βΌ CVE-2021-21840 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the Γ’β¬ΕsaioΓ’β¬οΏ½ FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21850 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the Γ’β¬ΕtrunΓ’β¬οΏ½ FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39136 βΌ
π Read
via "National Vulnerability Database".
baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21841 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22236 βΌ
π Read
via "National Vulnerability Database".
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21849 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the Γ’β¬ΕtfraΓ’β¬οΏ½ FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32975 βΌ
π Read
via "National Vulnerability Database".
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3713 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21842 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
π¦Ώ Want to become a white-hat hacker? Here's what you need to know π¦Ώ
π Read
via "Tech Republic".
Switch to an exciting new tech career as a white-hat hacker. For this training course, you can study on your own time without going into debt.π Read
via "Tech Republic".
TechRepublic
Want to become a white-hat hacker? Here's what you need to know
Switch to an exciting new tech career as a white-hat hacker. For this training course, you can study on your own time without going into debt.
β Cisco Issues Critical Fixes for High-End Nexus Gear β
π Read
via "Threat Post".
Networking giant issues two critical patches and six high-severity patches.π Read
via "Threat Post".
Threat Post
Cisco Issues Critical Fixes for High-End Nexus Gear
Networking giant issues two critical patches and six high-severity patches.
βΌ CVE-2021-37334 βΌ
π Read
via "National Vulnerability Database".
A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could lead to a remote code execution attack and/or arbitrary file deletion.π Read
via "National Vulnerability Database".
β Microsoft Breaks Silence on Barrage of ProxyShell Attacks β
π Read
via "Threat Post".
versions of the software are affected by a spate of bugs under active exploitations.π Read
via "Threat Post".
Threat Post
Microsoft Breaks Silence on Barrage of ProxyShell Attacks
versions of the software are affected by a spate of bugs under active exploitations.
β Podcast: Ransomware Up x10: Disrupting Cybercrime Suppy Chains an Opportunity β
π Read
via "Threat Post".
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinetβs FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021.π Read
via "Threat Post".
Threat Post
Podcast: Ransomware Up x10: Disrupting Cybercrime Suppy Chains an Opportunity
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinetβs FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021.
β S3 Ep47: Daylight robbery, spaghetti trouble, and mousetastic superpowers [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep47: Daylight robbery, spaghetti trouble, and mousetastic superpowers [Podcast]
Latest episode β listen now!
βΌ CVE-2021-3734 βΌ
π Read
via "National Vulnerability Database".
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Framesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-27944 βΌ
π Read
via "National Vulnerability Database".
Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38559 βΌ
π Read
via "National Vulnerability Database".
DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.π Read
via "National Vulnerability Database".
π¦Ώ Tech companies pledge to help toughen US cybersecurity in White House meeting π¦Ώ
π Read
via "Tech Republic".
Apple, Google, Microsoft and others will fund new technologies and training as part of the nation's struggle to combat cyberattacks.π Read
via "Tech Republic".
π Wireshark Analyzer 3.4.8 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.4.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-36352 βΌ
π Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters.π Read
via "National Vulnerability Database".