βΌ CVE-2021-22727 βΌ
π Read
via "National Vulnerability Database".
A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web serverπ Read
via "National Vulnerability Database".
βΌ CVE-2021-2392 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2021-22773 βΌ
π Read
via "National Vulnerability Database".
A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker connected to the charging station web server to modify the password of a user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-2443 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Solaris x86 and Linux systems only. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2021-22722 βΌ
π Read
via "National Vulnerability Database".
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause code injection when importing a CSV file or changing station parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-2446 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2021-2397 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).π Read
via "National Vulnerability Database".
β Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say β
π Read
via "Threat Post".
Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change.π Read
via "Threat Post".
Threat Post
Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say
Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change.
β NPM Package Steals Passwords via Chromeβs Account-Recovery Tool β
π Read
via "Threat Post".
In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems.π Read
via "Threat Post".
Threat Post
NPM Package Steals Passwords via Chromeβs Account-Recovery Tool
In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass.
βΌ CVE-2020-22150 βΌ
π Read
via "National Vulnerability Database".
A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML.π Read
via "National Vulnerability Database".
π¦Ώ Should we use AI in cybersecurity? Yes, but with caution and human help π¦Ώ
π Read
via "Tech Republic".
Artificial intelligence is a powerful tool, and an expert says we had better ensure it stays just thatβa useful tool.π Read
via "Tech Republic".
TechRepublic
Should we use AI in cybersecurity? Yes, but with caution and human help
Artificial intelligence is a powerful tool, and an expert says we had better ensure it stays just thatβa useful tool.
π¦Ώ How to activate Microsoft Defender Application Guard in Windows 10 π¦Ώ
π Read
via "Tech Republic".
Microsoft Defender Application Guard protects your networks and data from malicious applications running in your web browser, but you must install and activate it first.π Read
via "Tech Republic".
TechRepublic
How to activate Microsoft Defender Application Guard in Windows 10
Microsoft Defender Application Guard protects your networks and data from malicious applications running in your web browser, but you must install and activate it first.
βΌ CVE-2020-19492 βΌ
π Read
via "National Vulnerability Database".
There is a floating point exception in ReadImage that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19475 βΌ
π Read
via "National Vulnerability Database".
An issue has been found in function CCITTFaxStream::lookChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid write of size 2 .π Read
via "National Vulnerability Database".
βΌ CVE-2021-32776 βΌ
π Read
via "National Vulnerability Database".
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37220 βΌ
π Read
via "National Vulnerability Database".
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1093 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1089 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1090 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1096 βΌ
π Read
via "National Vulnerability Database".
NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1091 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service.π Read
via "National Vulnerability Database".