βΌ CVE-2021-25913 βΌ
π Read
via "National Vulnerability Database".
Prototype pollution vulnerability in Γ’β¬˜set-or-getΓ’β¬β’ version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26530 βΌ
π Read
via "National Vulnerability Database".
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26576 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26222 βΌ
π Read
via "National Vulnerability Database".
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26529 βΌ
π Read
via "National Vulnerability Database".
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26914 βΌ
π Read
via "National Vulnerability Database".
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26915 βΌ
π Read
via "National Vulnerability Database".
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36150 βΌ
π Read
via "National Vulnerability Database".
Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8590 βΌ
π Read
via "National Vulnerability Database".
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the Γ’β¬βremove-private-data parameter is set to true.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36151 βΌ
π Read
via "National Vulnerability Database".
Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26221 βΌ
π Read
via "National Vulnerability Database".
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21306 βΌ
π Read
via "National Vulnerability Database".
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26913 βΌ
π Read
via "National Vulnerability Database".
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.π Read
via "National Vulnerability Database".
π΄ Emotet Takedown: Short-Term Celebration, Long-Term Concerns π΄
π Read
via "Dark Reading".
Security researchers examine how and when Emotet's operators may resurface, and the threats that could evolve in the meantime.π Read
via "Dark Reading".
Dark Reading
Emotet Takedown: Short-Term Celebration, Long-Term Concerns
Security researchers examine how and when Emotet's operators may resurface, and the threats that could evolve in the meantime.
β Safer Internet Day β Why not up your game? β
π Read
via "Naked Security".
Four tips for Safer Internet Dayπ Read
via "Naked Security".
Naked Security
Safer Internet Day β Why not up your game?
Four tips for Safer Internet Day
βΌ CVE-2020-29021 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3294 βΌ
π Read
via "National Vulnerability Database".
CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14391 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26917 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host." NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker.π Read
via "National Vulnerability Database".
β Hacker Tries to Poison Water Supply of Florida Town β
π Read
via "Threat Post".
A threat actor remotely accessed the IT system of the water treatment facility of Oldsmar and raised the levels of sodium hydroxide in the water, an action that was quickly noticed and remediated.π Read
via "Threat Post".
Threat Post
Hacker Tries to Poison Water Supply of Florida Town
A threat actor remotely accessed the IT system of the water treatment facility of Oldsmar and raised the levels of sodium hydroxide in the water, an action that was quickly noticed and remediated.
π¦Ώ Ransomware can be installed via ghost accounts π¦Ώ
π Read
via "Tech Republic".
Active accounts for people who have left your organization can make exploitation easy, according to Sophos.π Read
via "Tech Republic".
TechRepublic
Ransomware can be installed via ghost accounts
Active accounts for people who have left your organization can make exploitation easy, according to Sophos.