‼ CVE-2021-25832 ‼
📖 Read
via "National Vulnerability Database".
A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9479 ‼
📖 Read
via "National Vulnerability Database".
When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0659e9e822f4e3923ddc22d. Note: this CVE may be REJECTed as the issue did not affect any released versions of Apache AsterixDB📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25830 ‼
📖 Read
via "National Vulnerability Database".
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote code execution on DocumentServer.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-25004 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.6; MongoDB Server v3.6 versions prior to 3.6.11.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22114 ‼
📖 Read
via "National Vulnerability Database".
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25914 ‼
📖 Read
via "National Vulnerability Database".
Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36240 ‼
📖 Read
via "National Vulnerability Database".
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.📖 Read
via "National Vulnerability Database".
🔏 Ransomware Costs Healthcare Firm $67 Million 🔏
📖 Read
via "Digital Guardian".
Restoring its IT infrastructure as quickly as possible required a significant labor expense, both internal and external.📖 Read
via "Digital Guardian".
Digital Guardian
Ransomware Costs Healthcare Firm $67 Million
Restoring its IT infrastructure as quickly as possible required a significant labor expense, both internal and external.
❌ Passwords, Private Posts Exposed in Hack of Gab Social Network ❌
📖 Read
via "Threat Post".
The Distributed Denial of Secrets group claim they have received more than 70 gigabytes of data exfiltrated from social media platform Gab.📖 Read
via "Threat Post".
Threat Post
Passwords, Private Posts Exposed in Hack of Gab Social Network
The Distributed Denial of Secrets group claim they have received more than 70 gigabytes of data exfiltrated from social media platform Gab.
🕴 New Jailbreak Tool Works on Most iPhones 🕴
📖 Read
via "Dark Reading".
The Unc0ver team has released a tool that works on iOS 11 and later, and exploits a vulnerability that was recently under attack.📖 Read
via "Dark Reading".
Dark Reading
New Jailbreak Tool Works on Most iPhones
The Unc0ver team has released a tool that works on iOS 11 and later, and exploits a vulnerability that was recently under attack.
🕴 Universal Health Services Suffered $67 Million Loss Due to Ransomware Attack 🕴
📖 Read
via "Dark Reading".
Earnings report points to diversion of care during incident for financial loss.📖 Read
via "Dark Reading".
Dark Reading
Universal Health Services Suffered $67 Million Loss Due to Ransomware Attack
Earnings report points to diversion of care during incident for financial loss.
‼ CVE-2021-27886 ‼
📖 Read
via "National Vulnerability Database".
rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.📖 Read
via "National Vulnerability Database".
‼ CVE-2016-8145 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2016-8119 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2016-8046 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2016-8146 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2016-8159 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2016-8109 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27884 ‼
📖 Read
via "National Vulnerability Database".
Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.📖 Read
via "National Vulnerability Database".
‼ CVE-2016-8142 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2016-8151 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.📖 Read
via "National Vulnerability Database".