βΌ CVE-2020-19510 βΌ
π Read
via "National Vulnerability Database".
Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32697 βΌ
π Read
via "National Vulnerability Database".
neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form Finishers cause side effects even if no form values have been sent. Form Finishers can be adjusted in a way that they only execute an action if the submitted form contains some expected data. Alternatively a custom Finisher can be added as first finisher. This regression was introduced with https://github.com/neos/form/commit/049d415295be8d4a0478ccba97dba1bb81649567π Read
via "National Vulnerability Database".
β Embryology Data Breach Follows Fertility Clinic Ransomware Hit β
π Read
via "Threat Post".
Approximately 38,000 of RBA's customers had their embryology data stolen by a ransomware gang.π Read
via "Threat Post".
Threat Post
Embryology Data Breach Follows Fertility Clinic Ransomware Hit
Approximately 38,000 of RBA's customers had their embryology data stolen by a ransomware gang.
π΄ Baltimore County Public Schools' Ransomware Recovery Tops $8M π΄
π Read
via "Dark Reading".
The school district has spent seven months and a reported $8.1 million recovering from the November attack.π Read
via "Dark Reading".
β Bugs in NVIDIAβs Jetson Chipset Opens Door to DoS Attacks, Data Theft β
π Read
via "Threat Post".
Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.π Read
via "Threat Post".
Threat Post
Bugs in NVIDIAβs Jetson Chipset Open Door to DoS Attacks, Data Theft
Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.
π΄ Data Leaked in Fertility Clinic Ransomware Attack π΄
π Read
via "Dark Reading".
Reproductive Biology Associates says the data of 38,000 patients may have been compromised in the April cyberattack.π Read
via "Dark Reading".
βΌ CVE-2021-24377 βΌ
π Read
via "National Vulnerability Database".
The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24372 βΌ
π Read
via "National Vulnerability Database".
The WP Hardening ΓΒ’Γ’β¬Òβ¬Ε Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24369 βΌ
π Read
via "National Vulnerability Database".
In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29061 βΌ
π Read
via "National Vulnerability Database".
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.π Read
via "National Vulnerability Database".
β Wegmans Exposes Customer Data in Misconfigured Databases β
π Read
via "Threat Post".
Cleanup in aisle "Oops": The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny.π Read
via "Threat Post".
Threat Post
Wegmans Exposes Customer Data in Misconfigured Databases
Cleanup in aisle "Oops": The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny.
π΄ Did Companies Fail to Disclose Being Affected by SolarWinds Breach? π΄
π Read
via "Dark Reading".
The SEC has sent out letters to some investment firms and publicly listed companies seeking information, Reuters says.π Read
via "Dark Reading".
βΌ CVE-2010-0413 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32698 βΌ
π Read
via "National Vulnerability Database".
eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20742 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20733 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.π Read
via "National Vulnerability Database".
β Six Flags to Pay $36M Over Collection of Fingerprints β
π Read
via "Threat Post".
Illinois Supreme Court rules in favor of class action against companyβs practice of scanning peopleβs fingers when they enter amusement parks.π Read
via "Threat Post".
Threat Post
Six Flags to Pay $36M Over Collection of Fingerprints
Illinois Supreme Court rules in favor of class action against companyβs practice of scanning peopleβs fingers when they enter amusement parks.
βΌ CVE-2021-0571 βΌ
π Read
via "National Vulnerability Database".
In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137395936π Read
via "National Vulnerability Database".
βΌ CVE-2021-0563 βΌ
π Read
via "National Vulnerability Database".
In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172908358π Read
via "National Vulnerability Database".
βΌ CVE-2021-0606 βΌ
π Read
via "National Vulnerability Database".
In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487π Read
via "National Vulnerability Database".
βΌ CVE-2021-0545 βΌ
π Read
via "National Vulnerability Database".
In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258884π Read
via "National Vulnerability Database".