secure Shell (SSH).

📖 Read

via "National Vulnerability Database".
09:20
‼ CVE-2021-40356 ‼

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

📖 Read

via "National Vulnerability Database".
09:20
‼ CVE-2021-37192 ‼

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.

📖 Read

via "National Vulnerability Database".
09:20
‼ CVE-2021-37200 ‼

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.

📖 Read

via "National Vulnerability Database".
09:20
‼ CVE-2019-10941 ‼

A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges.

📖 Read

via "National Vulnerability Database".
09:21
‼ CVE-2021-37202 ‼

A vulnerability has been identified in NX 1980 Series (All versions < V1984). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process.

📖 Read

via "National Vulnerability Database".
09:21
‼ CVE-2021-37181 ‼

A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.

📖 Read

via "National Vulnerability Database".
09:21
‼ CVE-2021-27391 ‼

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.

📖 Read

via "National Vulnerability Database".
09:21
‼ CVE-2021-25665 ‼

A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2021.2.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13700)

📖 Read

via "National Vulnerability Database".
09:21
‼ CVE-2021-37190 ‼

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.

📖 Read

via "National Vulnerability Database".
09:21
‼ CVE-2021-40357 ‼

A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host.

📖 Read

via "National Vulnerability Database".
09:21
‼ CVE-2021-33716 ‼

A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.

📖 Read

via "National Vulnerability Database".
09:21
‼ CVE-2021-37206 ‼

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.

📖 Read

via "National Vulnerability Database".
?
09:50
🛡 Cybersecurity & Privacy news 🛡
🗓️ Olympus insists medical services ‘uninterrupted’ by malware attack 🗓️

Unconfirmed reports suggest Japanese multinational was hit by ransomware

📖 Read

via "The Daily Swig".
?
10:30
🛡 Cybersecurity & Privacy news 🛡
❌ Romance, BEC Scams Lands Soldier in Jail for 46 Months ❌

A former Army Reservist pleaded guilty to scamming the elderly with catfishing and stealing from veterans.

📖 Read

via "Threat Post".
?
11:00
🛡 Cybersecurity & Privacy news 🛡
❌ Unpatched Bugs Plague Databases; Your Data Is Probably Not Secure – Podcast ❌

Imperva's Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws.

📖 Read

via "Threat Post".
?
11:18
🛡 Cybersecurity & Privacy news 🛡
🦿 Apple releases emergency patch to protect all devices against Pegasus spyware 🦿

Designed to combat zero-day flaws exploited in Apple's operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac.

📖 Read

via "Tech Republic".
11:21
‼ CVE-2021-33674 ‼

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary code on the victim's browser.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-36582 ‼

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-38163 ‼

SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-38175 ‼

SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there would be an impact on integrity and confidentiality.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-33686 ‼

Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-37532 ‼

SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-37535 ‼

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-23053 ‼

On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-33688 ‼

SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-38162 ‼

SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify any information on the server or consume server resources making it temporarily unavailable.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-33685 ‼

SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-38164 ‼

SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-38177 ‼

SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-33679 ‼

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence allowing the attacker to compromise their confidentiality and integrity.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-38150 ‼

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-23049 ‼

On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel (TMM) memory utilization resulting in an out-of-memory condition and a denial-of-service (DoS). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-38176 ‼

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-37531 ‼

SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-21489 ‼

SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of portal content.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-38174 ‼

When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.

📖 Read

via "National Vulnerability Database".
?
12:20
🛡 Cybersecurity & Privacy news 🛡
🗓️ Speer review: Researchers pick apart Node.js communication app 🗓️

Email content injection flaws chained to bypass security controls

📖 Read

via "The Daily Swig".
12:30
❌ Pair of Google Chrome Zero-Day Bugs Actively Exploited ❌

The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year.

📖 Read

via "Threat Post".
?
13:20
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-23043 ‼

On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
13:20
‼ CVE-2021-23040 ‼

On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
13:20
‼ CVE-2021-23041 ‼

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
13:20
‼ CVE-2021-23047 ‼

On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
13:20
‼ CVE-2021-29841 ‼

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045.

📖 Read

via "National Vulnerability Database".
13:21
‼ CVE-2021-20508 ‼

IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.

📖 Read

via "National Vulnerability Database".
13:21
‼ CVE-2021-23042 ‼

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
13:21
‼ CVE-2021-23046 ‼

On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
13:21
‼ CVE-2021-20569 ‼

IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.

📖 Read

via "National Vulnerability Database".
13:21
‼ CVE-2021-20582 ‼

IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 199328.

📖 Read

via "National Vulnerability Database".
?
13:48
🛡 Cybersecurity & Privacy news 🛡
🛠 OpenDNSSEC 2.1.10 🛠

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

📖 Read

via "Packet Storm Security".
?
14:30
🛡 Cybersecurity & Privacy news 🛡
❌ ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender ❌

The well-known banking trojan retools for stealth with a whole new attack routine, including using ads for Microsoft TeamViewer and Zoom to lure victims in.

📖 Read

via "Threat Post".
?
14:48
🛡 Cybersecurity & Privacy news 🛡
🦿 Why you should avoid those fun social media "tell us about yourself" questions 🦿

Social media is overflowing with quizzes, surveys and opportunities to tell the world about yourself. Learn why you should skip these to protect yourself and your identity.

📖 Read

via "Tech Republic".
?
15:20
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2020-21050 ‼

Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.

📖 Read

via "National Vulnerability Database".
15:20
‼ CVE-2021-23045 ‼

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
15:21
‼ CVE-2020-21048 ‼

An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.

📖 Read

via "National Vulnerability Database".
15:21
‼ CVE-2020-21081 ‼

A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.

📖 Read

via "National Vulnerability Database".
15:21
‼ CVE-2021-41077 ‼

The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior (if .travis.yml has been created locally by a customer, and added to git) is for a Travis service to perform builds in a way that prevents public access to customer-specific secret environment data such as signing keys, access credentials, and API tokens. However, during the stated 8-day interval, secret data could be revealed to an unauthorized actor who forked a public repository and printed files during a build process.

📖 Read

via "National Vulnerability Database".
15:21
‼ CVE-2020-21049 ‼

An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.

📖 Read

via "National Vulnerability Database".
15:21
‼ CVE-2020-21082 ‼

A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.

📖 Read

via "National Vulnerability Database".
15:21
‼ CVE-2021-23044 ‼

On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when the Intel QuickAssist Technology (QAT) compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition (VE) platforms, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
?
17:23
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-23038 ‼

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
17:23
‼ CVE-2021-23033 ‼

On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
17:23
‼ CVE-2021-23031 ‼

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
17:23
‼ CVE-2021-23035 ‼

On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
17:23
‼ CVE-2021-23034 ‼

On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
17:23
‼ CVE-2021-23039 ‼

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote (IPSec) peer, which already has a negotiated Security Association, can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
17:23
‼ CVE-2021-35493 ‼

The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO WebFOCUS Client: versions 8207.27.0 and below, TIBCO WebFOCUS Installer: versions 8207.27.0 and below, and TIBCO WebFOCUS Reporting Server: versions 8207.27.0 and below.

📖 Read

via "National Vulnerability Database".
17:23
‼ CVE-2021-23036 ‼

On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
17:23
‼ CVE-2021-23037 ‼

On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
17:23
‼ CVE-2021-23032 ‼

On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a BIG-IP DNS system is configured with non-default Wide IP and pool settings, undisclosed DNS responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
17:23
‼ CVE-2021-39391 ‼

Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.

📖 Read

via "National Vulnerability Database".
17:30
❌ 2021’s Most Dangerous Software Weaknesses ❌

Saryu Nayyar, CEO at Gurucul, peeks into Mitre's list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers.

📖 Read

via "Threat Post".
?
18:00
🛡 Cybersecurity & Privacy news 🛡
❌ Microsoft Patches Actively Exploited Windows Zero-Day Bug ❌

On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit.

📖 Read

via "Threat Post".
18:12
♟️ Microsoft Patch Tuesday, September 2021 Edition ♟️

Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that's reportedly been abused to install spyware on iOS products, and Google's got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.

📖 Read

via "Krebs on Security".
?
18:30
🛡 Cybersecurity & Privacy news 🛡
❌ Adobe Snuffs Critical Bugs in Acrobat, Experience Manager ❌

Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.

📖 Read

via "Threat Post".
?
18:48
🛡 Cybersecurity & Privacy news 🛡
🦿 Dark Web sees spike in fake COVID vaccine card sales 🦿

Some people would rather pay money for a phony vaccine card than get the actual shot for free, according to Check Point Research.

📖 Read

via "Tech Republic".
?
19:18
🛡 Cybersecurity & Privacy news 🛡
🦿 T-Mobile was breached: Here's how to protect your account 🦿

T-Mobile customers should change their password and PIN and set up two-step verification to protect their accounts.

📖 Read

via "Tech Republic".
19:21
‼ CVE-2021-23025 ‼

On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
19:21
‼ CVE-2021-23028 ‼

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
19:21
‼ CVE-2021-23030 ‼

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
?
21:21
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-23027 ‼

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
21:21
‼ CVE-2021-23029 ‼

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
21:21
‼ CVE-2021-23026 ‼

BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
15 September 2021
?
05:02
🛡 Cybersecurity & Privacy news 🛡
📢 Apple patches zero-day flaw abused by infamous NSO exploit 📢

The ForcedEntry flaw affects all Apple devices and allows hackers to compromise systems without any user interaction

📖 Read

via "ITPro".
05:02
📢 WhatsApp activates end-to-end encrypted cloud backups 📢

The messaging service will grant users a password-protected key when they save their chat histories to the cloud

📖 Read

via "ITPro".
05:02
📢 Dual citizen sentenced to 11 years for role in North Korean crypto hacking scheme 📢

Ontario resident laundered cash for North Korea from bank heists and BEC scams

📖 Read

via "ITPro".
05:02
📢 Olympus hit by suspected ransomware attack 📢

The former digital camera specialist has shut down its networks in Europe, Africa and the Middle East while it investigates the incident

📖 Read

via "ITPro".
05:02
📢 Irish data regulator fails to resolve 98% of big tech GDPR cases 📢

Campaigners accuse the Irish DPC of being the ‘bottleneck’ for GDPR enforcement with 160 unresolved complaints

📖 Read

via "ITPro".
05:02
📢 Google handed user data to Hong Kong authorities despite pledge 📢

The tech giant last year said it would suspend the processing of user data requests from the Hong Kong government after a law that criminalised protests was introduced

📖 Read

via "ITPro".
05:02
📢 Medigate and CrowdStrike bolster IoT medical device security 📢

CrowdStrike will integrate its Falcon software with Medigate’s device security platform

📖 Read

via "ITPro".
05:02
📢 Hackers develop Linux port of Cobalt Strike for new attacks 📢

The modified version of the penetration testing toolkit can evade malware detection

📖 Read

via "ITPro".
05:02
📢 BT conducts 'world's first' trial of quantum-secure communications 📢

The achievement was made possible using hollow-core fibre cable provided by a Southampton Uni startup

📖 Read

via "ITPro".
05:02
📢 Robust password policies cut cyber attacks by 60% 📢

Research shows that hackers most often use brute force password attacks and flaw exploitation

📖 Read

via "ITPro".
05:02
📢 The most secure email services of 2021 📢

Email is not secure by design, but these email providers allow you to send emails with top-level security

📖 Read

via "ITPro".
05:02
📢 Smishing attacks increased 700% in first six months of 2021 📢

Which? has urged businesses to play their part to protect people from text message scams

📖 Read

via "ITPro".
05:02
📢 IoT devices are more vulnerable than ever 📢

Ove a billion attacks recorded on IoT devices in the first six months of the year

📖 Read

via "ITPro".
?
09:51
🛡 Cybersecurity & Privacy news 🛡
🗓️ Credential leak fears raised following security breach at Travis CI 🗓️

DevOps firm slammed for ‘abysmal’ incident response

📖 Read

via "The Daily Swig".
?
10:30
🛡 Cybersecurity & Privacy news 🛡
❌ Attackers Impersonate DoT in Two-Day Phishing Scam ❌

Threat actors dangled the lure of receiving funds from the $1 trillion infrastructure bill and created new domains mimicking the real federal site.

📖 Read

via "Threat Post".
?
10:51
🛡 Cybersecurity & Privacy news 🛡
🗓️ Supply chain attacks against the open source ecosystem soar by 650% – report 🗓️

Dependency confusion has quickly become the attack technique of choice

📖 Read

via "The Daily Swig".
?
11:22
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-38656 ‼

Microsoft Word Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-38647 ‼

Open Management Infrastructure Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-36965 ‼

Windows WLAN AutoConfig Service Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-38638 ‼

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38628.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-38650 ‼

Microsoft Office Spoofing Vulnerability

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-3797 ‼

hestiacp is vulnerable to Use of Wrong Operator in String Comparison

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-40845 ‼

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-36974 ‼

Windows SMB Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-36972 ‼

Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36960.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-38649 ‼

Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38648.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-3801 ‼

prism is vulnerable to Inefficient Regular Expression Complexity

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-36956 ‼

Azure Sphere Information Disclosure Vulnerability

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-38655 ‼

Microsoft Excel Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-36960 ‼

Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36972.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-41076 ‼

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-38628 ‼

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38638.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-38626 ‼

Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38625.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-3796 ‼

vim is vulnerable to Use After Free

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-36969 ‼

Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38635, CVE-2021-38636.

📖 Read

via "National Vulnerability Database".
11:22
‼ CVE-2021-36968 ‼

Windows DNS Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
?
12:49
🛡 Cybersecurity & Privacy news 🛡
⚠ S3 Ep50: Two 0-days plus another 0-day plus a fast food bug [Podcast] ⚠

Bugs! So many bugs! Latest episode - listen now...

📖 Read

via "Naked Security".
?
13:19
🛡 Cybersecurity & Privacy news 🛡
🦿 You can now eliminate the password for your Microsoft account 🦿

By using an alternative means of authentication, you can now go passwordless on your Microsoft account.

📖 Read

via "Tech Republic".
13:22
🗓️ Remote code execution flaw allowed hijack of Motorola Halo+ baby monitors 🗓️

Expectant parent finds severe security problems in his new baby monitor

📖 Read

via "The Daily Swig".
13:22
‼ CVE-2021-39189 ‼

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2020-19155 ‼

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2020-19154 ‼

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2020-19148 ‼

Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2020-19157 ‼

Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2020-19151 ‼

Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-40157 ‼

A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-21798 ‼

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2020-19146 ‼

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-38156 ‼

In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2020-19158 ‼

Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-27044 ‼

An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2020-19147 ‼

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2020-19159 ‼

Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2020-19150 ‼

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2020-19156 ‼

Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.

📖 Read

via "National Vulnerability Database".
?
15:21
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2020-21122 ‼

UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2020-21125 ‼

An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2020-21127 ‼

MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2020-21124 ‼

UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2020-21126 ‼

MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2021-39213 ‼

GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2021-27045 ‼

A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2021-39211 ‼

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2021-39209 ‼

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2021-27046 ‼

A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2021-40156 ‼

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2021-37412 ‼

The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2021-39392 ‼

The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2021-39210 ‼

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue is fixed in version 9.5.6. As a workaround, one may avoid using the "remember me" feature.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2021-40155 ‼

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2021-40238 ‼

A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs" functionality of Webuzo.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2020-21121 ‼

Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.

📖 Read

via "National Vulnerability Database".
15:22
‼ CVE-2021-3795 ‼

semver-regex is vulnerable to Inefficient Regular Expression Complexity

📖 Read

via "National Vulnerability Database".
?
16:05
🛡 Cybersecurity & Privacy news 🛡
🔏 Microsoft Fixes MSHTML Zero Day in Patch Tuesday Update 🔏

Microsoft fixed last week's MSHTML zero day - a vulnerability it confirmed was being exploited in the wild - in this month's Patch Tuesday round of updates.

📖 Read

via "".
?
16:30
🛡 Cybersecurity & Privacy news 🛡
❌ No Patch for High-Severity Bug in Legacy IBM System X Servers ❌

Two of IBM's aging flagship server models, retired in 2020, won’t be patched for a command-injection flaw.

📖 Read

via "Threat Post".
?
17:22
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-39205 ‼

Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-33692 ‼

SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-37912 ‼

The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-33705 ‼

The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-40862 ‼

HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-40965 ‼

A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-33697 ‼

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-33690 ‼

Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-37913 ‼

The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-29773 ‼

IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-33693 ‼

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-40964 ‼

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-29750 ‼

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-39215 ‼

Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-33704 ‼

The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-28901 ‼

Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the (5) nom_liste parameter to /eshop/products/json/addCustomerFavorite.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-33695 ‼

Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-33694 ‼

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-33698 ‼

SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.

📖 Read

via "National Vulnerability Database".
17:22
‼ CVE-2021-40966 ‼

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server.

📖 Read

via "National Vulnerability Database".
?
19:22
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2016-20012 ‼

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session.

📖 Read

via "National Vulnerability Database".
?
21:22
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-33044 ‼

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2021-40639 ‼

Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2020-21481 ‼

An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2020-21321 ‼

emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2021-33045 ‼

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2021-40881 ‼

An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2020-21483 ‼

An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2020-21480 ‼

An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file.

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2020-21482 ‼

A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator's cookie via a crafted payload in the Name field under the Message Board module

📖 Read

via "National Vulnerability Database".
21:22
‼ CVE-2020-21322 ‼

An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.

📖 Read

via "National Vulnerability Database".
16 September 2021
?
09:26
🛡 Cybersecurity & Privacy news 🛡
🗓️ UK armed forces confirms cyber as fifth dimension of warfare 🗓️

Armed forces needs to adapt to recruit more digital quartermasters rather than conventional soldiers, conference attendees told

📖 Read

via "The Daily Swig".
09:36
❌ HP Omen Hub Exposes Millions of Gamers to Cyberattack ❌

A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming.

📖 Read

via "Threat Post".
?
10:36
🛡 Cybersecurity & Privacy news 🛡
❌ REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out ❌

Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil's servers went belly-up on July 13.

📖 Read

via "Threat Post".
10:36
❌ Financial Cybercrime: Following Cryptocurrency via Public Ledgers ❌

John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack.

📖 Read

via "Threat Post".
10:36
❌ DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast ❌

Imperva’s Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,

📖 Read

via "Threat Post".
?
11:21
🛡 Cybersecurity & Privacy news 🛡
🗓️ Meris botnet leverages HTTP pipelining to smash DDoS attack records 🗓️

Source of attacks ‘almost entirely composed of Mikrotik devices’

📖 Read

via "The Daily Swig".
11:21
‼ CVE-2020-14119 ‼

There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2020-14109 ‼

There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-34576 ‼

In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2020-14124 ‼

There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-34571 ‼

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.

📖 Read

via "National Vulnerability Database".
11:21
‼ CVE-2021-40066 ‼

The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14.

📖 Read

via "National Vulnerability Database".
11:23
‼ CVE-2021-34573 ‼

In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.

📖 Read

via "National Vulnerability Database".
11:23
‼ CVE-2021-34572 ‼

Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data.

📖 Read

via "National Vulnerability Database".
11:23
‼ CVE-2021-40067 ‼

The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v12.14.

📖 Read

via "National Vulnerability Database".
11:23
‼ CVE-2020-14130 ‼

Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809

📖 Read

via "National Vulnerability Database".
?
12:51
🛡 Cybersecurity & Privacy news 🛡
🗓️ Manufacturing industry must limit internal data access to prevent sensitive leaks – report 🗓️

Sector advised to monitor what employees can do on company networks

📖 Read

via "The Daily Swig".
?
13:19
🛡 Cybersecurity & Privacy news 🛡
🦿 Bitdefender offers free decryptor for REvil ransomware victims 🦿

The free decryption tool will help victims restore their encrypted files from attacks made before July 13, 2021, says Bitdefender.

📖 Read

via "Tech Republic".
13:19
⚠ OMIGOD, an exploitable hole in Microsoft open source code! ⚠

Got Linux? Here's a bug you weren't expecting, in software you might not know you have.

📖 Read

via "Naked Security".
13:19
⚠ S3 Ep50: Two 0-days plus another 0-day plus a fast food bug [Podcast] ⚠

Bugs! So many bugs! Latest episode - listen now...

📖 Read

via "Naked Security".
13:19
🛠 GNU Privacy Guard 2.2.31 🛠

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.

📖 Read

via "Packet Storm Security".
13:22
‼ CVE-2021-41079 ‼

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-36160 ‼

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-40438 ‼

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-27341 ‼

OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-39214 ‼

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While a smuggled request is still captured as part of another request's body, it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless one uses mitmproxy to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 7.0.3 and above.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-34798 ‼

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-27340 ‼

OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-39275 ‼

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-39208 ‼

SharpCompress is a fully managed C# library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to prevent extraction outside the destination directory the destinationFileName path is verified to begin with fullDestinationDirectoryPath. However, prior to version 0.29.0, it is not enforced that fullDestinationDirectoryPath ends with slash. If the destinationDirectory is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints the arbitrary file creation impact is limited and depends on the use case. This issue is fixed in SharpCompress version 0.29.0.

📖 Read

via "National Vulnerability Database".
13:22
‼ CVE-2021-39239 ‼

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

📖 Read

via "National Vulnerability Database".
?
14:23
🛡 Cybersecurity & Privacy news 🛡
🦿 It's time enterprise businesses place their complete trust in open source 🦿

Canonical announced that its managed services had MSPCV Certification. Jack Wallen believes this milestone should help big businesses realize it is time to trust open source software.

📖 Read

via "Tech Republic".
?
15:23
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-29763 ‼

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.

📖 Read

via "National Vulnerability Database".
15:23
‼ CVE-2021-29825 ‼

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.

📖 Read

via "National Vulnerability Database".
15:23
‼ CVE-2021-29752 ‼

IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.

📖 Read

via "National Vulnerability Database".
15:23
‼ CVE-2021-29842 ‼

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

📖 Read

via "National Vulnerability Database".
15:31
❌ Airline Credential-Theft Takes Off in Widening Campaign ❌

A spyware effort bent on stealing cookies and logins is being driven by unsophisticated attackers cashing in on the initial-access-broker boom.

📖 Read

via "Threat Post".
?
17:23
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-40669 ‼

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.

📖 Read

via "National Vulnerability Database".
17:23
‼ CVE-2021-40670 ‼

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.

📖 Read

via "National Vulnerability Database".
?
19:23
🛡 Cybersecurity & Privacy news 🛡
❌ CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug ❌

The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.

📖 Read

via "Threat Post".
19:23
‼ CVE-2020-21535 ‼

fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2020-21531 ‼

fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2020-21532 ‼

fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2020-21530 ‼

fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2020-21529 ‼

fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2020-21533 ‼

fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2020-21534 ‼

fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.

📖 Read

via "National Vulnerability Database".
?
21:23
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2020-21596 ‼

libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-21606 ‼

libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-21600 ‼

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-21594 ‼

libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-21598 ‼

libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-21599 ‼

libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-21603 ‼

libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-21601 ‼

libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2021-41314 ‼

Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-21597 ‼

libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-21602 ‼

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-21595 ‼

libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-21605 ‼

libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
21:23
‼ CVE-2020-21604 ‼

libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.

📖 Read

via "National Vulnerability Database".
17 September 2021
?
07:23
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-3812 ‼

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

📖 Read

via "National Vulnerability Database".
07:23
‼ CVE-2021-41303 ‼

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

📖 Read

via "National Vulnerability Database".
07:23
‼ CVE-2021-3807 ‼

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

📖 Read

via "National Vulnerability Database".
07:23
‼ CVE-2021-1947 ‼

Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
07:23
‼ CVE-2021-3804 ‼

taro is vulnerable to Inefficient Regular Expression Complexity

📖 Read

via "National Vulnerability Database".
07:23
‼ CVE-2021-30260 ‼

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
07:23
‼ CVE-2021-1939 ‼

Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
07:23
‼ CVE-2021-1976 ‼

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
07:23
‼ CVE-2021-3811 ‼

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

📖 Read

via "National Vulnerability Database".
07:23
‼ CVE-2021-3805 ‼

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

📖 Read

via "National Vulnerability Database".
07:23
‼ CVE-2021-3810 ‼

code-server is vulnerable to Inefficient Regular Expression Complexity

📖 Read

via "National Vulnerability Database".
07:23
‼ CVE-2021-30261 ‼

Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
07:23
‼ CVE-2021-3803 ‼

nth-check is vulnerable to Inefficient Regular Expression Complexity

📖 Read

via "National Vulnerability Database".
?
10:02
🛡 Cybersecurity & Privacy news 🛡
❌ AT&T Phone-Unlocking Malware Ring Costs Carrier $200M ❌

With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan.

📖 Read

via "Threat Post".
?
10:22
🛡 Cybersecurity & Privacy news 🛡
🗓️ Google announces partnership to review security of open source software projects 🗓️

Tech giant will lend its support to security reviews of eight projects, including Git, Lodash, and Laravel 

📖 Read

via "The Daily Swig".
?
11:22
🛡 Cybersecurity & Privacy news 🛡
❌ Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do ❌

Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms.

📖 Read

via "Threat Post".
11:22
🗓️ Epik hack exposes lax security practices at controversial web host 🗓️

ISP guilty of ‘laziest design possible’, critics allege

📖 Read

via "The Daily Swig".
?
12:52
🛡 Cybersecurity & Privacy news 🛡
🗓️ Alaska Department of Health reveals data breach potentially exposing residents’ financial, health information 🗓️

Disclosure part of lengthy investigation into sophisticated attack that took place in May

📖 Read

via "The Daily Swig".
?
13:20
🛡 Cybersecurity & Privacy news 🛡
🦿 Small businesses need to step up efforts to secure and retain hybrid workers 🦿

Only 31% are shipping laptops to employees and nearly half have spent their own money on a remote workspace, a survey from GetApp finds.

📖 Read

via "Tech Republic".
13:20
🦿 Dell study finds most organizations don't think they can recover from a ransomware attack 🦿

Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.

📖 Read

via "Tech Republic".
13:23
‼ CVE-2021-41315 ‼

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges.

📖 Read

via "National Vulnerability Database".
13:23
‼ CVE-2021-31844 ‼

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

📖 Read

via "National Vulnerability Database".
13:23
‼ CVE-2021-39227 ‼

ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is `__proto__` in the object keys. Omit it before using it as an parameter in these affected methods. Or in `echarts.util.merge` and `setOption` if project is using ECharts.

📖 Read

via "National Vulnerability Database".
13:23
‼ CVE-2021-39228 ‼

Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of Tremor and the tremor-script crate maintains references to memory that might have been freed already. And these memory regions can be accessed by retrieving the `state`, e.g. send it over TCP or HTTP. This requires the Tremor server (or any other program using tremor-script) to execute a tremor-script script that uses the mentioned language construct. The issue has been patched in version 0.11.6 by removing the optimization and always cloning the target expression of a Merge or Patch. If an upgrade is not possible, a possible workaround is to avoid the optimization by introducing a temporary variable and not immediately reassigning to `state`.

📖 Read

via "National Vulnerability Database".
13:23
‼ CVE-2021-41316 ‼

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector.

📖 Read

via "National Vulnerability Database".
13:23
‼ CVE-2021-31843 ‼

Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.

📖 Read

via "National Vulnerability Database".
13:23
‼ CVE-2021-31842 ‼

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.

📖 Read

via "National Vulnerability Database".
13:23
‼ CVE-2021-31845 ‼

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

📖 Read

via "National Vulnerability Database".
?
14:23
🛡 Cybersecurity & Privacy news 🛡
🦿 Have you tried to guess your boss's password? Lots of workers have, according to a report 🦿

An August Beyond Identity report takes a look at people's password protection habits as well as their tendencies to guess other folk's passwords.

📖 Read

via "Tech Republic".
14:32
❌ Porn Problem: Adult Ads Persist on US Gov’t, Military Sites ❌

Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam.

📖 Read

via "Threat Post".
14:36
🔏 Friday Five 9/117 🔏

A $10 million SEC fine, zero trust, and another free ransomware decryptor debuts - catch up on the infosec news of the week with the Friday Five!

📖 Read

via "".
?
15:23
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-40825 ‼

nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM configuration and monitoring software and nECY to nECY communications. Impacted devices are at risk of exploitation. A remote attacker with IP access to an impacted device could submit lighting control commands to the nECY by leveraging the default key. A successful attack may result in the attacker gaining the ability to modify lighting conditions or gain the ability to update the software on lighting devices. The impacted key is referred to as the SensorView Password in the nECY nLight Explorer Interface and the Gateway Password in the SensorView application. An attacker cannot authenticate to or modify the configuration or software of the nECY system controller.

📖 Read

via "National Vulnerability Database".
15:23
‼ CVE-2021-41317 ‼

XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths.

📖 Read

via "National Vulnerability Database".
15:23
‼ CVE-2019-9060 ‼

An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1).

📖 Read

via "National Vulnerability Database".
15:23
‼ CVE-2021-38304 ‼

Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access.

📖 Read

via "National Vulnerability Database".
?
16:20
🛡 Cybersecurity & Privacy news 🛡
🦿 Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says 🦿

A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors.

📖 Read

via "Tech Republic".
?
17:24
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-38406 ‼

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.

📖 Read

via "National Vulnerability Database".
17:24
‼ CVE-2021-38402 ‼

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.

📖 Read

via "National Vulnerability Database".
17:24
‼ CVE-2020-12080 ‼

A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash.

📖 Read

via "National Vulnerability Database".
17:24
‼ CVE-2021-41326 ‼

In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.

📖 Read

via "National Vulnerability Database".
17:24
‼ CVE-2021-38404 ‼

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.

📖 Read

via "National Vulnerability Database".
17:24
‼ CVE-2018-20686 ‼

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

📖 Read

via "National Vulnerability Database".
17:24
‼ CVE-2020-12083 ‼

An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

📖 Read

via "National Vulnerability Database".
17:24
‼ CVE-2020-12082 ‼

A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

📖 Read

via "National Vulnerability Database".
?
19:23
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-39219 ‼

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use `unsafe` then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of `Linker::func_*` APIs. These APIs were previously not sound when one `Engine` was used to create the `Linker` and then a different `Engine` was used to create a `Store` and then the `Linker` was used to instantiate a module into that `Store`. Cross-`Engine` usage of functions is not supported in Wasmtime and this can result in type confusion of function pointers, resulting in being able to safely call a function with the wrong type. Triggering this bug requires using at least two `Engine` values in an embedding and then additionally using two different values with a `Linker` (one at the creation time of the `Linker` and another when instantiating a module with the `Linker`). It's expected that usage of more-than-one `Engine` in an embedding is relatively rare since an `Engine` is intended to be a globally shared resource, so the expectation is that the impact of this issue is relatively small. The fix implemented is to change this behavior to `panic!()` in Rust instead of silently allowing it. Using different `Engine` instances with a `Linker` is a programmer bug that `wasmtime` catches at runtime. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime and are using more than one `Engine` in your embedding it's recommended to instead use only one `Engine` for the entire program if possible. An `Engine` is designed to be a globally shared resource that is suitable to have only one for the lifetime of an entire process. If using multiple `Engine`s is required then code should be audited to ensure that `Linker` is only used with one `Engine`.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-41390 ‼

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-41380 ‼

RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-41383 ‼

setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-41391 ‼

In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2020-21548 ‼

Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-39216 ‼

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s from the host to a Wasm instance at the same time, either by passing multiple `externref`s as arguments from host code to a Wasm function, or returning multiple `externref`s to Wasm from a multi-value return function defined in the host. If you do not have host code that matches one of these shapes, then you are not impacted. If Wasmtime's `VMExternRefActivationsTable` became filled to capacity after passing the first `externref` in, then passing in the second `externref` could trigger a garbage collection. However the first `externref` is not rooted until we pass control to Wasm, and therefore could be reclaimed by the collector if nothing else was holding a reference to it or otherwise keeping it alive. Then, when control was passed to Wasm after the garbage collection, Wasm could use the first `externref`, which at this point has already been freed. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. The bug has been fixed, and users should upgrade to Wasmtime 0.30.0. If you cannot upgrade Wasmtime yet, you can avoid the bug by disabling reference types support in Wasmtime by passing `false` to `wasmtime::Config::wasm_reference_types`.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-39218 ‼

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where there are no live references at this safepoint, and there is a safepoint with live references earlier in this frame's function. Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `<ExternRef as Drop>::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn't be freed at this moment even if it was), as well as potential out-of-bounds reads and writes. Even though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types`.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-41387 ‼

seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2020-21547 ‼

Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.

📖 Read

via "National Vulnerability Database".
19:23
‼ CVE-2021-38412 ‼

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.

📖 Read

via "National Vulnerability Database".
20 September 2021
?
08:23
🛡 Cybersecurity & Privacy news 🛡
🗓️ VPN users unmasked by zero-day vulnerability in Virgin Media routers 🗓️

Disclosure comes two years after privacy-busting flaw was discovered

📖 Read

via "The Daily Swig".
?
09:26
🛡 Cybersecurity & Privacy news 🛡
‼ CVE-2021-24741 ‼

The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24663 ‼

The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24401 ‼

The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24604 ‼

The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24638 ‼

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24600 ‼

The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24618 ‼

The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user (as low as subscriber), or unauthenticated user via a CSRF vector to update them and perform such attack.

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24585 ‼

The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the edit_posts capability. Combined with the other Unauthorised Event Timeslot Modification issue (https://wpscan.com/reports/submissions/4699/) where an arbitrary user ID can be set, this could allow low privilege users with the edit_posts capability (such as author) to retrieve sensitive User data by iterating over the user_id

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24398 ‼

The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24402 ‼

The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24606 ‼

The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24657 ‼

The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue.

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24597 ‼

The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used

📖 Read

via "National Vulnerability Database".
09:26
‼ CVE-2021-24639 ‼

The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server.

📖 Read

via "National Vulnerability Database".
09:27
‼ CVE-2021-24525 ‼

The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute).

📖 Read

via "National Vulnerability Database".
09:27
‼ CVE-2021-24613 ‼

The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed

📖 Read

via "National Vulnerability Database".