βΌ CVE-2021-32946 βΌ
π Read
via "National Vulnerability Database".
An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32938 βΌ
π Read
via "National Vulnerability Database".
Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32950 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32944 βΌ
π Read
via "National Vulnerability Database".
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32952 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32936 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34825 βΌ
π Read
via "National Vulnerability Database".
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31818 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isnΓ’β¬β’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.π Read
via "National Vulnerability Database".
β CVS Health Records for 1.1 Billion Customers Exposed β
π Read
via "Threat Post".
A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.π Read
via "Threat Post".
Threat Post
CVS Health Records for 1.1 Billion Customers Exposed
A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.
β Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes β
π Read
via "Threat Post".
An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls.π Read
via "Threat Post".
Threat Post
Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes
An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls.
π΄ Cyberattacks Are Tailored to Employees ... Why Isn't Security Training? π΄
π Read
via "Dark Reading".
Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.π Read
via "Dark Reading".
Dark Reading
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.
βΌ CVE-2021-23396 βΌ
π Read
via "National Vulnerability Database".
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.π Read
via "National Vulnerability Database".
βΌ CVE-2013-20002 βΌ
π Read
via "National Vulnerability Database".
Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.π Read
via "National Vulnerability Database".
π What is Data Classification? A Data Classification Definition π
π Read
via "".
Learn about the different types of classification and how to effectively classify your data in Data Protection 101, our series on the fundamentals of data security.π Read
via "".
Digitalguardian
What is Data Classification? A Data Classification Definition
Learn about the different types of classification and how to effectively classify your data in Data Protection 101, our series on the fundamentals of data security.
β Cisco Smart Switches Riddled with Severe Security Holes β
π Read
via "Threat Post".
The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.π Read
via "Threat Post".
Threat Post
Cisco Smart Switches Riddled with Severe Security Holes
The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.
βΌ CVE-2021-32575 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33557 βΌ
π Read
via "National Vulnerability Database".
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.π Read
via "National Vulnerability Database".
β Clop Raid: A Big Win in the War on Ransomware? β
π Read
via "Threat Post".
Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.π Read
via "Threat Post".
Threat Post
Clop Raid: A Big Win in the War on Ransomware?
Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.
π΄ Google Launches SLSA, A New Framework for Supply Chain Integrity π΄
π Read
via "Dark Reading".
The 'Supply chain Levels for Software Artifacts' aims to ensure the integrity of components throughout the software supply chain.π Read
via "Dark Reading".
π΄ Carnival Cruise Line Reports Security Breach π΄
π Read
via "Dark Reading".
The cruise ship operator says the incident affected employee and guest data.π Read
via "Dark Reading".
Dark Reading
Carnival Cruise Line Reports Security Breach
The cruise ship operator says the incident affected employee and guest data.
π΄ One in Five Manufacturing Firms Targeted by Cyberattacks π΄
π Read
via "Dark Reading".
Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.π Read
via "Dark Reading".
Dark Reading
One in Five Manufacturing Firms Targeted by Cyberattacks
Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.