βΌ CVE-2006-0016 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
β iPhone Wi-Fi Crushed by Weird Network β
π Read
via "Threat Post".
β¦ until you reset network settings and stop connecting to a weirdly named network, that is. FUD is spreading. iOS Wi-Fi demolition is not.π Read
via "Threat Post".
Threat Post
iPhone Wi-Fi Crushed by Weird Network
β¦ until you reset network settings and stop connecting to one weirdly named network, that is. FUD is spreading. iOS Wi-Fi demolition is not, though it could.
βΌ CVE-2021-0522 βΌ
π Read
via "National Vulnerability Database".
In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139π Read
via "National Vulnerability Database".
βΌ CVE-2021-0520 βΌ
π Read
via "National Vulnerability Database".
In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595π Read
via "National Vulnerability Database".
βΌ CVE-2020-19510 βΌ
π Read
via "National Vulnerability Database".
Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32697 βΌ
π Read
via "National Vulnerability Database".
neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form Finishers cause side effects even if no form values have been sent. Form Finishers can be adjusted in a way that they only execute an action if the submitted form contains some expected data. Alternatively a custom Finisher can be added as first finisher. This regression was introduced with https://github.com/neos/form/commit/049d415295be8d4a0478ccba97dba1bb81649567π Read
via "National Vulnerability Database".
β Embryology Data Breach Follows Fertility Clinic Ransomware Hit β
π Read
via "Threat Post".
Approximately 38,000 of RBA's customers had their embryology data stolen by a ransomware gang.π Read
via "Threat Post".
Threat Post
Embryology Data Breach Follows Fertility Clinic Ransomware Hit
Approximately 38,000 of RBA's customers had their embryology data stolen by a ransomware gang.
π΄ Baltimore County Public Schools' Ransomware Recovery Tops $8M π΄
π Read
via "Dark Reading".
The school district has spent seven months and a reported $8.1 million recovering from the November attack.π Read
via "Dark Reading".
β Bugs in NVIDIAβs Jetson Chipset Opens Door to DoS Attacks, Data Theft β
π Read
via "Threat Post".
Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.π Read
via "Threat Post".
Threat Post
Bugs in NVIDIAβs Jetson Chipset Open Door to DoS Attacks, Data Theft
Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.
π΄ Data Leaked in Fertility Clinic Ransomware Attack π΄
π Read
via "Dark Reading".
Reproductive Biology Associates says the data of 38,000 patients may have been compromised in the April cyberattack.π Read
via "Dark Reading".
βΌ CVE-2021-24377 βΌ
π Read
via "National Vulnerability Database".
The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24372 βΌ
π Read
via "National Vulnerability Database".
The WP Hardening ΓΒ’Γ’β¬Òβ¬Ε Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24369 βΌ
π Read
via "National Vulnerability Database".
In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29061 βΌ
π Read
via "National Vulnerability Database".
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.π Read
via "National Vulnerability Database".
β Wegmans Exposes Customer Data in Misconfigured Databases β
π Read
via "Threat Post".
Cleanup in aisle "Oops": The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny.π Read
via "Threat Post".
Threat Post
Wegmans Exposes Customer Data in Misconfigured Databases
Cleanup in aisle "Oops": The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny.
π΄ Did Companies Fail to Disclose Being Affected by SolarWinds Breach? π΄
π Read
via "Dark Reading".
The SEC has sent out letters to some investment firms and publicly listed companies seeking information, Reuters says.π Read
via "Dark Reading".
βΌ CVE-2010-0413 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32698 βΌ
π Read
via "National Vulnerability Database".
eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20742 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20733 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.π Read
via "National Vulnerability Database".