‼ CVE-2021-34262 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34261 ‼
📖 Read
via "National Vulnerability Database".
An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25211 ‼
📖 Read
via "National Vulnerability Database".
Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34259 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34268 ‼
📖 Read
via "National Vulnerability Database".
An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25205 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php .📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34260 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22284 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34267 ‼
📖 Read
via "National Vulnerability Database".
An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25213 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22283 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25209 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php .📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24036 ‼
📖 Read
via "National Vulnerability Database".
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26799 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14032 ‼
📖 Read
via "National Vulnerability Database".
ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM.📖 Read
via "National Vulnerability Database".
❌ Kaseya Obtains Universal Decryptor for REvil Ransomware ❌
📖 Read
via "Threat Post".
The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it's unclear if the ransom was paid.📖 Read
via "Threat Post".
Threat Post
Kaseya Obtains Universal Decryptor for REvil Ransomware
The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it's unclear if the ransom was paid.
‼ CVE-2019-9983 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25207 ‼
📖 Read
via "National Vulnerability Database".
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20333 ‼
📖 Read
via "National Vulnerability Database".
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21; MongoDB Server v4.2 versions prior to 4.2.10;📖 Read
via "National Vulnerability Database".
❌ FIN7’s Liquor Lure Compromises Law Firm with Backdoor ❌
📖 Read
via "Threat Post".
Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment.📖 Read
via "Threat Post".
Threat Post
FIN7’s Liquor Lure Compromises Law Firm with Backdoor
Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment.
⚠ US court gets UK Twitter hack suspect arrested in Spain ⚠
📖 Read
via "Naked Security".
O, what a tangled web we weave/When first we practise to deceive!📖 Read
via "Naked Security".
Naked Security
US court gets UK Twitter hack suspect arrested in Spain
O, what a tangled web we weave/When first we practise to deceive!