βΌ CVE-2021-38597 βΌ
π Read
via "National Vulnerability Database".
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27790 βΌ
π Read
via "National Vulnerability Database".
The command Γ’β¬ΕipfilterΓ’β¬οΏ½ in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38088 βΌ
π Read
via "National Vulnerability Database".
Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.π Read
via "National Vulnerability Database".
π¦Ώ For sale: Access to your company network. Price: Less than you'd think π¦Ώ
π Read
via "Tech Republic".
Access to secured networks is regularly sold on the Dark Web and 45% of those sales are less than $1,000.π Read
via "Tech Republic".
TechRepublic
For sale: Access to your company network. Price: Less than you'd think
Access to secured networks is regularly sold on the Dark Web and 45% of those sales are less than $1,000.
β AdLoad Malware 2021 Samples Skate Past Apple XProtect β
π Read
via "Threat Post".
A crush of new attacks using the well-known adware involves at least 150 updated samples, many of which aren't recognized by Apple's built-in security controls.π Read
via "Threat Post".
Threat Post
AdLoad Malware 2021 Samples Skate Past Apple XProtect
A crush of new attacks using the well-known adware involves at least 150 updated samples, many of which aren't recognized by Apple's built-in security controls.
π Progress Being Made Fortifying US Cyber Defenses π
π Read
via "".
Nearly 75 percent of the Cyberspace Solarium Commission's federal recommendations have been implemented or are on track to being implemented.π Read
via "".
Digital Guardian
Progress Being Made Fortifying US Cyber Defenses
Nearly 75 percent of the Cyberspace Solarium Commission's federal recommendations have been implemented or are on track to being implemented.
βΌ CVE-2020-18445 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20509 βΌ
π Read
via "National Vulnerability Database".
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32808 βΌ
π Read
via "National Vulnerability Database".
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38606 βΌ
π Read
via "National Vulnerability Database".
reNgine through 0.5 relies on a predictable directory name.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38291 βΌ
π Read
via "National Vulnerability Database".
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38604 βΌ
π Read
via "National Vulnerability Database".
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32809 βΌ
π Read
via "National Vulnerability Database".
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38599 βΌ
π Read
via "National Vulnerability Database".
WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to encrypt all file activity."π Read
via "National Vulnerability Database".
βΌ CVE-2020-18446 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php.π Read
via "National Vulnerability Database".
β Black Hat: Novel DNS Hack Spills Confidential Corp Data β
π Read
via "Threat Post".
Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53's DNS service and Google Cloud DNS.π Read
via "Threat Post".
Threat Post
Black Hat: Novel DNS Hack Spills Confidential Corp Data
Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53's DNS service and Google Cloud DNS.
βΌ CVE-2021-34534 βΌ
π Read
via "National Vulnerability Database".
Windows MSHTML Platform Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-36938 βΌ
π Read
via "National Vulnerability Database".
Windows Cryptographic Primitives Library Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-36949 βΌ
π Read
via "National Vulnerability Database".
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-37640 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The [reshape functor](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. We have patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1 as this is the other affected version.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36948 βΌ
π Read
via "National Vulnerability Database".
Windows Update Medic Service Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".