βΌ CVE-2021-22244 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability dataπ Read
via "National Vulnerability Database".
βΌ CVE-2021-22256 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their statusπ Read
via "National Vulnerability Database".
βΌ CVE-2021-33015 βΌ
π Read
via "National Vulnerability Database".
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22245 βΌ
π Read
via "National Vulnerability Database".
Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to viewπ Read
via "National Vulnerability Database".
βΌ CVE-2021-22237 βΌ
π Read
via "National Vulnerability Database".
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2π Read
via "National Vulnerability Database".
βΌ CVE-2021-21835 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom associated with the Γ’β¬ΕcsgpΓ’β¬οΏ½ FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21848 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the Γ’β¬ΕstszΓ’β¬οΏ½ FOURCC code when parsing atoms that use the Γ’β¬Εstz2Γ’β¬οΏ½ FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22242 βΌ
π Read
via "National Vulnerability Database".
Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdownπ Read
via "National Vulnerability Database".
βΌ CVE-2021-22243 βΌ
π Read
via "National Vulnerability Database".
Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22250 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their accountπ Read
via "National Vulnerability Database".
βΌ CVE-2021-21840 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the Γ’β¬ΕsaioΓ’β¬οΏ½ FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21850 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the Γ’β¬ΕtrunΓ’β¬οΏ½ FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39136 βΌ
π Read
via "National Vulnerability Database".
baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21841 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22236 βΌ
π Read
via "National Vulnerability Database".
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21849 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the Γ’β¬ΕtfraΓ’β¬οΏ½ FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32975 βΌ
π Read
via "National Vulnerability Database".
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3713 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21842 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
π¦Ώ Want to become a white-hat hacker? Here's what you need to know π¦Ώ
π Read
via "Tech Republic".
Switch to an exciting new tech career as a white-hat hacker. For this training course, you can study on your own time without going into debt.π Read
via "Tech Republic".
TechRepublic
Want to become a white-hat hacker? Here's what you need to know
Switch to an exciting new tech career as a white-hat hacker. For this training course, you can study on your own time without going into debt.
β Cisco Issues Critical Fixes for High-End Nexus Gear β
π Read
via "Threat Post".
Networking giant issues two critical patches and six high-severity patches.π Read
via "Threat Post".
Threat Post
Cisco Issues Critical Fixes for High-End Nexus Gear
Networking giant issues two critical patches and six high-severity patches.