β Chipotle Emails Serve Up Phishing Lures β
π Read
via "Threat Post".
Mass email distribution service compromise mirrors earlier Nobelium attacks.π Read
via "Threat Post".
Threat Post
Chipotle Emails Serve Up Phishing Lures
Mass email distribution service compromise mirrors earlier Nobelium attacks.
π Vigilance Needed: Financial Services Firms Fight Imposter Scams π
π Read
via "".
To tamp down on fraud and fight back against a new investment scam, the FBI and SEC is providing new guidance for investors to combat imposters.π Read
via "".
Digital Guardian
Vigilance Needed: Financial Services Firms Fight Imposter Scams
To tamp down on fraud and fight back against a new investment scam, the FBI and SEC is providing new guidance for investors to combat imposters.
β β
π Read
via "Threat Post".
Vulnerability Name Affected Component CVE# Date Underflow in udpRXThread HMI3 Control Panel in: Nexus Panel CVE-2021-37161 02/08/2021 Overflow in sccProcessMsg HMI3 Control Panel in: Nexus Panel CVE-2021-37162 02/08/2021 Overflow in hmiProcessMsg HMI3 Control Panel in: Nexus Panel CVE-2021-37165 02/08/2021 Off-by-three stack overflow in tcpTxThread HMI3 Control Panel in: Nexus Panel CVE-2021-37164 02/08/2021 GUI socket Denial [β¦]π Read
via "Threat Post".
βΌ CVE-2021-32810 βΌ
π Read
via "National Vulnerability Database".
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33196 βΌ
π Read
via "National Vulnerability Database".
Go before 1.15.12 and 1.16.x before 1.16.5 attempts to allocate excessive memory (issue 1 of 2).π Read
via "National Vulnerability Database".
βΌ CVE-2021-22446 βΌ
π Read
via "National Vulnerability Database".
There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3673 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22447 βΌ
π Read
via "National Vulnerability Database".
There is an Improper Check for Unusual or Exceptional Conditions Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32806 βΌ
π Read
via "National Vulnerability Database".
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a url. A url like `https://example.org` is not in the portal. The url `https:example.org` without slashes is considered to be in the portal. When redirecting, some browsers go to `https://example.org`, others give an error. Attackers may use this to redirect victims to their site, especially as part of a phishing attack. The problem has been patched in Products.isurlinportal 1.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33197 βΌ
π Read
via "National Vulnerability Database".
Go before 1.15.12 and 1.16.x before 1.16.5 acts as an Unintended Proxy or Intermediary.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33198 βΌ
π Read
via "National Vulnerability Database".
Go before 1.15.12 and 1.16.x before 1.16.5 attempts to allocate excessive memory (issue 2 of 2).π Read
via "National Vulnerability Database".
βΌ CVE-2021-33195 βΌ
π Read
via "National Vulnerability Database".
Go before 1.15.12 and 1.16.x before 1.16.5 allows injection.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22445 βΌ
π Read
via "National Vulnerability Database".
There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37843 βΌ
π Read
via "National Vulnerability Database".
The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; for Bitbucket 2.5.9, 3.6.6, 4.0.12, 5.0.5; for Bamboo 2.5.9, 3.6.6, 4.0.12, 5.0.5; and for Fisheye 2.5.9.π Read
via "National Vulnerability Database".
β βPwnedPiperβ: Devastating Bugs in >80% of Hospital Pneumatics β
π Read
via "Threat Post".
Podcast: Blood samples arenβt martinis. You canβt shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware.π Read
via "Threat Post".
βΌ CVE-2021-35450 βΌ
π Read
via "National Vulnerability Database".
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Executeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-34637 βΌ
π Read
via "National Vulnerability Database".
The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32019 βΌ
π Read
via "National Vulnerability Database".
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27943 βΌ
π Read
via "National Vulnerability Database".
The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and configurations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34628 βΌ
π Read
via "National Vulnerability Database".
The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34635 βΌ
π Read
via "National Vulnerability Database".
The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.8.π Read
via "National Vulnerability Database".