βΌ CVE-2021-33794 βΌ
π Read
via "National Vulnerability Database".
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32440 βΌ
π Read
via "National Vulnerability Database".
The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21359 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.π Read
via "National Vulnerability Database".
βΌ CVE-2017-16632 βΌ
π Read
via "National Vulnerability Database".
In SapphireIMS 4097_1, the password in the database is stored in Base64 format.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37699 βΌ
π Read
via "National Vulnerability Database".
Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38592 βΌ
π Read
via "National Vulnerability Database".
Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule).π Read
via "National Vulnerability Database".
βΌ CVE-2021-38591 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).π Read
via "National Vulnerability Database".
βΌ CVE-2021-38593 βΌ
π Read
via "National Vulnerability Database".
Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).π Read
via "National Vulnerability Database".
βΌ CVE-2021-37222 βΌ
π Read
via "National Vulnerability Database".
Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24576 βΌ
π Read
via "National Vulnerability Database".
Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM.π Read
via "National Vulnerability Database".
β Microsoft Warns: Another Unpatched PrintNightmare Zero-Day β
π Read
via "Threat Post".
The out-of-band warning pairs with a working proof-of-concept exploit for the issue, circulating since mid-July.π Read
via "Threat Post".
Threat Post
Microsoft Warns: Another Unpatched PrintNightmare Zero-Day
The out-of-band warning pairs with a working proof-of-concept exploit for the issue, circulating since mid-July.
β QR Code Scammers Get Creative with Bitcoin ATMs β
π Read
via "Threat Post".
Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology's trust relationship with users.π Read
via "Threat Post".
Threat Post
QR Code Scammers Get Creative with Bitcoin ATMs
Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology's trust relationship with users.
β S3 Ep45: Routers attacked, hacking tool hacked, and betrayers betrayed [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now! (And learn about the Navajo Nation's selfless cryptographic contribution to America.)π Read
via "Naked Security".
Naked Security
S3 Ep45: Routers attacked, hacking tool hacked, and betrayers betrayed [Podcast]
Latest episode β listen now! (And learn about the Navajo Nationβs selfless cryptographic contribution to America.)
βΌ CVE-2020-28165 βΌ
π Read
via "National Vulnerability Database".
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.π Read
via "National Vulnerability Database".
π¦Ώ Microsoft fixes Print Spooler bugs with August Patch Tuesday rollout π¦Ώ
π Read
via "Tech Republic".
The fix, though, means that only administrators will be able to install print drivers on Windows PCs.π Read
via "Tech Republic".
TechRepublic
Microsoft fixes Print Spooler bugs with August Patch Tuesday rollout
The fix, though, means that only administrators will be able to install print drivers on Windows PCs.
π¦Ώ When 2FA on your Linux servers won't let you in, try this fix π¦Ώ
π Read
via "Tech Republic".
When your Linux servers are giving you fits, Jack Wallen has the solution for you.π Read
via "Tech Republic".
TechRepublic
When 2FA on your Linux servers won't let you in, try this fix
When your Linux servers are giving you fits, Jack Wallen has the solution for you.
β Ransomware Payments Explode Amid βQuadruple Extortionβ β
π Read
via "Threat Post".
Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks.π Read
via "Threat Post".
Threat Post
Ransomware Payments Explode Amid βQuadruple Extortionβ
Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks.
βΌ CVE-2021-27792 βΌ
π Read
via "National Vulnerability Database".
The command Γ’β¬ΕipfilterΓ’β¬οΏ½ in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27794 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35955 βΌ
π Read
via "National Vulnerability Database".
Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20314 βΌ
π Read
via "National Vulnerability Database".
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.π Read
via "National Vulnerability Database".