βΌ CVE-2021-37714 βΌ
π Read
via "National Vulnerability Database".
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0408 βΌ
π Read
via "National Vulnerability Database".
In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489195; Issue ID: ALPS05489220.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0419 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336713.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21862 βΌ
π Read
via "National Vulnerability Database".
Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption The implementation of the parser used for the Γ’β¬ΕXtraΓ’β¬οΏ½ FOURCC code is handled. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37358 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=".π Read
via "National Vulnerability Database".
βΌ CVE-2021-0627 βΌ
π Read
via "National Vulnerability Database".
In OMA DRM, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722434; Issue ID: ALPS05722434.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37702 βΌ
π Read
via "National Vulnerability Database".
Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0417 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0416 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0626 βΌ
π Read
via "National Vulnerability Database".
In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687510; Issue ID: ALPS05687510.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18746 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php".π Read
via "National Vulnerability Database".
βΌ CVE-2021-21867 βΌ
π Read
via "National Vulnerability Database".
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0420 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381065.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0418 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21868 βΌ
π Read
via "National Vulnerability Database".
A unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0628 βΌ
π Read
via "National Vulnerability Database".
In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722454; Issue ID: ALPS05722454.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21781 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a processΓ’β¬β’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11π Read
via "National Vulnerability Database".
βΌ CVE-2021-38710 βΌ
π Read
via "National Vulnerability Database".
Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITE_NAME parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0407 βΌ
π Read
via "National Vulnerability Database".
In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659.π Read
via "National Vulnerability Database".
π¦Ώ The top 3 cryptocurrency scams of 2021 π¦Ώ
π Read
via "Tech Republic".
Kaspersky says that fake exchanges, fake mining hardware and wallet phishing are the most popular crypto scams of the year, many of which it said have a higher-than-usual level of detail.π Read
via "Tech Republic".
TechRepublic
The top 3 cryptocurrency scams of 2021
Kaspersky says that fake exchanges, fake mining hardware and wallet phishing are the most popular crypto scams of the year, many of which it said have a higher-than-usual level of detail.
β Video surveillance network hacked by researchers to hijack footage β
π Read
via "Naked Security".
Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online...π Read
via "Naked Security".
Naked Security
Video surveillance network hacked by researchers to hijack footage
Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you onlineβ¦