βΌ CVE-2021-21024 βΌ
π Read
via "National Vulnerability Database".
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21034 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21037 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21307 βΌ
π Read
via "National Vulnerability Database".
Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21021 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21039 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
π΄ Growing Collaboration Among Criminal Groups Heightens Ransomware Threat for Healthcare Sector π΄
π Read
via "Dark Reading".
Expect increase in ransomware and 'triple extortion' attacks, Cyber Threat Intelligence League says.π Read
via "Dark Reading".
Dark Reading
Growing Collaboration Among Criminal Groups Heightens Ransomware Threat for Healthcare Sector
Expect increase in ransomware and 'triple extortion' attacks, Cyber Threat Intelligence League says.
β Pre-Valentineβs Day Malware Attack Mimics Flower, Lingerie Stores β
π Read
via "Threat Post".
Emails pretending to confirm hefty orders from lingerie shop Ajour Lingerie and flower store Rose World are actually spreading the BazaLoader malware.π Read
via "Threat Post".
Threat Post
Pre-Valentineβs Day Malware Attack Mimics Flower, Lingerie Stores
Emails pretending to confirm hefty orders from lingerie shop Ajour Lingerie and flower store Rose World are actually spreading the BazaLoader malware.
π΄ Ransomware Attackers Set Their Sights on SaaS π΄
π Read
via "Dark Reading".
Ransomware has begun to target data-heavy SaaS applications, open source, and Web and application frameworks.π Read
via "Dark Reading".
Dark Reading
Ransomware Attackers Set Their Sights on SaaS
Ransomware has begun to target data-heavy SaaS applications, open source, and Web and application frameworks.
π¦Ώ Working at a safe distance, safely: Remote work at industrial sites brings extra cyber risk π¦Ώ
π Read
via "Tech Republic".
When workers need to get things done in a dangerous locale, sometimes they have to be distant. This opens up plenty of cybersecurity hazards. We spoke with one expert about how to achieve that security.π Read
via "Tech Republic".
TechRepublic
Working at a safe distance, safely: Remote work at industrial sites brings extra cyber risk
When workers need to get things done in a dangerous locale, sometimes they have to be distant. It creates plenty of cybersecurity hazards. We spoke with one expert about how to achieve that security.
βΌ CVE-2020-9307 βΌ
π Read
via "National Vulnerability Database".
Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).π Read
via "National Vulnerability Database".
βΌ CVE-2021-21052 βΌ
π Read
via "National Vulnerability Database".
Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21014 βΌ
π Read
via "National Vulnerability Database".
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21053 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21063 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2019-19004 βΌ
π Read
via "National Vulnerability Database".
A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21058 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21050 βΌ
π Read
via "National Vulnerability Database".
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21055 βΌ
π Read
via "National Vulnerability Database".
Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21049 βΌ
π Read
via "National Vulnerability Database".
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21310 βΌ
π Read
via "National Vulnerability Database".
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted. Implementations using the Email provider with the default database adapter are not impacted. Implementations using the Prisma database adapter but not using the Email provider are not impacted. The Prisma database adapter was checking the verification token, but was not verifying the email address associated with that token. This made it possible to use a valid token to sign in as another user when using the Prima adapter in conjunction with the Email provider. This issue is specific to the community supported Prisma adapter. This issue is fixed in version 3.3.0.π Read
via "National Vulnerability Database".