βΌ CVE-2021-21849 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the Γ’β¬ΕtfraΓ’β¬οΏ½ FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32975 βΌ
π Read
via "National Vulnerability Database".
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3713 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21842 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
π¦Ώ Want to become a white-hat hacker? Here's what you need to know π¦Ώ
π Read
via "Tech Republic".
Switch to an exciting new tech career as a white-hat hacker. For this training course, you can study on your own time without going into debt.π Read
via "Tech Republic".
TechRepublic
Want to become a white-hat hacker? Here's what you need to know
Switch to an exciting new tech career as a white-hat hacker. For this training course, you can study on your own time without going into debt.
β Cisco Issues Critical Fixes for High-End Nexus Gear β
π Read
via "Threat Post".
Networking giant issues two critical patches and six high-severity patches.π Read
via "Threat Post".
Threat Post
Cisco Issues Critical Fixes for High-End Nexus Gear
Networking giant issues two critical patches and six high-severity patches.
βΌ CVE-2021-37334 βΌ
π Read
via "National Vulnerability Database".
A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could lead to a remote code execution attack and/or arbitrary file deletion.π Read
via "National Vulnerability Database".
β Microsoft Breaks Silence on Barrage of ProxyShell Attacks β
π Read
via "Threat Post".
versions of the software are affected by a spate of bugs under active exploitations.π Read
via "Threat Post".
Threat Post
Microsoft Breaks Silence on Barrage of ProxyShell Attacks
versions of the software are affected by a spate of bugs under active exploitations.
β Podcast: Ransomware Up x10: Disrupting Cybercrime Suppy Chains an Opportunity β
π Read
via "Threat Post".
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinetβs FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021.π Read
via "Threat Post".
Threat Post
Podcast: Ransomware Up x10: Disrupting Cybercrime Suppy Chains an Opportunity
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinetβs FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021.
β S3 Ep47: Daylight robbery, spaghetti trouble, and mousetastic superpowers [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep47: Daylight robbery, spaghetti trouble, and mousetastic superpowers [Podcast]
Latest episode β listen now!
βΌ CVE-2021-3734 βΌ
π Read
via "National Vulnerability Database".
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Framesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-27944 βΌ
π Read
via "National Vulnerability Database".
Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38559 βΌ
π Read
via "National Vulnerability Database".
DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.π Read
via "National Vulnerability Database".
π¦Ώ Tech companies pledge to help toughen US cybersecurity in White House meeting π¦Ώ
π Read
via "Tech Republic".
Apple, Google, Microsoft and others will fund new technologies and training as part of the nation's struggle to combat cyberattacks.π Read
via "Tech Republic".
π Wireshark Analyzer 3.4.8 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.4.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-36352 βΌ
π Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32076 βΌ
π Read
via "National Vulnerability Database".
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the Γ’β¬ΕWeb Help Desk Getting Started WizardΓ’β¬οΏ½, especially the admin account creationpage, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.π Read
via "National Vulnerability Database".
π¦Ώ Google and mobile operating systems top list of privacy concerns, says Kaspersky π¦Ώ
π Read
via "Tech Republic".
Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture.π Read
via "Tech Republic".
TechRepublic
Google and mobile operating systems top list of privacy concerns, says Kaspersky
Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture.
β F5 Bug Could Lead to Complete System Takeover β
π Read
via "Threat Post".
The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode.π Read
via "Threat Post".
Threat Post
F5 Bug Could Lead to Complete System Takeover
The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode.
βΌ CVE-2021-40147 βΌ
π Read
via "National Vulnerability Database".
EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.π Read
via "National Vulnerability Database".
π¦Ώ How to create locally signed SSL certificates with mkcert π¦Ώ
π Read
via "Tech Republic".
If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. Jack Wallen shows you how to use this handy tool.π Read
via "Tech Republic".
TechRepublic
How to create locally signed SSL certificates with mkcert
If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. Jack Wallen shows you how to use this handy tool.