βΌ CVE-2021-38591 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).π Read
via "National Vulnerability Database".
βΌ CVE-2021-38593 βΌ
π Read
via "National Vulnerability Database".
Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).π Read
via "National Vulnerability Database".
βΌ CVE-2021-37222 βΌ
π Read
via "National Vulnerability Database".
Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24576 βΌ
π Read
via "National Vulnerability Database".
Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM.π Read
via "National Vulnerability Database".
β Microsoft Warns: Another Unpatched PrintNightmare Zero-Day β
π Read
via "Threat Post".
The out-of-band warning pairs with a working proof-of-concept exploit for the issue, circulating since mid-July.π Read
via "Threat Post".
Threat Post
Microsoft Warns: Another Unpatched PrintNightmare Zero-Day
The out-of-band warning pairs with a working proof-of-concept exploit for the issue, circulating since mid-July.
β QR Code Scammers Get Creative with Bitcoin ATMs β
π Read
via "Threat Post".
Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology's trust relationship with users.π Read
via "Threat Post".
Threat Post
QR Code Scammers Get Creative with Bitcoin ATMs
Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology's trust relationship with users.
β S3 Ep45: Routers attacked, hacking tool hacked, and betrayers betrayed [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now! (And learn about the Navajo Nation's selfless cryptographic contribution to America.)π Read
via "Naked Security".
Naked Security
S3 Ep45: Routers attacked, hacking tool hacked, and betrayers betrayed [Podcast]
Latest episode β listen now! (And learn about the Navajo Nationβs selfless cryptographic contribution to America.)
βΌ CVE-2020-28165 βΌ
π Read
via "National Vulnerability Database".
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.π Read
via "National Vulnerability Database".
π¦Ώ Microsoft fixes Print Spooler bugs with August Patch Tuesday rollout π¦Ώ
π Read
via "Tech Republic".
The fix, though, means that only administrators will be able to install print drivers on Windows PCs.π Read
via "Tech Republic".
TechRepublic
Microsoft fixes Print Spooler bugs with August Patch Tuesday rollout
The fix, though, means that only administrators will be able to install print drivers on Windows PCs.
π¦Ώ When 2FA on your Linux servers won't let you in, try this fix π¦Ώ
π Read
via "Tech Republic".
When your Linux servers are giving you fits, Jack Wallen has the solution for you.π Read
via "Tech Republic".
TechRepublic
When 2FA on your Linux servers won't let you in, try this fix
When your Linux servers are giving you fits, Jack Wallen has the solution for you.
β Ransomware Payments Explode Amid βQuadruple Extortionβ β
π Read
via "Threat Post".
Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks.π Read
via "Threat Post".
Threat Post
Ransomware Payments Explode Amid βQuadruple Extortionβ
Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks.
βΌ CVE-2021-27792 βΌ
π Read
via "National Vulnerability Database".
The command Γ’β¬ΕipfilterΓ’β¬οΏ½ in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27794 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35955 βΌ
π Read
via "National Vulnerability Database".
Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20314 βΌ
π Read
via "National Vulnerability Database".
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20981 βΌ
π Read
via "National Vulnerability Database".
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38087 βΌ
π Read
via "National Vulnerability Database".
Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20975 βΌ
π Read
via "National Vulnerability Database".
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20979 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20977 βΌ
π Read
via "National Vulnerability Database".
A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27793 βΌ
π Read
via "National Vulnerability Database".
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.π Read
via "National Vulnerability Database".