‼ CVE-2021-3311 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.📖 Read
via "National Vulnerability Database".
❌ Google Chrome Zero-Day Afflicts Windows, Mac Users ❌
📖 Read
via "Threat Post".
Google warns of a zero-day vulnerability in the V8 open-source engine that's being actively exploited by attackers.📖 Read
via "Threat Post".
Threat Post
Google Chrome Zero-Day Afflicts Windows, Mac Users
Google warns of a zero-day vulnerability in the V8 open-source engine that's being actively exploited by attackers.
‼ CVE-2021-3382 ‼
📖 Read
via "National Vulnerability Database".
Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18737 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4832 ‼
📖 Read
via "National Vulnerability Database".
IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3258 ‼
📖 Read
via "National Vulnerability Database".
Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.📖 Read
via "National Vulnerability Database".
🕴 Pro Tip: Don't Doubt Yourself 🕴
📖 Read
via "Dark Reading".
The Edge asked season security pros what they wish they had known when they first got into the field.📖 Read
via "Dark Reading".
Dark Reading
Pro Tip: Don't Doubt Yourself
The Edge asked seasoned security pros what they wish they had known when they first got into the field.
🦿 DDoS-for-hire services are exploiting Plex Media flaw to amplify their attacks 🦿
📖 Read
via "Tech Republic".
Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.📖 Read
via "Tech Republic".
TechRepublic
DDoS-for-hire services are exploiting Plex Media flaw to amplify their attacks
Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.
‼ CVE-2021-26722 ‼
📖 Read
via "National Vulnerability Database".
LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar.📖 Read
via "National Vulnerability Database".
🕴 Security Researchers Push for 'Bug Bounty Program of Last Resort' 🕴
📖 Read
via "Dark Reading".
An international program that pays out hefty sums for the discovery of software vulnerabilities could spur greater scrutiny of applications and lead to better security.📖 Read
via "Dark Reading".
Dark Reading
Security Researchers Push for 'Bug Bounty Program of Last Resort'
An international program that pays out hefty sums for the discovery of software vulnerabilities could spur greater scrutiny of applications and lead to better security.
‼ CVE-2020-10375 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1072 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9453 ‼
📖 Read
via "National Vulnerability Database".
In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-10553 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-10552 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-10857 ‼
📖 Read
via "National Vulnerability Database".
Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-10234 ‼
📖 Read
via "National Vulnerability Database".
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18750 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-10554 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12122 ‼
📖 Read
via "National Vulnerability Database".
In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9014 ‼
📖 Read
via "National Vulnerability Database".
In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected.📖 Read
via "National Vulnerability Database".