βΌ CVE-2021-25176 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 2 of 3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25178 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25294 βΌ
π Read
via "National Vulnerability Database".
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an __destruct magic method in guzzlehttp.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25173 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).π Read
via "National Vulnerability Database".
βΌ CVE-2021-25177 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 3 of 3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25295 βΌ
π Read
via "National Vulnerability Database".
OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25175 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 1 of 3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25174 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).π Read
via "National Vulnerability Database".
βΌ CVE-2020-28473 βΌ
π Read
via "National Vulnerability Database".
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28476 βΌ
π Read
via "National Vulnerability Database".
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.π Read
via "National Vulnerability Database".
β Medical Device Security: Diagnosis Critical β
π Read
via "Threat Post".
Medical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced.π Read
via "Threat Post".
Threat Post
Medical Device Security: Diagnosis Critical
Medical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced.
π OpenStego Free Steganography Solution 0.8.0 π
π Read
via "Packet Storm Security".
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).π Read
via "Packet Storm Security".
Packetstormsecurity
OpenStego Free Steganography Solution 0.8.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2020-29450 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20619 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28478 βΌ
π Read
via "National Vulnerability Database".
This affects the package gsap before 3.6.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28477 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package immer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28472 βΌ
π Read
via "National Vulnerability Database".
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.π Read
via "National Vulnerability Database".
β Attackers Steal E-Mails, Info from OpenWrt Forum β
π Read
via "Threat Post".
Users of the Linux-based open-source firmwareβwhich include developers from commercial router companies--may be targeted by phishing campaigns, administrators warn.π Read
via "Threat Post".
Threat Post
Attackers Steal E-Mails, Info from OpenWrt Forum
Users of the Linux-based open-source firmwareβwhich include developers from commercial router companiesβmay be targeted by phishing campaigns, administrators warn.
π Falco 0.27.0 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.27.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ A Security Practitioner's Guide to Encrypted DNS π΄
π Read
via "Dark Reading".
Best practices for a shifting visibility landscape.π Read
via "Dark Reading".
Dark Reading
A Security Practitioner's Guide to Encrypted DNS
Best practices for a shifting visibility landscape.
βΌ CVE-2020-23522 βΌ
π Read
via "National Vulnerability Database".
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.π Read
via "National Vulnerability Database".