‼ CVE-2021-39139 ‼
📖 Read
via "National Vulnerability Database".
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39146 ‼
📖 Read
via "National Vulnerability Database".
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39140 ‼
📖 Read
via "National Vulnerability Database".
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39152 ‼
📖 Read
via "National Vulnerability Database".
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39151 ‼
📖 Read
via "National Vulnerability Database".
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39145 ‼
📖 Read
via "National Vulnerability Database".
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39150 ‼
📖 Read
via "National Vulnerability Database".
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39153 ‼
📖 Read
via "National Vulnerability Database".
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.📖 Read
via "National Vulnerability Database".
🦿 Trend Micro's Linux Threat Report identifies the most vulnerable distributions and biggest security headaches 🦿
? Read
via "Tech Republic".
Analysts reviewed 13 million security incidents and found that end-of-life versions of Linux distributions were at the biggest risk.? Read
via "Tech Republic".
TechRepublic
Trend Micro's Linux Threat Report identifies the most vulnerable distributions and biggest security headaches
Analysts reviewed 13 million security incidents and found that end-of-life versions of Linux distributions were at the biggest risk.
🦿 How to create a hidden, nearly undeletable folder in Windows 10 🦿
? Read
via "Tech Republic".
It is possible to hide sensitive folders and files from prying eyes in File Explorer using a few attribute settings. We show you how to hide folders and prevent their accidental deletion.? Read
via "Tech Republic".
TechRepublic
How to create a hidden, nearly undeletable folder in Windows 10
It is possible to hide sensitive folders and files from prying eyes in File Explorer using a few attribute settings. We show you how to hide folders and prevent their accidental deletion.
‼ CVE-2021-39158 ‼
? Read
via "National Vulnerability Database".
NVCaffe's python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe.? Read
via "National Vulnerability Database".
‼ CVE-2021-22252 ‼
? Read
via "National Vulnerability Database".
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers? Read
via "National Vulnerability Database".
‼ CVE-2020-18734 ‼
? Read
via "National Vulnerability Database".
A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.? Read
via "National Vulnerability Database".
‼ CVE-2020-18735 ‼
? Read
via "National Vulnerability Database".
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.? Read
via "National Vulnerability Database".
‼ CVE-2021-22449 ‼
? Read
via "National Vulnerability Database".
There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device.? Read
via "National Vulnerability Database".
‼ CVE-2020-18731 ‼
? Read
via "National Vulnerability Database".
A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).? Read
via "National Vulnerability Database".
‼ CVE-2021-22248 ‼
? Read
via "National Vulnerability Database".
Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only? Read
via "National Vulnerability Database".
‼ CVE-2021-22251 ‼
? Read
via "National Vulnerability Database".
Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings? Read
via "National Vulnerability Database".
‼ CVE-2021-22249 ‼
? Read
via "National Vulnerability Database".
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group? Read
via "National Vulnerability Database".
‼ CVE-2021-22253 ‼
? Read
via "National Vulnerability Database".
Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed? Read
via "National Vulnerability Database".
‼ CVE-2021-22328 ‼
? Read
via "National Vulnerability Database".
There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800.? Read
via "National Vulnerability Database".