βΌ CVE-2021-25177 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 3 of 3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25295 βΌ
π Read
via "National Vulnerability Database".
OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25175 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 1 of 3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25174 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).π Read
via "National Vulnerability Database".
βΌ CVE-2020-28473 βΌ
π Read
via "National Vulnerability Database".
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28476 βΌ
π Read
via "National Vulnerability Database".
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.π Read
via "National Vulnerability Database".
β Medical Device Security: Diagnosis Critical β
π Read
via "Threat Post".
Medical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced.π Read
via "Threat Post".
Threat Post
Medical Device Security: Diagnosis Critical
Medical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced.
π OpenStego Free Steganography Solution 0.8.0 π
π Read
via "Packet Storm Security".
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).π Read
via "Packet Storm Security".
Packetstormsecurity
OpenStego Free Steganography Solution 0.8.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2020-29450 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20619 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28478 βΌ
π Read
via "National Vulnerability Database".
This affects the package gsap before 3.6.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28477 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package immer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28472 βΌ
π Read
via "National Vulnerability Database".
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.π Read
via "National Vulnerability Database".
β Attackers Steal E-Mails, Info from OpenWrt Forum β
π Read
via "Threat Post".
Users of the Linux-based open-source firmwareβwhich include developers from commercial router companies--may be targeted by phishing campaigns, administrators warn.π Read
via "Threat Post".
Threat Post
Attackers Steal E-Mails, Info from OpenWrt Forum
Users of the Linux-based open-source firmwareβwhich include developers from commercial router companiesβmay be targeted by phishing campaigns, administrators warn.
π Falco 0.27.0 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.27.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ A Security Practitioner's Guide to Encrypted DNS π΄
π Read
via "Dark Reading".
Best practices for a shifting visibility landscape.π Read
via "Dark Reading".
Dark Reading
A Security Practitioner's Guide to Encrypted DNS
Best practices for a shifting visibility landscape.
βΌ CVE-2020-23522 βΌ
π Read
via "National Vulnerability Database".
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23342 βΌ
π Read
via "National Vulnerability Database".
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20950 βΌ
π Read
via "National Vulnerability Database".
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35128 βΌ
π Read
via "National Vulnerability Database".
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35129 βΌ
π Read
via "National Vulnerability Database".
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target userΓ’β¬β’s behalf, including changing the userΓ’β¬β’s password or email address or changing the attackerΓ’β¬β’s user role from a low-privileged user to an administrator account.π Read
via "National Vulnerability Database".