‼ CVE-2021-30584 ‼
📖 Read
via "National Vulnerability Database".
Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30567 ‼
📖 Read
via "National Vulnerability Database".
Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33332 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_portlet_PortletConfigurationCSSPortlet_portletResource parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30578 ‼
📖 Read
via "National Vulnerability Database".
Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30580 ‼
📖 Read
via "National Vulnerability Database".
Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30572 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30565 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30575 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33334 ‼
📖 Read
via "National Vulnerability Database".
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30583 ‼
📖 Read
via "National Vulnerability Database".
Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30568 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
🦿 True cybersecurity means centering policies on employee behavior, report says 🦿
📖 Read
via "Tech Republic".
Protecting systems from bad actors is essential, but all the firewalls in the world are useless against the modern hacker who targets human weaknesses instead of digital ones.📖 Read
via "Tech Republic".
TechRepublic
True cybersecurity means centering policies on employee behavior, report says
Protecting systems from bad actors is essential, but all the firewalls in the world are useless against the modern hacker who targets human weaknesses instead of digital ones.
‼ CVE-2021-37232 ‼
📖 Read
via "National Vulnerability Database".
A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35397 ‼
📖 Read
via "National Vulnerability Database".
A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by sending crafted HTTP request with specific path to read. Successful exploitation could allow the attacker to read files that should be restricted.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36483 ‼
📖 Read
via "National Vulnerability Database".
DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37231 ‼
📖 Read
via "National Vulnerability Database".
A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check.📖 Read
via "National Vulnerability Database".
❌ We COVID-Clicked on Garbage, Report Finds: Podcast ❌
📖 Read
via "Threat Post".
Were we work-from-home clicking zombies? Steganography attacks snagged three out of eight recipients. Nasty CAPTCHAs suckered 50 times more clicks during 2020.📖 Read
via "Threat Post".
🦿 Global cyber intrusion activity jumped 125% in the first half of 2021 🦿
📖 Read
via "Tech Republic".
Companies in the U.S. were targeted more than those in any other country, according to Accenture's Cyber Incident Response Update.📖 Read
via "Tech Republic".
TechRepublic
Global cyber intrusion activity jumped 125% in the first half of 2021
Companies in the U.S. were targeted more than those in any other country, according to Accenture's Cyber Incident Response Update.
‼ CVE-2021-3680 ‼
📖 Read
via "National Vulnerability Database".
showdoc is vulnerable to Missing Cryptographic Step📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33336 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_journal_web_portlet_JournalPortlet_name parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33339 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_admin_web_portlet_SiteAdminPortlet_name parameter.📖 Read
via "National Vulnerability Database".