βΌ CVE-2021-0627 βΌ
π Read
via "National Vulnerability Database".
In OMA DRM, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722434; Issue ID: ALPS05722434.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37702 βΌ
π Read
via "National Vulnerability Database".
Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0417 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0416 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0626 βΌ
π Read
via "National Vulnerability Database".
In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687510; Issue ID: ALPS05687510.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18746 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php".π Read
via "National Vulnerability Database".
βΌ CVE-2021-21867 βΌ
π Read
via "National Vulnerability Database".
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0420 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381065.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0418 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21868 βΌ
π Read
via "National Vulnerability Database".
A unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0628 βΌ
π Read
via "National Vulnerability Database".
In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722454; Issue ID: ALPS05722454.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21781 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a processΓ’β¬β’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11π Read
via "National Vulnerability Database".
βΌ CVE-2021-38710 βΌ
π Read
via "National Vulnerability Database".
Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITE_NAME parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0407 βΌ
π Read
via "National Vulnerability Database".
In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659.π Read
via "National Vulnerability Database".
π¦Ώ The top 3 cryptocurrency scams of 2021 π¦Ώ
π Read
via "Tech Republic".
Kaspersky says that fake exchanges, fake mining hardware and wallet phishing are the most popular crypto scams of the year, many of which it said have a higher-than-usual level of detail.π Read
via "Tech Republic".
TechRepublic
The top 3 cryptocurrency scams of 2021
Kaspersky says that fake exchanges, fake mining hardware and wallet phishing are the most popular crypto scams of the year, many of which it said have a higher-than-usual level of detail.
β Video surveillance network hacked by researchers to hijack footage β
π Read
via "Naked Security".
Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online...π Read
via "Naked Security".
Naked Security
Video surveillance network hacked by researchers to hijack footage
Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you onlineβ¦
β T-Mobile: >40 Million Customersβ Data Stolen β
π Read
via "Threat Post".
Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection.π Read
via "Threat Post".
Threat Post
T-Mobile: >40 Million Customersβ Data Stolen
Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection.
βΌ CVE-2021-23425 βΌ
π Read
via "National Vulnerability Database".
All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39283 βΌ
π Read
via "National Vulnerability Database".
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23069 βΌ
π Read
via "National Vulnerability Database".
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28146 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.π Read
via "National Vulnerability Database".